Can I Monitor small TCP sessions?

  • 1
  • Question
  • Updated 8 years ago
  • Answered
Can I create a report which will highlight very small TCP sessions to a host?
Photo of Michael Finn

Michael Finn

  • 35 Posts
  • 5 Reply Likes

Posted 8 years ago

  • 1
Photo of Michael Finn

Michael Finn

  • 35 Posts
  • 5 Reply Likes
Official Response
This report when added to you system will highlight tcp sessions where total traffic sent and received is very low

Query ip [senid#Sensor#sensor], [proto#Protocol#protocol], [src#Client#subnet], [dst#Server#subnet], [dport#Server Port#port], [sum(sent)#Sent#bytecnt], [sum(rcvd)#Rcvd#bytecnt], [count(sent)#Connections], [sum(sent,rcvd)#Total#bytecnt] sort=-7 where {end#t#Time#date#} & {senid#senid#Sensor#sensor#} & {src#src#Client#subnet#} & {dst#dst#Server#subnet#} & {src,dst#ip#Client or Server#subnetdl#} & {proto#proto#IP Protocol#protocol#} & {dport#dport#Server Port#service#} & sent < 500 & rcvd < 500
Link chart.png Flows /netmon/view.cgi?View=1&name=Flows&t=$t&proto=$1&dport=$4&src=$2&dst=$3&senid=$0&ip=$ip 8