3 hosts – NEXCOM IFA 1610 User Manual
Page 82
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 8: The Logs and Reports Menu
79
At the bottom of the table, on the left-hand side it is shown the total number of rows shown , while on the right-hand
side it is possible to browse the various pages in which the table is split, when the number of rows is higher that the
pagination.
A click on the Info icon will give detailed information about that particular flow. Besides those already described above,
these additional data are displayed.
▪ First Seen. The timestamp when the connection was established, along with the time passed since.
▪ Last Seen. The timestamp in which the connection was last active and the time passed since that moment.
▪ Client to Server Traffic. The number of packets and bytes sent from the client to the server.
▪ Server to Client Traffic. The number of packets and bytes sent from the server to the client.
▪ TCP Flags. The TCP states of the current flow.
It is possible to go back to the list of flows by clicking on the Flows hyperlink on the left, right above the table.
8.2.3 Hosts
The Hosts tab allows to view several details about the involved parties of a flow: Host, port, application, flows and their
duration, data exchanged, and so on.
Two representation are available: Host List and Top Hosts (Local)
The Hosts List representation shows information about all the hosts involved in some flow with the appliance and the
following data about them:
▪ IP Address. The IP address or MAC Address of the host. The latter is shown if the DHCP lease for that host has expired.
▪ Location. Whether the host is in the local or in a remote network.
▪ Symbolic Name. If available, it is the hostname of the host.
▪ Seen Since. The timestamp of the first established connection.
▪ ASN.
▪ Breakdown. The trade-off between sent and received traffic.
▪ Traffic. The amount of data exchanged by the host.
A click on the IP address opens an overview of the host, showing several information about it, besides those listed above:
▪ Last Seen. The timestamp in which the connection was last active and the time passed since that moment.
▪ Sent vs Received Traffic Breakdown. The traffic generated or received by the host.
▪ Traffic Sent. The number of packets and bytes sent from the client to the server.
▪ Traffic Received. The number of packets and bytes sent from the server to the client.
▪ JSON. Download information about the host in JSON format.
▪ Activity map. How many flows have seen the host involved at a given timestamp. Each square shows a minute and
the darker the colour, the more flows have taken place in that minute.
From here it is also possible to open additional informative tabs about that host. Each tabs contains one or more pie
charts (except for the Contacts and Historical tabs) above a textual summary of the data displayed.
▪ Traffic. The network protocol used by the host. (TCP, UDP and ICMP being the most common).
▪ Packets. The length in packets of each flow. (note: just my guess)
▪ Protocols. The application protocol used by the host.
▪ Flows. The table with all the network flows from the hosts.
▪ Talkers. The Sankey diagram of the connections, very similar to the one shown in the Dashboard, which however
shows only the most active flows.
▪ Contacts. This tab is slight different from the others. It shows on top an interaction maps and on the bottom a list of
connection that have the host as client or receiver.
▪ Historical. An interactive graph that shows the history of the traffic flown form and to the host in a given timespan
(up to one year), that can be selected above the graph.
The Top Hosts (Local) representation shows a real-time graphic of the hosts that have active connections to the host. It
displays the last 30 minutes.