Live filtering of tables

From Allegro Packets Product Wiki
Jump to navigation Jump to search

General

Multiple measuring statistics show all entries in tables with different columns for all measured values, which can be sorted individually.

Since often there are a lot of entries, the Allegro Network Multimeter allows for filtering those tables to quickly find the relevant information.

All search text areas show a hint about for what kind of information the table can be filtered. Once entered, the table is updated immediately while still updating the measured values for the visible entries.

This live filtering allows for viewing live data only for the entries that are currently important for the investigation of a network problem.

Single word matching

It is always possible the enter a single word for filtering.

In this case the Allegro Network Multimeter will match any possible field for the given text.

For instance, in the IP statistics, the IP will be matched if an number representation is entered, possibly with a subnet mask length (1.2.3.4/8).

The known list of alternative names are also matched so it is possible to enter a host name and the list will show only those entries which contain the string in there DHCP name, DNS name, HTTP name, or any other name field.

Complex filter expressions

Some tables allow for using more complex expressions for flexible live filtering.

If filter expressions are supported, the hint text in the search area indicates that by telling that the entered string must start with an open parenthesis (.

In this mode it is possible to enter expressions in the form of keyword == value.

The keyword depends on the actual context of the search field, often name, ip, or packets is possible.

The web interface will give hints about all possible keywords in the current context which usually directly correlate with the available columns.

Also, the comparison operator can be == or != for equal or unequal compare, but for numbers <, >=, etc can be used too.

Multiple expressions can be combined with boolean operators and or or (or equivalent && / ||). Also, parentheses can be used to enter even more complex expressions.

Examples

  1. Show all IPs with at least 100 packets, that have been active within the last minute:
    (packets > 100 and lasttime < 60)
  2. Show all IPs that showed up not more than 24 hours ago and have an associated name of alice or bob:
    ( (firsttime < 86400 and ( name == alice or name == bob ))
    86400 is the number of seconds in 24 hours (24 * 60 * 60)

Notes

  • It is possible to enter values in quotes if they contain reserved characters used for the expressions (<,=,&,(, etc).
  • Under the search text area, the interface will show all valid values for the last element entered in the expression.
  • A green check mark indicates if the entered expression has been successfully parsed.

Available keywords

The available keywords vary depending on the web interface section.

The web interface will always show the available keywords in the specific context. The following table contains all keywords:

