manualshive.com logo in svg

Kerio Tech Network Monitor, User Manual

Easily monitor your network with Kerio Tech Network Monitor. Stay informed of network performance with detailed insights provided in the user manual. Download your free manual today from manualshive.com to maximize the efficiency of your network monitoring capabilities.

Share
Download
background image

Chapter 7

Viewing and Analysis of Captured Data

56

Log files can be further processed by external analytical tools (e.g. by

Kerio Log Analyzer

application — see

www.kerio.com

).

Connection Log

TCP: richard:1524 -> 205.107.97.6:80 171 + 2927By,

2s -HTTP:205.107.97.6

Fri 8/Mar/2002 10:18:31

— date and time of a connection creation (formation)

TCP:

— used communication protocol at transport level (

TCP

/

UDP

)

richard:1524

— name or IP address of a client (computer that originated the

connection) and source port

205.107.97.6:80

— name or IP address of a target computer (server) and desti-

nation port

171 + 2927By

— volume of sent (

171

) and received (

2927

) data in bytes (

By

)

2s

— connection duration (in seconds)

-HTTP:205.107.97.6

— service description (if it is a service defined in

Kerio Net-

work Monitor

). This record shows “HTTP service on a server with IP address

205.107.97.6”. If

Kerio Network Monitor

doesn’t have such a service, the error

message

unknown service

is displayed.

Note: Kerio Network Monitor

resolves names of computers in the Internet using a DNS

protocol analysis. This method can be used only if a DNS query had been sent before

the connection was established. If a client contains this information in its local DNS

cache, a DNS query is not sent and

Kerio Network Monitor

“sees” only the IP address

of a target server.

HTTP Log

richard - Fri 8/Mar/2002 11:57:46

GET http://www.kerio.com/resources/home.gif

HTTP/1.1 200 1221

richard

— name (or IP address) of a client (i.e. the computer that sent the HTTP

query)

Fri 8/Mar/2002 11:57:46

— date and time of a request

Summary of Contents for Network Monitor

Page 1: ...User s Guide Kerio Technologies...

Page 2: ...C 2001 2003 Kerio Technologies All rights reserved Printing date April 10 2003 Current product version Kerio Network Monitor 2 1 0 All additional modifications and up dates reserved...

Page 3: ...e Viewer 19 5 2 Controlling the Service 20 5 3 Initial Configuration 21 6 Configuration 23 6 1 IP Addresses Ranges 23 6 2 Monitored Services 27 6 3 User Accounts 29 6 4 Log Settings 32 6 5 Protocol Mo...

Page 4: ...nnection to the Web Interface 59 8 2 Page Main 60 8 3 Page Chart 60 8 4 Page Report 60 8 5 Page Connections 61 8 6 Page Logs 61 8 7 Integration of the WWW Interface into the Company Website 61 9 Gloss...

Page 5: ...l volume of data within a given time period From acquired data you can identi fy who in your network uses the Internet in the most intensive way It is possible to create statistics with a day week or...

Page 6: ...ing to the service user name and password are required Therefore more users can be connected simultaneously to Kerio Network Monitor with different levels of the access rights viewing configuration ad...

Page 7: ...e chapter 5 3 3 In the menu Action Change password set the password for user Admin 4 If no private IP addresses are used in the local network set appropriate ranges of IP addresses in the menu Setting...

Page 8: ...Chapter 2 Quick Checklist 8...

Page 9: ...nitoring Kerio Network Monitor Daemon watches the network traffic in so called promiscuous mode i e it can accept also the data that isnot addressed to the computer on which it is running It captures...

Page 10: ...2 In positive case the data is stored As an example we present the transfer of E mail via the SMTP protocol If the TCP connection with the target port 25 is recorded all packets belonging to this conn...

Page 11: ...r Daemon see chapter 5 2 Data Storage Folder Modification In case you need to change the folder for storing the measured and captured data and the log files so that they are for example stored to the...

