340
edits
IP module: Difference between revisions
no edit summary
No edit summary |
|||
| Line 2: | Line 2: | ||
For every address, the corresponding network traffic is accounted, the used protocols and their individual traffic. | For every address, the corresponding network traffic is accounted, the used protocols and their individual traffic. | ||
The communication peers are stored as well as the traffic between both IP addresses. Every connection and its amount of traffic and the protocol can be accessed too. | The communication peers are stored as well as the traffic between both IP addresses. Every connection and its amount of traffic and the protocol can be accessed too. | ||
== Web interface == | == Web interface == | ||
| Line 16: | Line 15: | ||
By clicking on '''Counters (combined)''' the table toggles between sent and received bytes and packets displayed in either one column or in separate columns for sorting purposes. | By clicking on '''Counters (combined)''' the table toggles between sent and received bytes and packets displayed in either one column or in separate columns for sorting purposes. | ||
For each address, the table contains the following information: | For each address, the table contains the following information: | ||
* Alternative names | * Alternative names | ||
| Line 22: | Line 20: | ||
:These three names allow to easily identify the system behind an IP address. | :These three names allow to easily identify the system behind an IP address. | ||
:The name information are also used when filtering the table for some entered string. | :The name information are also used when filtering the table for some entered string. | ||
* First (recent) activity | * First (recent) activity | ||
:This column shows the time of first activity of an IP address after some long inactivity period. This columns can be sorted to see the IP addresses that are active in the recent past. | :This column shows the time of first activity of an IP address after some long inactivity period. This columns can be sorted to see the IP addresses that are active in the recent past. | ||
* Last activity | * Last activity | ||
:The last activity of an IP is the time of the last packet for that IP. | :The last activity of an IP is the time of the last packet for that IP. | ||
* Packets and Bytes | * Packets and Bytes | ||
:This is the number of packets and bytes, sent by the IP address as a blue arrow up, and the received packets and bytes as a yellow arrow down. | :This is the number of packets and bytes, sent by the IP address as a blue arrow up, and the received packets and bytes as a yellow arrow down. | ||
* Packets/s and Bit/s | |||
* Packets/s and | |||
:These both numbers describe the current throughput of this IP address. | :These both numbers describe the current throughput of this IP address. | ||
| Line 44: | Line 38: | ||
* TCP packets and UDP packets | * TCP packets and UDP packets | ||
:This is the number of TCP and UDP packets that have been seen for this IP. | :This is the number of TCP and UDP packets that have been seen for this IP. | ||
* TCP payload and retransmissions | * TCP payload and retransmissions | ||
:These two columns show the number of bytes transmitted as TCP payload and how many bytes have been retransmitted, indicating a bad connection quality. | :These two columns show the number of bytes transmitted as TCP payload and how many bytes have been retransmitted, indicating a bad connection quality. | ||
* Graph | * Graph | ||
:The graph column shows the history graph of the traffic for each IP address. It shows the timestamp on the x-axis and the bytes on the y-axis. The resolution can be changed by using the control buttons on the top of the web page. The graph icon allows for selecting different graph types such as load (bps or packets/s), TCP statistics or connections. | :The graph column shows the history graph of the traffic for each IP address. It shows the timestamp on the x-axis and the bytes on the y-axis. The resolution can be changed by using the control buttons on the top of the web page. The graph icon allows for selecting different graph types such as load (bps or packets/s), TCP statistics or connections. | ||
* PCAP | * PCAP | ||
:It is possible to download the traffic of an IP address by clicking on the download button. The captured packets are not stored on the system but they are directly sent over the HTTP connection to your computer. | :It is possible to download the traffic of an IP address by clicking on the download button. The captured packets are not stored on the system but they are directly sent over the HTTP connection to your computer. | ||
:To stop capture, click on the same button again (which turned to a STOP symbol), or go to the capture traffic page in the generic section and stop the corresponding download. | :To stop capture, click on the same button again (which turned to a STOP symbol), or go to the capture traffic page in the generic section and stop the corresponding download. | ||
