Netflow Traffic Questions

I recently got Solarwinds Netflow up and running monitoring 3 of our Main Routers from different sites.  I noticed a large slice of the top applications showed up as "Unmonitored" traffic.  Upon drilling down to what this traffic is, I noticed several of the following:

Polestar (port 1060)
de-noc (port 1254)
Murray (port 1123)
BVT Sonar Service (port 1149)

I'm unable to find any decent information about these googling around.  Can anyone explain to me what these are, what uses them, and if they are something to be concerned about?

Thanks,
LVL 1
gedcgeneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
More than likely they are nothing to worry about.  Those are the service names that are associated/registered for those ports.

The problem is that all of those ports are greater that 1023.  Port numbers 1-1023 are normally used as the port server services listen on.  These are called the well known ports.

Ports 1024 and above are generally used by clients to connect to servers and are assigned when the client software (like a web browser) opens connection.   These are called the high ports.

Originally server services were only supposed to use ports 1-1023 to listen on.  However there fairly quickly people came up with more that 1023 services to use and so high ports started to get assigned.

The problem you have is that for some protocols there are two connections, a "command control" connection and a "data service" connection.  Say like passive FTP transfers.  So when you have a protocol, like ftp, both ends will have randomly assigned "high ports."  Which could be any port number, which could match a high port and thus LOOK like a service that is defined.

My guess is that you don't have servers running these services, that you have a function, like ftp, were both sides open up random high ports.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.