Chapter 7 viewing and analysis of captured data 56 – Kerio Tech Network Monitor User Manual
Page 56
Chapter 7
Viewing and Analysis of Captured Data
56
Log files can be further processed by external analytical tools (e.g. by Kerio Log Analyzer
application — see
).
Connection Log
TCP: richard:1524 -> 205.107.97.6:80 171 + 2927By,
2s -HTTP:205.107.97.6
•
Fri 8/Mar/2002 10:18:31
— date and time of a connection creation (formation)
•
TCP:
— used communication protocol at transport level (TCP/UDP)
•
richard:1524
— name or IP address of a client (computer that originated the
connection) and source port
•
205.107.97.6:80
— name or IP address of a target computer (server) and desti-
nation port
•
171 + 2927By
— volume of sent (171) and received (2927) data in bytes (By)
•
2s
— connection duration (in seconds)
•
-HTTP:205.107.97.6
— service description (if it is a service defined in Kerio Net-
work Monitor
). This record shows “HTTP service on a server with IP address
205.107.97.6”. If Kerio Network Monitor doesn’t have such a service, the error
message unknown service is displayed.
Note: Kerio Network Monitor
resolves names of computers in the Internet using a DNS
protocol analysis. This method can be used only if a DNS query had been sent before
the connection was established. If a client contains this information in its local DNS
cache, a DNS query is not sent and Kerio Network Monitor “sees” only the IP address
of a target server.
HTTP Log
richard - Fri 8/Mar/2002 11:57:46
GET http://www.kerio.com/resources/home.gif
HTTP/1.1 200 1221
•
richard
— name (or IP address) of a client (i.e. the computer that sent the HTTP
query)
•
Fri 8/Mar/2002 11:57:46
— date and time of a request