Kerio Tech Network Monitor Скачать руководство пользователя страница 10

Страница: 10 / 70

Chapter 3

Technical Information

including headers, etc.). The information gathered by

Kerio Network Monitor

can

therefore differ from those acquired by the other tools (the deviation should not

excess 40% — if there is several times higher difference, it is necessary to look for the

mistake in the network or in the program configuration).

Viewing current connections

All captured IP packets are scanned for TCP segments

opening and closing connection (with attributes

SYN

and

FIN

). So

Kerio Network Mon-

itor

has information about all open connections of individual workstations in the net-

work. In similar way information about communication via UDP protocol is displayed.

Because it is datagram-oriented protocol so called pseudo-connections are evaluated

— connection lasts until interval of UDP datagram exchange between source and tar-

get station exceed predefined time (default: 180 seconds).

Monitoring of services

Each of the captured IP packets is checked if it contains data

from some of the defined services (see chapter

6.2

). In positive case the data is stored.

As an example, we present the transfer of E-mail via the SMTP protocol. If the TCP

connection with the target port

is recorded, all packets belonging to this connec-

tion are monitored and from them E-mail address of the sender and the recipient of

the message, eventually the content of the message can be reconstructed.

Configuration File

Kerio Network Monitor

configuration information is stored in the

NetMon2.cfg

file. This

file is saved under the directory where

Kerio Network Monitor

is installed (typically

C:\Program Files\Kerio\Network Monitor

). Simply copy this file to backup your

settings.

Warning:

Stop

Kerio Network Monitor Daemon

before taking any action with the config-

uration file (refer to chapter

5.2

Data Storage

The measured data is stored in binary files on the disk. In the data folder (by default the

same, where

Kerio Network Monitor

is installed), the following subfolders are created:

•

high

— data with high resolution (sampling rate 3 seconds)

•

low

— data with low resolution (sampling rate 1 hour)

In these folders are created another subfolders according to the IP addresses of individ-

ual computers in the local network and in them are stored the files with the acquired

Содержание Network Monitor

Страница 1: ...User s Guide Kerio Technologies...

Страница 2: ...C 2001 2003 Kerio Technologies All rights reserved Printing date April 10 2003 Current product version Kerio Network Monitor 2 1 0 All additional modifications and up dates reserved...

Страница 3: ...e Viewer 19 5 2 Controlling the Service 20 5 3 Initial Configuration 21 6 Configuration 23 6 1 IP Addresses Ranges 23 6 2 Monitored Services 27 6 3 User Accounts 29 6 4 Log Settings 32 6 5 Protocol Mo...

Страница 4: ...nnection to the Web Interface 59 8 2 Page Main 60 8 3 Page Chart 60 8 4 Page Report 60 8 5 Page Connections 61 8 6 Page Logs 61 8 7 Integration of the WWW Interface into the Company Website 61 9 Gloss...

Страница 5: ...l volume of data within a given time period From acquired data you can identi fy who in your network uses the Internet in the most intensive way It is possible to create statistics with a day week or...

Страница 6: ...ing to the service user name and password are required Therefore more users can be connected simultaneously to Kerio Network Monitor with different levels of the access rights viewing configuration ad...

Страница 7: ...e chapter 5 3 3 In the menu Action Change password set the password for user Admin 4 If no private IP addresses are used in the local network set appropriate ranges of IP addresses in the menu Setting...

Страница 8: ...Chapter 2 Quick Checklist 8...

Страница 9: ...nitoring Kerio Network Monitor Daemon watches the network traffic in so called promiscuous mode i e it can accept also the data that isnot addressed to the computer on which it is running It captures...

Страница 10: ...2 In positive case the data is stored As an example we present the transfer of E mail via the SMTP protocol If the TCP connection with the target port 25 is recorded all packets belonging to this conn...

Страница 11: ...r Daemon see chapter 5 2 Data Storage Folder Modification In case you need to change the folder for storing the measured and captured data and the log files so that they are for example stored to the...

Страница 12: ...ateway runs Windows type operating system Kerio Network Monitor then must be set up for monitoring on the inner network adapters see chapter 6 1 some types of switches can be configured so that they s...

Страница 13: ...edefined rules for the SMTP POP3 and IMAP services so that the rules are valid only for IP address of the mail server e g 192 168 1 10 255 255 255 255 TCP25 on Internet and add the rules for ignoring...

Страница 14: ...Chapter 3 Technical Information 14...

Страница 15: ...10 en win exe During the installation the user can choose which components of Kerio Network Monitor are to be installed NetMon Daemon Monitoring service Daemon It must be installed on the computer whe...