When multiple pages are available, there will be a control field for switching pages. | When multiple pages are available, there will be a control field for switching pages. | ||
| Line 66: | Line 56: | ||
Below the table a CSV download button provides the ability to download the whole table contents in CSV format. | Below the table a CSV download button provides the ability to download the whole table contents in CSV format. | ||
Sorting and filtering are applied as selected for the table but all IPs in the table are exported, not only the currently visible page. | Sorting and filtering are applied as selected for the table but all IPs in the table are exported, not only the currently visible page. | ||
=== IP groups tab === | === IP groups tab === | ||
| Line 78: | Line 67: | ||
For example, if IP groups are defined for multiple data center locations (each having a different IP subnet), the name of the data center is visible for each IP address in its subnet. | For example, if IP groups are defined for multiple data center locations (each having a different IP subnet), the name of the data center is visible for each IP address in its subnet. | ||
Filtering for those names is also possible in the IP list to be able to find IP addresses. | Filtering for those names is also possible in the IP list to be able to find IP addresses. | ||
==== Configuration ==== | ==== Configuration ==== | ||
| Line 100: | Line 88: | ||
IP groups may overlap which means that an IP address is allowed to be part of multiple groups. | IP groups may overlap which means that an IP address is allowed to be part of multiple groups. | ||
The traffic counters for that IP will be accounted for all matching groups so the total sum of the traffic of those groups will be higher than the sum of the individual IPs. | The traffic counters for that IP will be accounted for all matching groups so the total sum of the traffic of those groups will be higher than the sum of the individual IPs. | ||
==== Available statistics ==== | ==== Available statistics ==== | ||
| Line 113: | Line 100: | ||
Capturing traffic for a group will capture the network traffic of all IP addresses within this group. | Capturing traffic for a group will capture the network traffic of all IP addresses within this group. | ||
=== Global IP statistics tab === | === Global IP statistics tab === | ||
| Line 127: | Line 113: | ||
To stop capture, click on the same button again (which turned to a STOP symbol), or go to the capture traffic page in the generic section and stop the corresponding download. | To stop capture, click on the same button again (which turned to a STOP symbol), or go to the capture traffic page in the generic section and stop the corresponding download. | ||
=== Top IP statistics === | |||
On this page pie charts are shown with the top 10 sending and receiving IP addresses. By clicking on a pie chart section the related IP detail page is opened. | |||
=== Per IP statistics === | === Per IP statistics === | ||
| Line 137: | Line 126: | ||
Below the buttons there are two graphs for the packets and bytes sent and received by the IP address. | Below the buttons there are two graphs for the packets and bytes sent and received by the IP address. | ||
The third section contains six tabs for various information about the selected IP. | The third section contains six tabs for various information about the selected IP. | ||
==== Overview tab ==== | ==== Overview tab ==== | ||
| Line 158: | Line 146: | ||
The displayed interface always considers the sender side of an IP connection. | The displayed interface always considers the sender side of an IP connection. | ||
This information helps especially in bridge mode to determine at which side of an link the IP address is visible as sender of packets. | This information helps especially in bridge mode to determine at which side of an link the IP address is visible as sender of packets. | ||
==== Layer 3 QoS tab ==== | ==== Layer 3 QoS tab ==== | ||
| Line 165: | Line 152: | ||
Several traffic counters are displayed and a history graph of the traffic over time. A PCAP button allows for capturing the specific QoS tagged traffic for that IP. | Several traffic counters are displayed and a history graph of the traffic over time. A PCAP button allows for capturing the specific QoS tagged traffic for that IP. | ||
By clicking on the shown DSCP class name you will be redirected to the '''Connection''' tab with a filter active that only shows connections for that specific DSCP value. | By clicking on the shown DSCP class name you will be redirected to the '''Connection''' tab with a filter active that only shows connections for that specific DSCP value. | ||
==== Layer 2 QoS tab ==== | ==== Layer 2 QoS tab ==== | ||
| Line 173: | Line 159: | ||
A PCAP button allows for capturing the specific QoS tagged traffic for that IP. | A PCAP button allows for capturing the specific QoS tagged traffic for that IP. | ||
By clicking on the shown QoS class name you will be redirected to the '''Connection''' tab with a filter active that only shows connections for that specific QoS. | By clicking on the shown QoS class name you will be redirected to the '''Connection''' tab with a filter active that only shows connections for that specific QoS. | ||
