Traffic Monitoring

Introduction

The built-in traffic monitor allows you to view all incoming and outgoing traffic for the system. It provides real-time information for each network stream including source and destination points, throughput and protocol type.

Usage

The traffic monitor displays a list of all data streams that are running through the server, even ones that aren't covered by any rule. By viewing the monitor it is possible to build classification criteria for the rules that you wish to implement. The properties for each stream are displayed in the traffic monitor list which can be helpful in deciding the exact criteria to use for classification.

There are various properties that are displayed for each traffic stream including protocol, connection endpoints and transfer speed. There is also a graph that displays the recent transfer rate for the connection.

By double clicking a connection it is possible to view its properties in a separate window.

Connection Window

User Interface

The traffic monitor is displayed in both the Overview and Traffic tabs of the main manager window:

Each row corresponds to a traffic stream that is passing through one of the server's network adapters. For TCP traffic, each row shows one half of the stream (one row for each direction). Other protocols is filtered into rows according to their direction and unique endpoint addresses.

Additional properties can be displayed by right clicking the column heading and selecting Display Options. A list of all available columns are as follows:

• Transfer Rate - The current speed of the connection.
• History - A graph displaying the recent speed of the connection.
• Protocol - The network protocol for the connection.
• Direction - The direction of travel for the connection's traffic. Each traffic stream has a single direction, Upload or Download. Upload traffic originates from the LAN and travels to the internet, Download traffic arrives from the internet and is received by a local computer.
• Local Address - The address of the connection's local endpoint. If the protocol is TCP or UDP then the port value is also displayed.
• Local Domain Name - The domain name of the connection's local endpoint.
• Local IP Address - The IP address of the connection's local endpoint (only displayed for IP-based protocols).
• Local MAC address - The MAC address of the connection's local endpoint. This is an address set by the manufacturer of the network adapter.
• Local Port - The port of the connection's local endpoint. This field is only valid for TCP and UDP protocols.
• Remote Address - The address of the connection's remote endpoint. If the protocol is TCP or UDP then the port value is also displayed.
• Remote Domain Name - The domain name of the connection's remote endpoint.
• Remote IP Address - The IP address of the connection's remote endpoint (only displayed for IP-based protocols).
• Remote MAC address - The MAC address of the connection's remote endpoint. This is an address set by the manufacturer of the network adapter.
• Remote Port - The port of the connection's remote endpoint. This field is only valid for TCP and UDP protocols.
• Network Adapter - The name of the network adapter on the server that this connection is passing through.
• Internal ID - A unique ID that is used to represent the connection internally.
• Average Rate - The recent average throughput of the connection.
• Transferred - The amount of data that has been transferred through the connection.
• Since - The start time of the connection.
• Rule - The rule that is currently handling the traffic stream (if available).

Connection-based Rules

Connection information can be used to create rules to suit your specific network environment. Right click a connection and choose Create Matching Rule to create a new rule based on the connection.

When this option is chosen the new rule wizard will appear, allowing you to view the connection-based rule and set additional filtering criteria.