Page 12: ...ateway runs Windows type operating system Kerio Network Monitor then must be set up for monitoring on the inner network adapters see chapter 6 1 some types of switches can be configured so that they s...

Page 13: ...edefined rules for the SMTP POP3 and IMAP services so that the rules are valid only for IP address of the mail server e g 192 168 1 10 255 255 255 255 TCP25 on Internet and add the rules for ignoring...

Page 14: ...Chapter 3 Technical Information 14...

Page 15: ...10 en win exe During the installation the user can choose which components of Kerio Network Monitor are to be installed NetMon Daemon Monitoring service Daemon It must be installed on the computer whe...

Page 16: ...ter successful upgrade the Kerio Network Monitor Daemon is started automatically Uninstallation of Kerio Network Monitor can be performed by choosing the Add Remove Software option in the Control Pane...

Page 17: ...t IP addresses are not monitored and on the start of the viewer a warning saying that the maximum number of users was reached is displayed Subscription expiration Free program upgrade expiration date...

Page 18: ...Chapter 4 Installation 18...

Page 19: ...computer Insert IP address or DNS name of the host on which the service is running the term server will be used in the further text or select any server to which Kerio Network Monitor has been alread...

Page 20: ...o the user profile in Windows and it will not be necessary to enter it on each login We recom mend to use this option only when there is no risk of access rights misuse by another person Don t restore...

Page 21: ...service The ser vice can be removed only when the service exists in the system and is stopped Warning If the Kerio Network Monitor Daemon is installed as the service in the operating system Windows N...

Page 22: ...can see only the address of the computer which Kerio Network Monitor is running on By pressing the Done button the settings will be stored and the viewer itself will start This dialog will not be disp...

Page 23: ...e adapter connected to the Internet if the network address translation is used NAT we can see only the address of the computer which the Kerio Network Monitor is running on List of IP addresses groups...

Page 24: ...P addresses group definition will appear IP range specification Type of the group One of the following types can be chosen Host IP address of a particular computer Subnet IP address mask IP subnet wit...

Page 25: ...t no list is created from them discard data if source or target address belongs to this group the volume of the data in this packet will not be counted Note The volume of the data in the packet will b...

Page 26: ...ill be measured because the communi cation between the client and the proxy server takes place only in the local network The default rule supposes the standard port 3128 TCP3128 If the proxy server in...

Page 27: ...not necessary if there are e g in the local network used only the IP addresses from the range 192 168 0 0 the rules for other private ranges 10 0 0 0 and 172 16 0 0 are not efficient because those add...

Page 28: ...ther parameters which were set for the service Details see later The buttons under the list of the services allow definition of new service Add modifi cation of the service settings Edit or deleting o...

Page 29: ...sibly also to the appropriate log HTTP Log Mail Log ICQ Log Details are to be found in the chapters 7 4 and 7 7 If this option is on attribute P appears in the column Flags Note To define other parame...

Page 30: ...dialog this tab can be also opened using the Settings Users menu The list of users in this tab includes the following information Username User name which the user logs in with Rights Access rights o...

Page 31: ...rd empty Also the password of the predefined user Admin should be changed after the first logon Account is disabled It is possible to temporarily deactivate turn off the user ac count by setting this...

Page 32: ...hts in the list of the users 6 4 Log Settings The Database tab is intended for setting the parameters for storing the acquired data Statistics keeping time The maximum time which will be the statistic...

Page 33: ...contain big amount of graphics and other objects therefore it deals with high volume data Keep captured FTP sessions time for storing the information about connections to the FTP servers Only informa...

Page 34: ...eouts The UDP and ICMP protocols are datagram oriented communication is based on the exchange of individual messages so called data grams among that exists at the level of the network communication no...

Page 35: ...nd In order to enable the user to watch the connection in the window Current connections see chapter 7 3 it is left displayed for some time after the end of the connection This time is set by the Clos...

Page 36: ...mon use the loopback address 127 0 0 1 The above described problem can be solved by setting the WWW browser so that it does not use the proxy server for local address but this option can usually be ch...