==== Protocols tab ==== | ==== Protocols tab ==== | ||
This tab lists the DPI protocols for the current IP. The download button allows to capture the traffic for the IP and protocol pair. | This tab lists the DPI protocols for the current IP. The download button allows to capture the traffic for the IP and protocol pair. | ||
==== Peers tab ==== | ==== Peers tab ==== | ||
| Line 243: | Line 227: | ||
x.x.x.x must be replaced with the actual IP address. Additional URL parameters can be used to choose a time span, appling filters, etc. See :doc:`api_description` for details. | x.x.x.x must be replaced with the actual IP address. Additional URL parameters can be used to choose a time span, appling filters, etc. See :doc:`api_description` for details. | ||
==== Open TCP server ports ==== | ==== Open TCP server ports ==== | ||
| Line 251: | Line 234: | ||
Additionally, the first and last connection time is shown as well. | Additionally, the first and last connection time is shown as well. | ||
Also, there is button to capture traffic for the current IP and the corresponding port. | Also, there is button to capture traffic for the current IP and the corresponding port. | ||
==== TCP statistics ==== | ==== TCP statistics ==== | ||
| Line 262: | Line 244: | ||
The connection table below shows a subset of the main connection table only for TCP connnections for this IP. | The connection table below shows a subset of the main connection table only for TCP connnections for this IP. | ||
When sorting the handshake and response time columns and more than one time value is shown in a field, the maximum of all time values of that field is taken into account. | When sorting the handshake and response time columns and more than one time value is shown in a field, the maximum of all time values of that field is taken into account. | ||
==== HTTP server statistics ==== | ==== HTTP server statistics ==== | ||
| Line 279: | Line 259: | ||
The graph shows the historical data for all responses. | The graph shows the historical data for all responses. | ||
Below the graph, the number of response codes for each main code family is shown together with the last URL requested. | Below the graph, the number of response codes for each main code family is shown together with the last URL requested. | ||
==== SSL server statistics ==== | ==== SSL server statistics ==== | ||
| Line 305: | Line 284: | ||
This tab shows statistics (if available) of all negotiated SSL/TLS versions and cipher suites used by the current IP address either as server or client. | This tab shows statistics (if available) of all negotiated SSL/TLS versions and cipher suites used by the current IP address either as server or client. | ||
==== SIP statistics ==== | ==== SIP statistics ==== | ||
This tab shows statistics (if available) of all SIP request methods, all SIP response types as well as all SIP request/response pairs sent or received by the current IP address. | This tab shows statistics (if available) of all SIP request methods, all SIP response types as well as all SIP request/response pairs sent or received by the current IP address. | ||
==== RTP statistics ==== | ==== RTP statistics ==== | ||
| Line 317: | Line 294: | ||
A list shows all connections with client and server IP addresses and ports. The RTP payload type is shown as well as timing informations and counters, jitter and MOS values and SSRC (synchronization source) of both client and server. | A list shows all connections with client and server IP addresses and ports. The RTP payload type is shown as well as timing informations and counters, jitter and MOS values and SSRC (synchronization source) of both client and server. | ||
The min and max audio levels (decibel relative to full scale, dBFS) per direction are shown if G.711 A-Law or μ-Law is used. | The min and max audio levels (decibel relative to full scale, dBFS) per direction are shown if G.711 A-Law or μ-Law is used. | ||
For calculation, raw A-Law or μ-Law values are converted to 16 bit PCM values. | For calculation, raw A-Law or μ-Law values are converted to 16 bit PCM values. Those values are then converted to dbFS: | ||
Those values are then converted to dbFS: | |||
value_dBFS = 20 * log10(abs(pcm_value) / 32768) | value_dBFS = 20 * log10(abs(pcm_value) / 32768) | ||
Values range from 0 dBFS (loudest) to -96 dBFS (absolute silence). | Values range from 0 dBFS (loudest) to -96 dBFS (absolute silence). | ||
Graphs per connection show packets and packet loss, jitter, MOS and the max audio level of clinet and server over time. | Graphs per connection show packets and packet loss, jitter, MOS and the max audio level of clinet and server over time. | ||
A PCAP button allows for PCAP capturing. If a proper codec is used, audio capture buttons for both directions are available allowing downloads in MP3 format. | A PCAP button allows for PCAP capturing. If a proper codec is used, audio capture buttons for both directions are available allowing downloads in MP3 format. | ||
