547
edits
IP module: Difference between revisions
→Connections tab
| Line 188: | Line 188: | ||
The connection tabs lists all connections which involves the current IP. The button rows allow to select which kind of information should be shown. | The connection tabs lists all connections which involves the current IP. The button rows allow to select which kind of information should be shown. | ||
The table lists the client and server side and shows the IP address, port, and corresponding country of that IP. | * The table lists the client and server side and shows the IP address, port, and corresponding country of that IP. | ||
The maximum transmission unit (i.e. layer 2 payload) is calculated for both directions. The maximum values of the connection are displayed in the '''MTU''' column. | * The maximum transmission unit (i.e. layer 2 payload) is calculated for both directions. The maximum values of the connection are displayed in the '''MTU''' column. | ||
The layer 4 protocol is the protocol of the layer 4 protocol used (TCP, UDP, or others). | * The layer 4 protocol is the protocol of the layer 4 protocol used (TCP, UDP, or others). | ||
The start time is the time of the first packet for that connection, while the last activity column shows the time of the last packet seen so far for the connection. It is possible to sort for both fields to see the most recent active connections. | * The start time is the time of the first packet for that connection, while the last activity column shows the time of the last packet seen so far for the connection. It is possible to sort for both fields to see the most recent active connections. | ||
The number of packets and bytes as well as the current throughput is shown too. | * The number of packets and bytes as well as the current throughput is shown too. | ||
The DPI protocol column shows the detect layer 7 protocol. | * The DPI protocol column shows the detect layer 7 protocol. | ||
The Response time column contains response times for TCP and the maximum HTTP response for HTTP connections, or the SSL response times for SSL connections. The column also contains a score for this connection and this IP, based on the average response times of the server. See HTTP module and SSL module for additional information. When sorting the column and more than one time value is shown in a field, the maximum of all time values of that field is taken into account. | * The Response time column contains response times for TCP and the maximum HTTP response for HTTP connections, or the SSL response times for SSL connections. The column also contains a score for this connection and this IP, based on the average response times of the server. See HTTP module and SSL module for additional information. When sorting the column and more than one time value is shown in a field, the maximum of all time values of that field is taken into account. | ||
The TCP retransmissions columns shows the number of bytes that have been retransmitted on TCP layer because of packet loss. High percentage indicate connection problems for this communication pair. | * The TCP retransmissions columns shows the number of bytes that have been retransmitted on TCP layer because of packet loss. High percentage indicate connection problems for this communication pair. | ||
The TCP missed data column shows the estimated amount of TCP data not seen for this connection. See [[TCP module#Missed data|TCP module]] for details about missed data. | * The TCP missed data column shows the estimated amount of TCP data not seen for this connection. See [[TCP module#Missed data|TCP module]] for details about missed data. | ||
The TCP flags column show the amount of TCP SYN, SYN-ACK, FIN and RST packets per direction. Up to 255 packets can be accounted, if more were seen, >= 255 will be displayed. | * The TCP flags column show the amount of TCP SYN, SYN-ACK, FIN and RST packets per direction. Up to 255 packets can be accounted, if more were seen, >= 255 will be displayed. | ||
The TCP max window size columns show the size of the biggest TCP receive window announced for each direction of a connection. | * The TCP max window size columns show the size of the biggest TCP receive window announced for each direction of a connection. | ||
The TCP max used window size columns show the size of the biggest used TCP receive window for each direction of a connection. | * The TCP max used window size columns show the size of the biggest used TCP receive window for each direction of a connection. | ||
The TCP window usage columns show the ratio of the TCP max window size compared to the actual max used window size. | * The TCP window usage columns show the ratio of the TCP max window size compared to the actual max used window size. | ||
The TCP window size limit columns show the maximum possible value that could be used for the TCP receive window size. This is calculated from the announced TCP window scale option for each direction of a connection. | * The TCP window size limit columns show the maximum possible value that could be used for the TCP receive window size. This is calculated from the announced TCP window scale option for each direction of a connection. | ||
The raw window scale (ws) shift count value is displayed in parentheses next to the byte value. | * The raw window scale (ws) shift count value is displayed in parentheses next to the byte value. | ||