Keyword Description
name any name information (DNS,DHCP,SSL,HTTP,custom names, etc)
category the category of a custom name
ip the IP address of the client or server side
ipgroup the name(s) of the matching IP groups if configured
clientip the IP address of the client
serverip the IP address of the server
packets the number packets (receive and transmitted combined)
rxpackets the number of received packets
txpackets the number of transmitted packets
clientpackets the number of packets sent by the client
serverpackets the number of packets sent by the server
bytes the number of bytes (receive and transmitted combined)
rxbytes the number of received bytes
txbytes the number of transmitted bytes
clientbytes the number of bytes sent by the client
serverbytes the number of bytes sent by the server
pps the packets per second value
bps the bits per second value
firsttime the time of the first activity
lasttime the time of the last activity
tcppackets the number of TCP packets (receive and transmitted combined)
udppackets the number of UDP packets (receive and transmitted combined)
tcppayload the amount of bytes processed as TCP payload
tcpRetrans the amount of payload bytes retransmitted
tcpRetransRx the amount of received payload bytes retransmitted
tcpRetransTx the amount of transmitted payload bytes retransmitted
tcpRetransClient the amount of client payload bytes retransmitted
tcpRetransServer the amount of server payload bytes retransmitted
mac the MAC address of the client or server
port the layer 4 port of the client or server (a number or range)
clientport the layer 4 port of the client
serverport the layer 4 port of the server
l4protocol the layer 4 protocol name (tcp, udp, icmp, etc)
l7protocol the layer 7 protocol name (http, dns, etc)
tcpend the ending reason of a TCP connection (open, fin, rst, timeout)
tcpstate the state of a TCP connection (valid, invalid, unknown)
tcpclienthandshake the TCP handshake time in milliseconds for the client (time to answer the server's syn packet)
tcpserverhandshake the TCP handshake time in milliseconds for the server (time to answer the client's syn packet)
tcpdataresponse the max TCP data response time in milliseconds of the connection (any direction)
httpresponse the HTTP response time for a request
httpstatus the HTTP status code of the response
sslhandshake the SSL handshake time (time for the server to answer the SSL setup)
packetratio the client/server packet ratio as a floating point number
vlan the VLAN tag (a tag or 'none'), both outer and inner VLAN will be considered
outervlan the outer VLAN tag (a tag or 'none')
innervlan the inner VLAN tag (a tag or 'none')
interface the interface ID (a number or a range)
validconnections the number of valid TCP connections
invalidconnections the number of invalid TCP connections
profinetFrameId the number of a Profinet frame ID
minCallerJitter the minimum jitter of the caller as a floating point number
avgCallerJitter the average jitter of the caller as a floating point number
maxCallerJitter the maximum jitter of the caller as a floating point number
minCalleeJitter the minimum jitter of the callee as a floating point number
avgCalleeJitter the average jitter of the callee as a floating point number
maxCalleeJitter the maximum jitter of the callee as a floating point number
minJitter the minimum jitter of the caller or callee as a floating point number
avgJitter the average jitter of the caller or callee as a floating point number
maxJitter the maximum jitter of the caller or callee as a floating point number
minCallerMos the minimum MOS of the caller as a floating point number
avgCallerMos the average MOS of the caller as a floating point number
maxCallerMos the maximum MOS of the caller as a floating point number
minCalleeMos the minimum MOS of the callee as a floating point number
avgCalleeMos the average MOS of the callee as a floating point number
maxCalleeMos the maximum MOS of the callee as a floating point number
minMos the minimum MOS of the caller or callee as a floating point number
avgMos the average MOS of the caller or callee as a floating point number
maxMos the maximum MOS of the caller or callee as a floating point number
statusCode the number of a status code
mpls the MPLS label (a label or 'none'), both outer and inner MPLS label will be considered
outermpls the outer MPLS label (a label or 'none')
innermpls the inner MPLS label (a label or 'none')
qos Filter for presence or absence of QoS. May be 'any' or 'none'.
qosIpDscp the DSCP value in the IP header
qosMplsTc the traffic class value in the outermost MPLS label stack entry
qosVlanPcp the priority code point in the outermost VLAN tag
usedCipherSuite the negotiated SSL/TLS cipher suite name
pppoeSessionId the PPPoE session ID (in hexadecimal or decimal representation)
mtu the MTU value in bytes
rxMtu the MTU value of the RX direction in bytes
txMtu the MTU value of the TX direction in bytes
clientMtu the MTU value of the sent direction of the client in bytes
serverMtu the MTU value of the sent direction of the server in bytes
callId the string value of a SIP call ID or similar identifier (e.g. P-Palladion-ID)
dnsresponse the DNS response time (for DNS connections)
dnsstatus matches DNS response status (either a DNS reply code, e.g, 0 for success, or noanswer for unanswered DNS connections
dnsname the requested DNS name
callerRtpPacketLoss the amount of lost packets of the RTP flow of the caller
calleeRtpPacketLoss the amount of lost packets of the RTP flow of the callee
rtpPacketLoss the amount of lost packets of the RTP flow of the caller or callee
callerRtpPayloadType the payload type of the RTP flow of the caller as a string, will match also parts of the name e.g. G.711
calleeRtpPayloadType the payload type of the RTP flow of the callee as a string, will match also parts of the name e.g. G.711
rtpPayloadType the payload type of the RTP flow of the caller or callee as a string, will match also parts of the name e.g. G.711
duration the duration of a connection or a SIP call, amount of seconds
sipQos Filter for presence or absence of QoS in SIP calls. May be 'any' or 'none'.
sipQosIpDscp the DSCP value in the IP header of SIP packets
sipQosMplsTc the traffic class value in the outermost MPLS label stack entry of SIP packets
sipQosVlanPcp the priority code point in the outermost VLAN tag of SIP packets
rtpQos Filter for presence or absence of QoS in RTP streams. May be 'any' or 'none'.
rtpQosIpDscp the DSCP value in the IP header of RTP packets
rtpQosMplsTc the traffic class value in the outermost MPLS label stack entry of RTP packets
rtpQosVlanPcp the priority code point in the outermost VLAN tag of RTP packets
tcpZeroWindow the number of TCP zero window packets
tcpZeroWindowRx the number of TCP zero window packets in RX direction
tcpZeroWindowTx the number of TCP zero window packets in TX direction
tcpZeroWindowClient the number of TCP zero window packets of the client
tcpZeroWindowServer the number of TCP zero window packets of the server
tcpWindowSize the value of the announced TCP window size in bytes
tcpWindowSizeClient the value of the announced TCP window size of the client in bytes
tcpWindowSizeServer the value of the announced TCP window size of the server in bytes
tcpUsedWindowSize the value of the actual used TCP window in bytes
tcpUsedWindowSizeClient the value of the actual used TCP window of the client in bytes
tcpUsedWindowSizeServer the value of the actual used TCP window of the server in bytes
tcpSyn the number of TCP SYN packets
tcpSynClient the number of TCP SYN packets of the client
tcpSynServer the number of TCP SYN packets of the server
tcpSynAck the number of TCP SYN-ACK packets
tcpSynAckClient the number of TCP SYN-ACK packets of the client
tcpSynAckServer the number of TCP SYN-ACK packets of the server
tcpRst the number of TCP RST packets
tcpRstClient the number of TCP RST packets of the client
tcpRstServer the number of TCP RST packets of the server
tcpFin the number of TCP FIN packets
tcpFinClient the number of TCP FIN packets of the client
tcpFinServer the number of TCP FIN packets of the server