NetFort Advertising

Get an alert when certain traffic is found on the network

Custom reports and alerts associated certain protocols

We just received this interesting request into our support desk “Is it possible to get an alert when certain traffic is found on the network. For example when TFTP or FTP is used we get an email“. IT professionals want to know when there is suspicious traffic moving around their networks. Sometimes this is because of data exfiltration use cases and in others it is down to quickly identifying when external hosts are accessing data on the LAN or WAN.

Content based application recognition

LANGuardian uses a feature called content based application recognition to identify what applications are running on a network. This is more accurate than technologies which use TCP\UDP port numbers to label network traffic. LANGuardian identifies applications by looking at packet payloads so if an application uses a non standard port number it is still detected.

Creating custom reports to focus on certain applications

Before you can configure application alerting you first need to create a report focuses on a specific application. Logon to your LANGuardian web console and click on the All Reports menu. Select the More option under the Applications section.

Report on protocols
  • Click on the report Top Talkers by Application.
  • Click on Show More link which exposes the full set of report filters on the right.
  • From the protocol drop-down, select the application that you want to focus on. For my example I am going to choose HTTP.
  • Run the report to check for any network activity associated with that application.
  • As per the image below, click on the Actions option and choose Save As. Type in an appropriate report name and save your custom report.

Get an alert when certain traffic is found on the network

Once you have the report saved you can then configure alerting if traffic associated with the report filters is detected. To enable this you need to:

  • Click on gear symbol top right and select settings
  • From the Alerts, Reports section select Email and alerts configuration
  • Click on Report Wizard
  • Scroll down to the custom section and select every 2 hours from the Send Alert drop down

Repeat the process for each application that you want to get an alert on. Your LANGuardian will run each report automatically every two hours. If activity is detected an alert is sent.