Страница 16: ...ter successful upgrade the Kerio Network Monitor Daemon is started automatically Uninstallation of Kerio Network Monitor can be performed by choosing the Add Remove Software option in the Control Pane...

Страница 17: ...t IP addresses are not monitored and on the start of the viewer a warning saying that the maximum number of users was reached is displayed Subscription expiration Free program upgrade expiration date...

Страница 18: ...Chapter 4 Installation 18...

Страница 19: ...computer Insert IP address or DNS name of the host on which the service is running the term server will be used in the further text or select any server to which Kerio Network Monitor has been alread...

Страница 20: ...o the user profile in Windows and it will not be necessary to enter it on each login We recom mend to use this option only when there is no risk of access rights misuse by another person Don t restore...

Страница 21: ...service The ser vice can be removed only when the service exists in the system and is stopped Warning If the Kerio Network Monitor Daemon is installed as the service in the operating system Windows N...

Страница 22: ...can see only the address of the computer which Kerio Network Monitor is running on By pressing the Done button the settings will be stored and the viewer itself will start This dialog will not be disp...

Страница 23: ...e adapter connected to the Internet if the network address translation is used NAT we can see only the address of the computer which the Kerio Network Monitor is running on List of IP addresses groups...

Страница 24: ...P addresses group definition will appear IP range specification Type of the group One of the following types can be chosen Host IP address of a particular computer Subnet IP address mask IP subnet wit...

Страница 25: ...t no list is created from them discard data if source or target address belongs to this group the volume of the data in this packet will not be counted Note The volume of the data in the packet will b...

Страница 26: ...ill be measured because the communi cation between the client and the proxy server takes place only in the local network The default rule supposes the standard port 3128 TCP3128 If the proxy server in...

Страница 27: ...not necessary if there are e g in the local network used only the IP addresses from the range 192 168 0 0 the rules for other private ranges 10 0 0 0 and 172 16 0 0 are not efficient because those add...

Страница 28: ...ther parameters which were set for the service Details see later The buttons under the list of the services allow definition of new service Add modifi cation of the service settings Edit or deleting o...

Страница 29: ...sibly also to the appropriate log HTTP Log Mail Log ICQ Log Details are to be found in the chapters 7 4 and 7 7 If this option is on attribute P appears in the column Flags Note To define other parame...

Страница 30: ...dialog this tab can be also opened using the Settings Users menu The list of users in this tab includes the following information Username User name which the user logs in with Rights Access rights o...

Страница 31: ...rd empty Also the password of the predefined user Admin should be changed after the first logon Account is disabled It is possible to temporarily deactivate turn off the user ac count by setting this...

Страница 32: ...hts in the list of the users 6 4 Log Settings The Database tab is intended for setting the parameters for storing the acquired data Statistics keeping time The maximum time which will be the statistic...

Страница 33: ...contain big amount of graphics and other objects therefore it deals with high volume data Keep captured FTP sessions time for storing the information about connections to the FTP servers Only informa...

Страница 34: ...eouts The UDP and ICMP protocols are datagram oriented communication is based on the exchange of individual messages so called data grams among that exists at the level of the network communication no...

Страница 35: ...nd In order to enable the user to watch the connection in the window Current connections see chapter 7 3 it is left displayed for some time after the end of the connection This time is set by the Clos...

Страница 36: ...mon use the loopback address 127 0 0 1 The above described problem can be solved by setting the WWW browser so that it does not use the proxy server for local address but this option can usually be ch...

Страница 37: ...ter only only the connections for the computer which is he connected from or All connections are visible connections for all registered com puters 6 7 Additional Settings Settingthe additional options...

Страница 38: ...he captured WWW pages Enabling this option can radically save disk space of the computer The option HTTP will not be available in the Tapped data window it will not be possible to view pages visited b...

Страница 39: ...tor priority definition The high priority is set by the default We recommend you to change this status under the following conditions only the service overloads the system set lower process priority N...

Страница 40: ...Chapter 6 Configuration 40...

Страница 41: ...l messages FTP sessions etc Status window Status of the Kerio Network Monitor Daemon service logged user statistics of captured packets disk volume occupied by the stored data Report Creates a well st...

Страница 42: ...ed and moved to the front If you select the function while you simultaneously press the Shift key the new win dow for this function is displayed Hint The third described way can be used to open vertic...

Страница 43: ...o the chart background or to the other al ready applied colors will be assigned to the selected computers This color will be used to separately show values for the selected group of computers in the c...

Страница 44: ...this group Enter the requested subnet with the appropriate mask Note This option can be checked for several groups simultaneously even for the same subnet Remove the group Remove the selected groups...

Страница 45: ...rds Jump to the specified position date and time Short jump forwards Long jump forwards Jump to the end of a chart i e the current time Note The length of a short and long jump depends on a scale of t...