Page 37: ...ter only only the connections for the computer which is he connected from or All connections are visible connections for all registered com puters 6 7 Additional Settings Settingthe additional options...

Page 38: ...he captured WWW pages Enabling this option can radically save disk space of the computer The option HTTP will not be available in the Tapped data window it will not be possible to view pages visited b...

Page 39: ...tor priority definition The high priority is set by the default We recommend you to change this status under the following conditions only the service overloads the system set lower process priority N...

Page 40: ...Chapter 6 Configuration 40...

Page 41: ...l messages FTP sessions etc Status window Status of the Kerio Network Monitor Daemon service logged user statistics of captured packets disk volume occupied by the stored data Report Creates a well st...

Page 42: ...ed and moved to the front If you select the function while you simultaneously press the Shift key the new win dow for this function is displayed Hint The third described way can be used to open vertic...

Page 43: ...o the chart background or to the other al ready applied colors will be assigned to the selected computers This color will be used to separately show values for the selected group of computers in the c...

Page 44: ...this group Enter the requested subnet with the appropriate mask Note This option can be checked for several groups simultaneously even for the same subnet Remove the group Remove the selected groups...

Page 45: ...rds Jump to the specified position date and time Short jump forwards Long jump forwards Jump to the end of a chart i e the current time Note The length of a short and long jump depends on a scale of t...

Page 46: ...Incoming traffic only the volume of the incoming downloaded data will be displayed in the chart Outgoing traffic only the volume of the outgoing sent data will be displayed in the chart Both direction...

Page 47: ...ol TCP UDP or ICMP zdenci 3568 name or IP address of a computer in a local network typically a client and the port number 12 249 134 106 1214 name or IP address of a computer in the Internet typically...

Page 48: ...e g SMTP HTTP FTP etc or unknown unknown service Note Kerio Network Monitor resolves names of computers using an analysis of the DNS procotocol This can be done only if the DNS query was sent before...

Page 49: ...e of connection Connection state active closed etc Connection info information about the service if it is defined in the program Included protocols Which protocols shall be monitored in the current co...

Page 50: ...te object e g WWW page on a given server This object will be displayed in the right part of the window Note If it is not forbidden in the program configuration see chapter 6 7 content of e mail messag...

Page 51: ...onitor Dae mon installed about the network interfaces and the disk space occupied by the database of the scanned data System information System information current time of the server the installation...

Page 52: ...e internal cache of the network adapter This error should not occur under normal circumstances it can indicate a problem with an adapter or its driver No resources number of packets that were not succ...

Page 53: ...olumns in a table One column contains traffic sumary time interval which shall be covered by one column Combination of these two parameters determines the total extent of the table Example We want to...

Page 54: ...we let the program create the table with the same parameters e g at 6 00 p m the data in the last column will be different Select the service The user can select a service whose data will be displaye...

Page 55: ...m left to right Copy selection to clipboard Copies the selected text to a clipboard mouse can be use to select text This function can be invoked using the standard hot key Ctrl C Save log to file Stor...

Page 56: ...n seconds HTTP 205 107 97 6 service description if it is a service defined in Kerio Net work Monitor This record shows HTTP service on a server with IP address 205 107 97 6 If Kerio Network Monitor do...

Page 57: ...ess of a client i e the computer that initiated the connection to a mail server Fri 8 Mar 2002 14 26 01 date and time of a message transfer SMTP used mail protocol SMTP POP3 or IMAP From e mail addres...

Page 58: ...hese warning and he should try to elim inate all errors 192 168 2 38 IP address of a computer where the error was logged Addresses of source and target computers of the connection where an error occur...

Page 59: ...nticated user can examine all data provided by Kerio Netwok Monitor i e data about all computers in a local network 8 1 Connection to the Web Interface The user must enter DNS name of a computer that...

Page 60: ...WW page can display at most 3 lines red green and blue a type of displayed information can be set for each line The choices are All computers total volume of transferred data for all computers Name of...

