1. Manuals
  2. Brands
  3. Kerio Tech Manuals
  4. Monitor
  5. Network Monitor
  6. User manual

Kerio Tech Network Monitor User Manual

Kerio user's guide network monitor
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
User's Guide
Kerio Technologies

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Network Monitor and is the answer not in the manual?

Questions and answers

Summary of Contents for Kerio Tech Network Monitor

  • Page 1 User’s Guide Kerio Technologies...
  • Page 2 2001–2003 Kerio Technologies. All rights reserved. Printing date: April 10, 2003 Current product version: Kerio Network Monitor 2.1.0. All additional modifications and up-dates reserved.

  • Page 3: Table Of Contents

    Kerio Network Monitor Components ........9...
  • Page 4 Web Interface ............Connection to the Web Interface .

  • Page 5: Introduction

    The history of those connec- tions is recorded in the (Connection Log). Tree of captured data Kerio Network Monitor is able to store detail data of certain pro- tocols (e.g. SMTP, POP3, IMAP, HTTP, etc.). The data is displayed as a neat tree, where it can be sorted according to the stations (IP addresses) or the protocols.

  • Page 6: Chapter 1 Introduction

    (viewing, configuration, administration of the user accounts, ...). Export of data The data created by Kerio Network Monitor is possible to be further processed: the chart can be stored as an image, the statistics for particular time frame can be stored into the CSV format (can be processed by e.g.

  • Page 7: Quick Checklist

    This chapter gives you a basic step-by-step guide to quickly set up the important param- eters of Kerio Network Monitor program so that it can be used immediately. If you are unsure about any of its steps, look up the chapter dealing with the appropriate prob- lems.
  • Page 8 Chapter 2 Quick Checklist...

  • Page 9: Technical Information

    3.2 How does Kerio Network Monitor work? Packet Monitoring Kerio Network Monitor Daemon watches the network traffic in so called promiscuous mode (i.e. it can accept also the data that isnot addressed to the computer on which it is running). It captures all the IP protocol packets from which it extracts the required...

  • Page 10: Chapter 3 Technical Information

    Configuration File Kerio Network Monitor configuration information is stored in the NetMon2.cfg file. This file is saved under the directory where Kerio Network Monitor is installed (typically C:\Program Files\Kerio\Network Monitor). Simply copy this file to backup your settings.
  • Page 11 file. First of all it is necessary to stop the Network Monitor Daemon service (see chapter 5.2). Then open in any editor (e.g. Notepad) the file NetMon2.cfg (the Configuration File section).

  • Page 12: Technical Limitations

    If your network contains switch (switching hub), keep in mind that it does not send all the data to all its ports! But Kerio Network Monitor requires all the data to be present in the segment, which is “his”computer connected to.
  • Page 13 The most common case is the situation when the mail server runs on the computer that is also the internet gateway. Kerio Network Monitor then “sees” only the local communi- cation of the clients with the mail server. In the default configuration of Kerio Network Monitor are created rules, which consider this communication to be the Internet com- munication (so that the volume of the data is measured.
  • Page 14 Chapter 3 Technical Information...

  • Page 15: Installation

    Chapter 4 Installation Kerio Network Monitor can be installed on any computer in your local network running Windows 95 OSR2, 98, Me, NT 4.0, 2000 or XP operating system. Older versions are not supported. Installation is performed by running the installation archive e.g.: kerio-netmon-2.10-en-win.exe...

  • Page 16: Upgrade And Uninstallation

    From now on it is possible to log in to the viewer (see chapter 5.1). 4.1 Upgrade and Uninstallation If you would like to upgrade Kerio Network Monitor or uninstall the program, you must stop the viewer. Kerio Network Monitor Daemon does not have to be stopped manually, because the installation program will stop it automatically.
  • Page 17 file was corrupted, etc. Note: If the license is invalid Kerio Network Monitor does not measure any data. It is still possible to log in the viewer and browse older data (measured in the time, when the license was valid), or perform configuration tasks.
  • Page 18 Chapter 4 Installation...

  • Page 19: Program Control

    The viewer can be started by choosing Programs menu Start. The login dialog is shown after the program is started . In the section Login to choose, where the Kerio Network Monitor Daemon service is run- ning: local NetMon service Daemon The service is running on the same computer as the viewer.

  • Page 20: Controlling The Service

    User authentication — enter your user name and password. In case you are logging to Kerio Network Monitor for the first time (after installation), use the predefined user account Admin and leave the password empty. To store passwords in user profiles so that it is not necessary to specify them for each connection use the Store password in user profile option.

  • Page 21: Initial Configuration

    Control Panel Services. 5.3 Initial Configuration If you login to the viewer for the first time (after installation of Kerio Network Monitor), a special dialog for selection of the adapters, on which the packets will be monitored, is displayed..
  • Page 22 (NAT), we can see only the address of the computer, which Kerio Network Monitor is running on. By pressing the Done button, the settings will be stored and the viewer itself will start.

