Service Discovery

In Netography Fusion, Service Discovery is treated as a"scanless port scan" that shows the observed ports and associated services in your traffic.

The top part of the Service Discovery page contains the NQL Query field that allows to create, save, and search for your specified NQL statement. The arrows on the right of this field also allow 2 options:

1. Populating the form with current values from the Global Filters
2. Pushing your form search values to the Global Filters form fields

The default populated NQL statement looks for clients talking to servers on well known ports and filter by assumed connected devices:

(protocolint == 6 && tcpflags.syn == true && tcpflags.ack == true && srcport > 1024) || (protocolint == 17 && srcport > 1024)

The result table sorts the dstip, label.ip.name.dst, dstport, label.port.name.dst, protocolint, bits, flows, and packets by default.

You can expand each horizontal result entry by click the right triangle on the target entry. If the target entry has multiple labels applied to to label.ip.name.dst and/or label.port.name.dst, you can also drill down and see the quantity mapped to the corresponding labels.

The recent screen view and layout can be exported in CSV format and also configured on the hamburger button under the Service Discovery page heading.