| Line 328: | Line 306: | ||
* G.722 | * G.722 | ||
* G.729 | * G.729 | ||
== Configuration settings == | == Configuration settings == | ||
By clicking on the gear button on the top left of the IP statistics web page, you can access the configuration section. | By clicking on the gear button on the top left of the IP statistics web page, you can access the configuration section. | ||
* Store connection information for every IP This option is enabled by default. | * Store connection information for every IP This option is enabled by default. | ||
| Line 340: | Line 316: | ||
:Connection data will be stored as long as possible regarding the total memory usage. | :Connection data will be stored as long as possible regarding the total memory usage. | ||
:Disabling this option will increase the minimum storage time significantly. | :Disabling this option will increase the minimum storage time significantly. | ||
* Store layer 7 protocol information for every IP The network protocols and their historical traffic data is stored for each IP if this option is enabled. | * Store layer 7 protocol information for every IP The network protocols and their historical traffic data is stored for each IP if this option is enabled. | ||
:Disabling this option will increase the minimum storage time slightly. | :Disabling this option will increase the minimum storage time slightly. | ||
* Track number of new connections for every IP | * Track number of new connections for every IP | ||
| Line 350: | Line 324: | ||
:Connections are divided into valid and invalid connections for server and client direction and the amount is shown. | :Connections are divided into valid and invalid connections for server and client direction and the amount is shown. | ||
:Disabling this option will increase the minimum storage time slightly. | :Disabling this option will increase the minimum storage time slightly. | ||
* Store traffic history graph for IP peers | * Store traffic history graph for IP peers | ||
:This option allows enabling or disabling the traffic history graph that is shown per peer in the '''Peers''' tab for an IP. | :This option allows enabling or disabling the traffic history graph that is shown per peer in the '''Peers''' tab for an IP. | ||
:Disabling this option will increase the minimum storage time slightly. | :Disabling this option will increase the minimum storage time slightly. | ||
* Store RTP performance information per IP and connection | * Store RTP performance information per IP and connection | ||
| Line 361: | Line 333: | ||
:Jitter and MOS calculation in the [[SIP_module|SIP module]] also depends on this switch since it partially shows information stored at the IP address of RTP senders/receivers. | :Jitter and MOS calculation in the [[SIP_module|SIP module]] also depends on this switch since it partially shows information stored at the IP address of RTP senders/receivers. | ||
:Disabling this option will reduce the memory utilization and therefor increase the minimum storage time slightly. | :Disabling this option will reduce the memory utilization and therefor increase the minimum storage time slightly. | ||
* Store QoS information for every IP | * Store QoS information for every IP | ||
:This option enables or disables to storage of Quality of Service information per IP. | :This option enables or disables to storage of Quality of Service information per IP. | ||
:These information require additional memory so if these information are not necessary, memory can be save to increase global data storage time. | :These information require additional memory so if these information are not necessary, memory can be save to increase global data storage time. | ||
* Store SSL/TLS information for every connection | * Store SSL/TLS information for every connection | ||
:This option enables or disables to storage of SSL/TLS information per IP. This includes used and announced | :This option enables or disables to storage of SSL/TLS information per IP. This includes used and announced | ||
:encryption ciphers which can take additional memory per IP connection. If these information are not necessary, memory can be save to increase global data storage time. | :encryption ciphers which can take additional memory per IP connection. If these information are not necessary, memory can be save to increase global data storage time. | ||
* Maximum number of IP groups | * Maximum number of IP groups | ||
:This option configures how many IP groups can be defined. The minimum (and default) value is 32 IP groups. | :This option configures how many IP groups can be defined. The minimum (and default) value is 32 IP groups. | ||
:The maximum value is 65535 IP groups. A new configuration value only takes effect after restarting the packet processing in the Administration menu. | :The maximum value is 65535 IP groups. A new configuration value only takes effect after restarting the packet processing in the Administration menu. | ||