IP module: Difference between revisions

The connection tabs lists all connections which involves the current IP. The button rows allow to select which kind of information should be shown.

The table lists the client and server side and shows the IP address, port, and corresponding country of that IP.

The layer 4 protocol is the protocol of the layer 4 protocol used (TCP, UDP, or others).

The start time is the time of the first packet for that connection, while the last activity column shows the time of the last packet seen so far for the connection. It is possible to sort for both fields to see the most recent active connections.

The number of packets and bytes as well as the current throughput is shown too.

The DPI protocol column shows the detect layer 7 protocol.

The Response time column contains response times for TCP and the maximum HTTP response for HTTP connections, or the SSL response times for SSL connections.

The column also contains a score for this connection and this IP, based on the average response times of the server.  

See HTTP module and SSL module for additional information.

When sorting the column and more than one time value is shown in a field, the maximum of all time values of that field is taken into account.

The TCP retransmissions columns shows the number of bytes that have been retransmitted on TCP layer because of packet loss.

High percentage indicate connection problems for this communication pair.

The TCP max window size columns show the size of the biggest TCP receive window announced for each direction of a connection.

The TCP window size limit columns show the maximum possible value that could be used for the TCP receive window size.

This is calculated from the announced TCP window scale option for each direction of a connection.

The raw window scale (ws) shift count value is displayed in parentheses next to the byte value.

The TCP window size limit usage columns show the ratio of the TCP max window size values compared to the TCP window size limit values in percent.

The Client announced and negotiated TLS version and cipher suites columns shows the TLS versions and all supported cipher suites announced by the client during a SSL client hello.

In the negotiated columns the currently used TLS version and cipher suite is shown as indicated by the SSL server hello.  

As the client announced cipher suite list can be quite long, it is possible expand or minimize the list by click on it.

The column Meta data may contain additional information that could be retrieved depending on the protocol.  

For instance, for HTTP traffic this column shows the request URL and response code for the last transaction seen in the corresponding connection.

The columns VLANs and Interfaces shows which VLAN tags has been seen for a specific connection and at which interface the connection has been established.

This is especially helpful in bridge mode to determine at which side of link the connection has been established.

The column MPLS shows all seen MPLS labels for every direction of the connection. The full label stack is shown.