Page 61: ...splayed Show last days show only log items for the last days This option strongly affects the length of the displayed page therefore we recommend to choose only the time period that is required at mos...

Page 62: ...s both in the internal and the public DNS 81 port where the WWW interface of Kerio Network Monitor runs see chapter 6 6 directory directory of the virtual Web server where the appropriate is stored pa...

Page 63: ...ear IP1 IP2 IP3 IP addresses for which the transferred data volume will be dis played in the chart ordered red greed blue Instead of an IP address of a particular computer the address 0 0 0 0 sum of d...

Page 64: ...2 back 7 columnscount 7 columnswidth 1 sort 3 direction 3 service 0 where interval basis of column width it is multiplied by the parameter columnwidth The possible values are Value 0 1 2 3 4 5 Meaning...

Page 65: ...entire table will cover time period of 7 days 1 week back 1 table moved backwards by one time period i e 1 week As a result the table will cover time period 2 weeks to 1 week direction 3 table will c...

Page 66: ...Chapter 8 Web Interface 66...

Page 67: ...l disc By default TCP protocol and port 110 is used Port A port is a 16 bit number the allowed range being 1 through 65535 used by TCP and UDP protocols for identification of applications services on...

Page 68: ...5 is used Service In network terminology application used in an network environment is called a service In TCP IP the service is identified by a transport protocol and port e g HTTP uses TCP protocol...

Page 69: ...17 26 log Connection Log 56 display on WWW page 61 Error Log 57 HTTP Log 38 56 Mail Log 57 storage time 33 storing to file 55 login to the viewer 19 WWW interface 59 logs location on the disk 11 prot...

Page 70: ......

Reviews:

No comments

Related manuals for Network Monitor

NDS DOMETIC BS12-100 Short Operating Manual preview
DOMETIC BS12-100
Brand: NDS Pages: 64
NCR XL15W User Manual preview
XL15W
Brand: NCR Pages: 46
Waveshare 13.3 e-Paper (K) User Manual preview
13.3 e-Paper (K)
Brand: Waveshare Pages: 39
Hama Baby-Control BC-100 Operating Instructions Manual preview
Baby-Control BC-100
Brand: Hama Pages: 51
Yaesu SM-5000 - COMPUTER Interface Manual preview
SM-5000 - COMPUTER
Brand: Yaesu Pages: 8
Vitek VTM-LCD202 Specifications preview
VTM-LCD202
Brand: Vitek Pages: 2
NewHawk UMEN-260314-V1.0 User Manual preview
UMEN-260314-V1.0
Brand: NewHawk Pages: 14
Advantech FPM-3100H Series User Manual preview
FPM-3100H Series
Brand: Advantech Pages: 46
AOC LM520i Service Manual preview
LM520i
Brand: AOC Pages: 40
Global Fire Equipment GFE-BCM Series Installation Manual preview
GFE-BCM Series
Brand: Global Fire Equipment Pages: 9
Daktronics Large Matrix Galaxy GT6X Series Installation And Operation Manual preview
Large Matrix Galaxy GT6X Series
Brand: Daktronics Pages: 33
I-Tech HAP-19AV Series User Manual preview
HAP-19AV Series
Brand: I-Tech Pages: 28
i3TOUCH V-SENSE 8404 4K T10 User Manual preview
V-SENSE 8404 4K T10
Brand: i3TOUCH Pages: 53
FlyTech POS 112 SERIES User Manual preview
POS 112 SERIES
Brand: FlyTech Pages: 53
ZENEC ZEM-W1501RM Instruction Manual preview
ZEM-W1501RM
Brand: ZENEC Pages: 32
NCR 5972-1000 User Manual preview
5972-1000
Brand: NCR Pages: 90
BabySense V24R-1 User Manual preview
V24R-1
Brand: BabySense Pages: 42
Samsung U28E570D User Manual preview
U28E570D
Brand: Samsung Pages: 44

Brands by name

Popular brands

Load more brands