• Downloads
• Example: Identifying Services That Use Nonstandard Ports    

• Related Topics
• Profiler Overview
• Profiler Task Summary

Example: Identifying Services That Use Nonstandard Ports

Suppose you want to identify traffic that uses nonstandard ports so that you can take the appropriate security measures, such as physically removing the unauthorized network components, accounting for nonstandard ports in your existing corporate security policy, or creating rules in your security policy to restrict the traffic to specific network components.

To display a view of traffic that uses nonstandard ports:

1. In the NSM navigation tree, select Investigate > Security Monitor > Profiler to display the Profiler viewer.
2. Click the Violation Viewer tab.
3. Click the + icon that appears on the top of the right-hand window to display the New Permitted Object window.
4. For this example, name the new permitted object Non-Standard-Ports.
5. Right-click the Service column and select Add Service.
6. Select all predefined services.
7. Click OK.

   After you have created and saved the permitted object, the object automatically becomes available in the Profiler.

8. Select the new permitted object Non-Standard-Ports.

   The Profiler uses the object to filter the data collected from the devices. Traffic that matches the object (uses a standard service port) is filtered out, leaving only the traffic that does not match (uses a nonstandard service port).

9. Review the data for all traffic on your network that uses nonstandard service ports and take appropriate action.