The TCP window limit usage columns show the ratio of the TCP max window size values compared to the TCP window size limit values in percent. | * The TCP window limit usage columns show the ratio of the TCP max window size values compared to the TCP window size limit values in percent. | ||
The Client announced and negotiated TLS version and cipher suites columns shows the TLS versions and all supported cipher suites announced by the client during a SSL client hello. In the negotiated columns the currently used TLS version and cipher suite is shown as indicated by the SSL server hello. As the client announced cipher suite list can be quite long, it is possible expand or minimize the list by click on it. | * The Client announced and negotiated TLS version and cipher suites columns shows the TLS versions and all supported cipher suites announced by the client during a SSL client hello. In the negotiated columns the currently used TLS version and cipher suite is shown as indicated by the SSL server hello. As the client announced cipher suite list can be quite long, it is possible expand or minimize the list by click on it. | ||
The column Meta data may contain additional information that could be retrieved depending on the protocol. For instance, for HTTP traffic this column shows the request URL and response code for the last transaction seen in the corresponding connection. | * The column Meta data may contain additional information that could be retrieved depending on the protocol. For instance, for HTTP traffic this column shows the request URL and response code for the last transaction seen in the corresponding connection. | ||
The columns VLANs and Interfaces shows which VLAN tags has been seen for a specific connection and at which interface the connection has been established. This is especially helpful in bridge mode to determine at which side of link the connection has been established. | * The columns VLANs and Interfaces shows which VLAN tags has been seen for a specific connection and at which interface the connection has been established. This is especially helpful in bridge mode to determine at which side of link the connection has been established. | ||
The column PPPoE shows the PPPoE session ID which has been seen for packets of that specific connection. If a PPPoE session ID changes at any time while the connection is active, a 'changed' indication is given. In this case the latter session ID is displayed. | * The column PPPoE shows the PPPoE session ID which has been seen for packets of that specific connection. If a PPPoE session ID changes at any time while the connection is active, a 'changed' indication is given. In this case the latter session ID is displayed. | ||
The column MPLS shows all seen MPLS labels for every direction of the connection. The full label stack is shown. A '''no label''' indication is given, if no MPLS labels have been used. If a MPLS label changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter MPLS labels are displayed. | * The column MPLS shows all seen MPLS labels for every direction of the connection. The full label stack is shown. A '''no label''' indication is given, if no MPLS labels have been used. If a MPLS label changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter MPLS labels are displayed. | ||
The column QoS shows all seen QoS service classes for every direction of the connection. IP DSCP, outermost MPLS traffic classes and outermost VLAN priority code points may be detected and displayed. If a QoS class changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter QoS service classes are displayed. TCP RST packets will be ignored, as that packet may be less important and is indicated by a QoS class with lower priority than the previous packets with data. | * The column QoS shows all seen QoS service classes for every direction of the connection. IP DSCP, outermost MPLS traffic classes and outermost VLAN priority code points may be detected and displayed. If a QoS class changes at any time while the connection is active, a '''changed''' indication is given. In this case the latter QoS service classes are displayed. TCP RST packets will be ignored, as that packet may be less important and is indicated by a QoS class with lower priority than the previous packets with data. | ||
The column Graph shows the historical throughput for each connection. | * The column Graph shows the historical throughput for each connection. In Firmware >= 3.3, it is also possible to select the displayed graph from multiple different statistics. Some may only be available if module options has been enabled, as it will increase the overall memory usage. Some statistics like the path latency is only available, if the [[path measurement]] module is active (and the corresponding option to store latencies per connection is enabled). | ||
A PCAP button allows for capturing the specific connection. | * A PCAP button allows for capturing the specific connection. | ||
The list of connections can be filtered by entering a string into the text area. Also, complex filter expressions are possible, if the string starts with an open parenthesis '''('''. See [[Live_filtering_of_tables|Live filtering of tables]] for details. | The list of connections can be filtered by entering a string into the text area. Also, complex filter expressions are possible, if the string starts with an open parenthesis '''('''. See [[Live_filtering_of_tables|Live filtering of tables]] for details. | ||