Allegro Network Multimeter Manual

IP module: Difference between revisions

Page Discussion

IP module (view source)

Revision as of 11:33, 11 September 2020

22 bytes removed ,  11 September 2020
→‎Connections tab
No edit summary
Line 181: Line 181:
==== Connections tab ====
==== Connections tab ====


*The connection tabs lists all connections which involves the current IP. The button rows allow to select which kind of information should be shown.
The connection tabs lists all connections which involves the current IP. The button rows allow to select which kind of information should be shown.
*The table lists the client and server side and shows the IP address, port, and corresponding country of that IP.
*The maximum transmission unit (i.e. layer 2 payload) is calculated for both directions. The maximum values of the connection are displayed in the '''MTU''' column.
*The layer 4 protocol is the protocol of the layer 4 protocol used (TCP, UDP, or others).
*The start time is the time of the first packet for that connection, while the last activity column shows the time of the last packet seen so far for the connection. It is possible to sort for both fields to see the most recent active connections.
*The number of packets and bytes as well as the current throughput is shown too.
*The DPI protocol column shows the detect layer 7 protocol.
*The Response time column contains response times for TCP and the maximum HTTP response for HTTP connections, or the SSL response times for SSL connections.
*The column also contains a score for this connection and this IP, based on the average response times of the server.  


*See HTTP module and SSL module for additional information.
The table lists the client and server side and shows the IP address, port, and corresponding country of that IP.
*When sorting the column and more than one time value is shown in a field, the maximum of all time values of that field is taken into account.
 
*The TCP retransmissions columns shows the number of bytes that have been retransmitted on TCP layer because of packet loss.
The maximum transmission unit (i.e. layer 2 payload) is calculated for both directions. The maximum values of the connection are displayed in the '''MTU''' column.
*High percentage indicate connection problems for this communication pair.
 
*The TCP max window size columns show the size of the biggest TCP receive window announced for each direction of a connection.
The layer 4 protocol is the protocol of the layer 4 protocol used (TCP, UDP, or others).
*The TCP window size limit columns show the maximum possible value that could be used for the TCP receive window size.
 
*This is calculated from the announced TCP window scale option for each direction of a connection.
The start time is the time of the first packet for that connection, while the last activity column shows the time of the last packet seen so far for the connection. It is possible to sort for both fields to see the most recent active connections.
*The raw window scale (ws) shift count value is displayed in parentheses next to the byte value.
 
*The TCP window size limit usage columns show the ratio of the TCP max window size values compared to the TCP window size limit values in percent.
The number of packets and bytes as well as the current throughput is shown too.
*The Client announced and negotiated TLS version and cipher suites columns shows the TLS versions and all supported cipher suites announced by the client during a SSL client hello.
 
*In the negotiated columns the currently used TLS version and cipher suite is shown as indicated by the SSL server hello.  
The DPI protocol column shows the detect layer 7 protocol.
*As the client announced cipher suite list can be quite long, it is possible expand or minimize the list by click on it.
 
*The column Meta data may contain additional information that could be retrieved depending on the protocol.  
The Response time column contains response times for TCP and the maximum HTTP response for HTTP connections, or the SSL response times for SSL connections. The column also contains a score for this connection and this IP, based on the average response times of the server. See HTTP module and SSL module for additional information. When sorting the column and more than one time value is shown in a field, the maximum of all time values of that field is taken into account.
*For instance, for HTTP traffic this column shows the request URL and response code for the last transaction seen in the corresponding connection.
 
*The columns VLANs and Interfaces shows which VLAN tags has been seen for a specific connection and at which interface the connection has been established.
The TCP retransmissions columns shows the number of bytes that have been retransmitted on TCP layer because of packet loss. High percentage indicate connection problems for this communication pair.
*This is especially helpful in bridge mode to determine at which side of link the connection has been established.
 
* The column PPPoE shows the PPPoE session ID which has been seen for packets of that specific connection. If a PPPoE session ID changes at any time while the connection is active, a 'changed' indication is given. In this case the latter session ID is displayed.
The TCP max window size columns show the size of the biggest TCP receive window announced for each direction of a connection.
*The column MPLS shows all seen MPLS labels for every direction of the connection. The full label stack is shown.
 
*A '''no label''' indication is given, if no MPLS labels have been used. If a MPLS label changes at any time while the connection is active, a '''changed''' indication is given.  
The TCP window size limit columns show the maximum possible value that could be used for the TCP receive window size. This is calculated from the announced TCP window scale option for each direction of a connection.
*In this case the latter MPLS labels are displayed.
 
*The column QoS shows all seen QoS service classes for every direction of the connection. IP DSCP, outermost MPLS traffic classes and outermost VLAN priority code points may be detected and displayed. If a QoS class changes at any time while the connection is active, a '''changed''' indication is given.   In this case the latter QoS service classes are displayed. TCP RST packets will be ignored, as that packet may be less important and is indicated by a QoS class with lower priority than the previous packets with data.
The raw window scale (ws) shift count value is displayed in parentheses next to the byte value.
*The column Graph shows the historical throughput for each connection.
 
*A PCAP button allows for capturing the specific connection.
The TCP window size limit usage columns show the ratio of the TCP max window size values compared to the TCP window size limit values in percent.
*The list of connections can be filtered by entering a string into the text area. Also, complex filter expressions are possible, if the string starts with an open parenthesis '''('''. See [[Live_filtering_of_tables|Live filtering of tables]] for details.
 
The Client announced and negotiated TLS version and cipher suites columns shows the TLS versions and all supported cipher suites announced by the client during a SSL client hello. In the negotiated columns the currently used TLS version and cipher suite is shown as indicated by the SSL server hello. As the client announced cipher suite list can be quite long, it is possible expand or minimize the list by click on it.
 
The column Meta data may contain additional information that could be retrieved depending on the protocol. For instance, for HTTP traffic this column shows the request URL and response code for the last transaction seen in the corresponding connection.
 
The columns VLANs and Interfaces shows which VLAN tags has been seen for a specific connection and at which interface the connection has been established. This is especially helpful in bridge mode to determine at which side of link the connection has been established.
 
The column PPPoE shows the PPPoE session ID which has been seen for packets of that specific connection. If a PPPoE session ID changes at any time while the connection is active, a 'changed' indication is given. In this case the latter session ID is displayed.
 
The column MPLS shows all seen MPLS labels for every direction of the connection. The full label stack is shown. A '''no label''' indication is given, if no MPLS labels have been used. If a MPLS label changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter MPLS labels are displayed.
 
The column QoS shows all seen QoS service classes for every direction of the connection. IP DSCP, outermost MPLS traffic classes and outermost VLAN priority code points may be detected and displayed. If a QoS class changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter QoS service classes are displayed. TCP RST packets will be ignored, as that packet may be less important and is indicated by a QoS class with lower priority than the previous packets with data.
 
The column Graph shows the historical throughput for each connection.
 
A PCAP button allows for capturing the specific connection.
 
The list of connections can be filtered by entering a string into the text area. Also, complex filter expressions are possible, if the string starts with an open parenthesis '''('''. See [[Live_filtering_of_tables|Live filtering of tables]] for details.


===== CSV download =====
===== CSV download =====
Martin.fesser
340

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/3014"