  • Page 23: Configuration

    Settings / Configuration in the main menu or by pressing the Ctrl+S shortcut. Note: All settings in the Configuration dialog have immediate effect (after pressing the OK button). In any case there is no need to restart the Kerio Network Monitor Daemon service. 6.1 IP Addresses Ranges The IP Addresses tab allows the user to choose network interface, which will be the packet captured on.
  • Page 24 Chapter 6 Configuration to the most general. The arrow buttons are used for moving the selected definition up or down in the list. Definition of IP Addresses Group After pressing the Add or Edit button the dialog for IP addresses group definition will appear.
  • Page 25 Domain type specification Type (domain) of IP addresses group. This option defines, how will the packets, whose source and target address belong to this group, be pro- cessed. The group of addresses can be included in one of the following domains: LAN —...
  • Page 26 If the mail server is running on the computer, which is also the Internet gateway, then Kerio Network Monitor can not measure the volume of sent and received mail, because it is communication within the local network. For this reason there are predefined rules for the SMTP (TCP25), POP3 (TCP110) and IMAP (TCP143) protocols.

  • Page 27: Monitored Services

    Monitor never captures. Similar consideration is valid also for the mail and the proxy server. 6.2 Monitored Services Kerio Network Monitor allows to define network services, which will be monitored in detail. For this purpose serves the Services tab in the configuration dialog. 6.2 Monitored Services...
  • Page 28 Note: With some of the predefined services (HTTP, SMTP, POP3, IMAP4, FTP and DNS) are connected some other functions of Kerio Network Monitor, and therefore they can not be removed.

  • Page 29: User Accounts

    Enable protocol debugger Detailed log of data for this service for purposes of techni- cal support. This option can be used if you suspect that Kerio Network Monitor does not log the data of appropriate service correctly. Obtained data can be handed to technical support of the Kerio Technologies for further analysis.
  • Page 30 Any number of user accounts with different levels of access rights can be defined in Kerio Network Monitor. There is a tab Users for this purpose in the configuration dialog (this tab can be also opened using the Settings / Users) menu.
  • Page 31 User Definition The dialog for definition of the user account will be shown after pressing the Add or Edit buttons . Username Name of the user. It should not contain blanks and punctuation marks. Small and capital letters are not distinguished. Password The user password.

  • Page 32: Log Settings

    Chapter 6 Configuration This right is in the column Rights in the list of the users shown as Conf . Change own password The user has the right to modify his own password (in the menu Action / Change password). If the option Can manage users is on, turning the option on or off...
  • Page 33 The time for keeping of the data is determined by the two following parameters: Data for the high resolution — data with the high resolution (3 seconds sampling rate). The time for keeping is given in weeks. This data represents the majority of the stored data.

  • Page 34: Protocol Monitoring Parameters

    Chapter 6 Configuration Note: If the computer with Kerio Network Monitor is turned off in the given time, maintenance will be performed on the next start of the Kerio Network Monitor Dae- mon service. (Last cleaning took ... seconds) The time which took the last database maintenance (in seconds).

  • Page 35: Www Interface Parameters

    Closed TCP connections are kept displayed for option. 6.6 WWW Interface Parameters The WWW tab serves for setting the parameters of Kerio Network Monitor WWW inter- face. WWW server enabled at port This option enables/disables the embedded WWW server.
  • Page 36 (that, which is he connected to the WWW interface from). If the user has appropriate access rights to Kerio Network Monitor (i.e. has created the user account — see chapter 6.3), he can log in and see all the information, which Kerio Network Monitor offers.

  • Page 37: Additional Settings

    Settingthe additional options for appearance and behavior of Kerio Network Monitor can be done on the Others tab. Do NOT save mail message body Kerio Network Monitor will not store the contents of captured E-mail messages (only the sender and the recipient address are stored).
  • Page 38 No privacy — all transferred data will be monitored (ICQ numbers, nicknames, message bodies) Do not save text of messages — Kerio Network Monitor will not store content of individual messages (only ICQ numbers and nicknames will be monitored) Disable ICQ analysator — data transferred through ICQ and ICQ2Go will not be analysed.
  • Page 39 Note: If you want to compare data acquired by Kerio Network Monitor with data from other programs or with the data from the Internet provider, it is necessary to find out, which methods are used for getting them and set the option Include IP packet headers of Kerio Network Monitor in accordance.
  • Page 40 Chapter 6 Configuration...

  • Page 41: Viewing And Analysis Of Captured Data

    Chapter 7 Viewing and Analysis of Captured Data Kerio Network Monitor offers several tools for the presentation and analysis of the cap- tured data. These functions can be chosen from the View menu or directly from a toolbar icon (the order of the functions is the same): Traffic chart Chart of the transferred data volume.

