Chapter 3 technical information 10 – Kerio Tech Network Monitor User Manual

Page 10

Advertising
background image

Chapter 3

Technical Information

10

including headers, etc.). The information gathered by Kerio Network Monitor can

therefore differ from those acquired by the other tools (the deviation should not

excess 40% — if there is several times higher difference, it is necessary to look for the

mistake in the network or in the program configuration).

Viewing current connections

All captured IP packets are scanned for TCP segments

opening and closing connection (with attributes SYN and FIN ). So Kerio Network Mon-

itor

has information about all open connections of individual workstations in the net-

work. In similar way information about communication via UDP protocol is displayed.

Because it is datagram-oriented protocol so called pseudo-connections are evaluated

— connection lasts until interval of UDP datagram exchange between source and tar-

get station exceed predefined time (default: 180 seconds).

Monitoring of services

Each of the captured IP packets is checked if it contains data

from some of the defined services (see chapter

6.2

). In positive case the data is stored.

As an example, we present the transfer of E-mail via the SMTP protocol. If the TCP

connection with the target port 25 is recorded, all packets belonging to this connec-

tion are monitored and from them E-mail address of the sender and the recipient of

the message, eventually the content of the message can be reconstructed.

Configuration File

Kerio Network Monitor

configuration information is stored in the NetMon2.cfg file. This

file is saved under the directory where Kerio Network Monitor is installed (typically

C:\Program Files\Kerio\Network Monitor

). Simply copy this file to backup your

settings.

Warning:

Stop Kerio Network Monitor Daemon before taking any action with the config-

uration file (refer to chapter

5.2

)!

Data Storage

The measured data is stored in binary files on the disk. In the data folder (by default the

same, where Kerio Network Monitor is installed), the following subfolders are created:

high

— data with high resolution (sampling rate 3 seconds)

low

— data with low resolution (sampling rate 1 hour)

In these folders are created another subfolders according to the IP addresses of individ-

ual computers in the local network and in them are stored the files with the acquired

Advertising
Popular Brands
Popular manuals