I am relatively new to SW although I have been using the system for ~ a year probably once or so a week and I have taken the SW Security Operations and Network Operations training.
My question is this: I do not understand how to effectively create filters, specifically there are filters for "Server Services", "Server Applications", "Client Services", "Client Applications" (and this is just within the "Host Information" view). If I am creating a flow table - I also can do it by port and protocol.
Why would I use one over the other?
Specifically - I want to find all the systems that provide DNS services (i.e. listen on UDP or TCP port 53 and provide name resolution).
I get *vastly* different results when I choose "Server Services" "dns or dnstcp" than when I choose "Server Applications" and choose "DNS or DNS (unclassified"
I have looked through the documentation and it is not at all clear what the difference is that SW is doing behind the scenes.
Thank you!
Jim H.