Страница 46: ...Incoming traffic only the volume of the incoming downloaded data will be displayed in the chart Outgoing traffic only the volume of the outgoing sent data will be displayed in the chart Both direction...

Страница 47: ...ol TCP UDP or ICMP zdenci 3568 name or IP address of a computer in a local network typically a client and the port number 12 249 134 106 1214 name or IP address of a computer in the Internet typically...

Страница 48: ...e g SMTP HTTP FTP etc or unknown unknown service Note Kerio Network Monitor resolves names of computers using an analysis of the DNS procotocol This can be done only if the DNS query was sent before...

Страница 49: ...e of connection Connection state active closed etc Connection info information about the service if it is defined in the program Included protocols Which protocols shall be monitored in the current co...

Страница 50: ...te object e g WWW page on a given server This object will be displayed in the right part of the window Note If it is not forbidden in the program configuration see chapter 6 7 content of e mail messag...

Страница 51: ...onitor Dae mon installed about the network interfaces and the disk space occupied by the database of the scanned data System information System information current time of the server the installation...

Страница 52: ...e internal cache of the network adapter This error should not occur under normal circumstances it can indicate a problem with an adapter or its driver No resources number of packets that were not succ...

Страница 53: ...olumns in a table One column contains traffic sumary time interval which shall be covered by one column Combination of these two parameters determines the total extent of the table Example We want to...

Страница 54: ...we let the program create the table with the same parameters e g at 6 00 p m the data in the last column will be different Select the service The user can select a service whose data will be displaye...

Страница 55: ...m left to right Copy selection to clipboard Copies the selected text to a clipboard mouse can be use to select text This function can be invoked using the standard hot key Ctrl C Save log to file Stor...

Страница 56: ...n seconds HTTP 205 107 97 6 service description if it is a service defined in Kerio Net work Monitor This record shows HTTP service on a server with IP address 205 107 97 6 If Kerio Network Monitor do...

Страница 57: ...ess of a client i e the computer that initiated the connection to a mail server Fri 8 Mar 2002 14 26 01 date and time of a message transfer SMTP used mail protocol SMTP POP3 or IMAP From e mail addres...

Страница 58: ...hese warning and he should try to elim inate all errors 192 168 2 38 IP address of a computer where the error was logged Addresses of source and target computers of the connection where an error occur...

Страница 59: ...nticated user can examine all data provided by Kerio Netwok Monitor i e data about all computers in a local network 8 1 Connection to the Web Interface The user must enter DNS name of a computer that...

Страница 60: ...WW page can display at most 3 lines red green and blue a type of displayed information can be set for each line The choices are All computers total volume of transferred data for all computers Name of...

Страница 61: ...splayed Show last days show only log items for the last days This option strongly affects the length of the displayed page therefore we recommend to choose only the time period that is required at mos...

Страница 62: ...s both in the internal and the public DNS 81 port where the WWW interface of Kerio Network Monitor runs see chapter 6 6 directory directory of the virtual Web server where the appropriate is stored pa...

Страница 63: ...ear IP1 IP2 IP3 IP addresses for which the transferred data volume will be dis played in the chart ordered red greed blue Instead of an IP address of a particular computer the address 0 0 0 0 sum of d...

Страница 64: ...2 back 7 columnscount 7 columnswidth 1 sort 3 direction 3 service 0 where interval basis of column width it is multiplied by the parameter columnwidth The possible values are Value 0 1 2 3 4 5 Meaning...

Страница 65: ...entire table will cover time period of 7 days 1 week back 1 table moved backwards by one time period i e 1 week As a result the table will cover time period 2 weeks to 1 week direction 3 table will c...

Страница 66: ...Chapter 8 Web Interface 66...

Страница 67: ...l disc By default TCP protocol and port 110 is used Port A port is a 16 bit number the allowed range being 1 through 65535 used by TCP and UDP protocols for identification of applications services on...

Страница 68: ...5 is used Service In network terminology application used in an network environment is called a service In TCP IP the service is identified by a transport protocol and port e g HTTP uses TCP protocol...

Страница 69: ...17 26 log Connection Log 56 display on WWW page 61 Error Log 57 HTTP Log 38 56 Mail Log 57 storage time 33 storing to file 55 login to the viewer 19 WWW interface 59 logs location on the disk 11 prot...

Страница 70: ......

Результаты поиска

Содержание Network Monitor

Отзывы:

Похожие инструкции для Network Monitor

Бренды по названию

Популярные бренды

Kerio Tech Network Monitor, Руководство пользователя

Результаты поиска

Содержание Network Monitor

Отзывы:

Похожие инструкции для Network Monitor

Бренды по названию

Популярные бренды