When creating an Application Definitions in Network Flow Analysis you need to specify a Destination Port that is ideally between 65000-65535 to map the Custom Application mapping to so that the port doesn't overlap with a port already seen by NFA.  You can use ports under 65000, so long as they have not been seen by another application in NFA, but NFA will not allow you to go over 65535.

How can I find available Destination Ports to use for Application Definitions?

NFA

1. Download the attached portRange.sql file and copy it to your NFA Console server.

2. On the NFA Console server open a command prompt to the directory where you copied portRange.sql file and run:

     mysql reporter < portRange.sql

3. Then login to mysql with:

     mysql reporter

4. Then run the query below where will return a list of ports between 65000-65535 that have not been used as part of an Application Definition that can be used as the Destination Port in a new Application Definition.

      mysql -D reporter -t -e "select id from portrange where id not in(select newport from application_mappings);" > AvailablePorts.sql