1,775
edits
MAC module: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
The button row allows for enabling and disabling specific columns so that only the relevant information fit onto the display. | The button row allows for enabling and disabling specific columns so that only the relevant information fit onto the display. | ||
By clicking on | By clicking on '''Counters (combined)''' the table toggles between sent and received bytes and packets displayed in either one column or in separate columns for sorting purposes. | ||
The list contains all MAC addresses seen by the system. For each address, the table contains the following information: | The list contains all MAC addresses seen by the system. For each address, the table contains the following information: | ||
| Line 20: | Line 20: | ||
* Detected OS: | * Detected OS: | ||
:A list of all detected OS that are mapped behind this MAC address. The OS is detected by Host specific Layer 7 patterns. This information can be used to search or identify specific systems. | :A list of all detected OS that are mapped behind this MAC address. The OS is detected by Host specific Layer 7 patterns. This information can be used to search or identify specific systems. Be aware that routing and NAT allows more than one OS behind one MAC address. | ||
Be aware that routing and NAT allows more than one OS behind one MAC address. | |||
* DHCP host name | * DHCP host name | ||
The DHCP name is passively extracted from the dhcp request. It can be used to identify specific system with the DHCP name like printers etc. | :The DHCP name is passively extracted from the dhcp request. It can be used to identify specific system with the DHCP name like printers etc. | ||
* First (recent) activity | * First (recent) activity | ||
This columns shows the first time when this MAC showed activity for the first time or after a long time of inactivity. | :This columns shows the first time when this MAC showed activity for the first time or after a long time of inactivity. | ||
* Last activity | * Last activity | ||
The last activity is the last time a packet have been received or send by the MAC address. | :The last activity is the last time a packet have been received or send by the MAC address. | ||
* Packets and Bytes | * Packets and Bytes | ||
This is the number of packets and bytes, received by the MAC address as a red arrow down, and the sent bytes as a green arrow up. | :This is the number of packets and bytes, received by the MAC address as a red arrow down, and the sent bytes as a green arrow up. | ||
* Packets/s and Bits/s | * Packets/s and Bits/s | ||
These two numbers describe the current throughput of this MAC address, for down- and up-link. | :These two numbers describe the current throughput of this MAC address, for down- and up-link. | ||
* MAC peer count | * MAC peer count | ||
Number of MAC addresses which have sent or received packets from this MAC address. The counter is increased at the first packet between 2 MAC addresses. It is decreased after the no activity between 2 MACs for the global timeout. | :Number of MAC addresses which have sent or received packets from this MAC address. The counter is increased at the first packet between 2 MAC addresses. It is decreased after the no activity between 2 MACs for the global timeout. | ||
* Active IP count | * Active IP count | ||
Number of IPs mapped behind this IP address. The counter is increased at the first packet for an MAC/IP pair. It is decreased after the no activity for a MAC/IP pair 2 MACs for the global timeout. | :Number of IPs mapped behind this IP address. The counter is increased at the first packet for an MAC/IP pair. It is decreased after the no activity for a MAC/IP pair 2 MACs for the global timeout. | ||
This number can be very high for routers, NAT gateways or similar as they can map millions of IPs to one MAC address. | This number can be very high for routers, NAT gateways or similar as they can map millions of IPs to one MAC address. | ||
* Open connections | * Open connections | ||
The numbers described the number of currently open connections and the maximum number of connections open (simultaneously ). | :The numbers described the number of currently open connections and the maximum number of connections open (simultaneously ). | ||
* Graph | * Graph | ||
The column shows the history graph of the traffic for each MAC address. It shows the timestamp on the x-axis and the bytes on the y-axis. The resolution can be changed by using the control buttons on the top of the web page. | :The column shows the history graph of the traffic for each MAC address. It shows the timestamp on the x-axis and the bytes on the y-axis. The resolution can be changed by using the control buttons on the top of the web page. | ||
* Capture traffic | * Capture traffic | ||
It is possible to download the traffic of a MAC address by clicking on the capture button. | :It is possible to download the traffic of a MAC address by clicking on the capture button. | ||
The captured packets are not stored on the system but they are directly sent over the HTTP connection to the user’s computer. | :The captured packets are not stored on the system but they are directly sent over the HTTP connection to the user’s computer. To stop capture, click again on the capture button or go to the [[1-_Generic_modules(Teil_1)#Capture_module|Capture module]] page in the generic section and stop the corresponding download. | ||
To stop capture, click again on the capture button or go to the [[1-_Generic_modules(Teil_1)#Capture_module|Capture module]] page in the generic section and stop the corresponding download. | |||
When multiple pages are available, there will be a control field for switching pages. | When multiple pages are available, there will be a control field for switching pages. | ||
The MAC search bar allows to enter MAC addresses or names to see only those element for which the entered string is part of the IP address, NIC Vendor name, the operating system or DHCP host name. Also, complex filter expressions are possible, if the string starts with an open parenthesis | The MAC search bar allows to enter MAC addresses or names to see only those element for which the entered string is part of the IP address, NIC Vendor name, the operating system or DHCP host name. Also, complex filter expressions are possible, if the string starts with an open parenthesis '''('''. See [[9-_Live_filtering_of_tables|Live filtering of tables]] for a detailed description about how to use this feature. | ||