  • Page 42: List Of Computers

    7.1 List of Computers Left column of the main Kerio Network Monitor window shows the list of particular computers in a local network. The list is created automatically from the data of the captured packets.
  • Page 43 Use of List of Computers The list of computers is important for presentation of chart (see chapter 7.2) and table of transferred data volume (see chapter 7.6) presentation. These functions can display data either for all computers in a local network (All computers) or for only the selected computer (computers, respectively).
  • Page 44 Chapter 7 Viewing and Analysis of Captured Data Note: If the packet with the same IP address is detected anytime afterwards, the computer will be automatically included again. Creates a new group. The dialog for a creation or a change of a group New group contains the following parameters: Group name —...

  • Page 45: Traffic Chart

    7.2 Traffic chart Shows the chart of transferred data. The horizontal axis shows time, the vertical axis the connection load (in bytes per second). Buttons with arrows above the chart moves the vertical axis (from left to right): Jump to the beginning of the chart (i.e. the whole time interval, when the data was captured) Long jump backwards Short jump backwards...

  • Page 46: Current Connections

    Chapter 7 Viewing and Analysis of Captured Data axis to the maximum captured value in the given representation (the option is implicitly turned on). This guarantees good readability of the chart. Right mouse click in the chart area shows a menu with the following items: Save chart as picture Saves the chart as a picture in JPEG or BMP format.
  • Page 47 The Current connections window shows only the computers (or groups, respectively) that have at least one connection open (the inactive computers are not displayed). Computers included in a group are displayed under the group. Particular connections of a computer are displayed under each computer. The log for the concrete connection has the following structure: TCP: zdenci:3568 ->...
  • Page 48 (consecutively, the connection is terminated and the new one is es- tablished, if needed). *unknown* — name of service (if it is defined in Kerio Network Monitor — e.g. SMTP, HTTP, FTP etc.) or *unknown* (unknown service) Note: Kerio Network Monitor resolves names of computers using an analysis of the DNS procotocol.

  • Page 49: Tree Of Scanned Data

    Columns included in the connection list The user can select which columns (informa- tion) will be displayed in the Current connections window. Connection type — type of connection (TCP connection, UDP or ICMP pseudocon- nection) Local address — name or IP address of a local (source) computer and a source port Destination —...
  • Page 50 Note: If it is not forbidden in the program configuration (see chapter 6.7), content of e-mail messages will be displayed. Note #2: For WWW pages, Kerio Network Monitor records a particular URL and a page content (HTML code without pictures, applications etc.) When the page is being dis- played, the code is opened and the relevant objects are downloaded directly from a server (i.e.

  • Page 51: Status Information

    Statistical information about the particular interface where Kerio Net- work Monitor captures packets. All these information are computed from the start of the Kerio Network Monitor Daemon service. Statistics are reset after the restart of the server. Interface name — interface for which the statistics will be displayed. This listbox contains all interfaces selected in the configuration program (see chapter 6.1) for...
  • Page 52 No resources — number of packets that were not successfully processed due to the lack of system resources. If this value is in the thousands, Kerio Network Monitor should be installed to a more powerful computer or to a dedicated computer where no user works.

  • Page 53: Transferred Data Volume Table

    Disk space used by logs The total disk space occupied by recorded files and the total number of lines in these files. 7.6 Transferred Data Volume Table The Report function shows - according to the specified paramaters - a window with the table of transferred data volume.
  • Page 54 Chapter 7 Viewing and Analysis of Captured Data Example: If we set the extent of a table according to the previous example, button Suggest start date sets the date and time seven days ago (i.e. the final table will display seven days). Checkbox When suggesting, include the current interval governs whether the suggest- ed start time includes the current interval (which is not finished yet).

  • Page 55: Log Windows

    Print the report Prints the table. This option opens a standard system print dialog where a printer etc. can selected. Save the report Saves the table as an HTML page or in a CSV format (Comma Separat- ed Values). The CSV format is relatively common and it can be opened in a lot of programs (e.g.
  • Page 56 This method can be used only if a DNS query had been sent before the connection was established. If a client contains this information in its local DNS cache, a DNS query is not sent and Kerio Network Monitor “sees” only the IP address of a target server.
  • Page 57 GET — method of HTTP protocol (GET /POST ) http://www.kerio.com/resources/home.gif — complete URL of a requested object HTTP/1.1 — HTTP protocol version (currently 1.0 or 1.1) 200 — HTTP protocol return code (see document RFC2068 — www.ietf.org/rfc) 1221 — size of an object (in bytes) Mail Log richard - Fri 8/Mar/2002 14:26:01 SMTP From:"Richard Gabriel"...
  • Page 58 Chapter 7 Viewing and Analysis of Captured Data ’c:\Program Files\Kerio\Network Monitor\logs\mail.idx’ Fri 8/Mar/2002 14:26:01 — date and time when the error was logged Warn — type of a message (Warn — warning or Err: error number) Warnings represent minor errors with smaller importance. The Kerio Network Monitor administrator should not ignore these warning and he should try to elim- inate all errors.

  • Page 59: Web Interface

    Chapter 8 Web Interface Kerio Netwok Monitor provides access to captured data using the basic Web interface. This interface can display a chart of connection load, list of current connections, and a transferred data volume table created according to the specified parameters. WWW interface operates in two modes: with an anonymous or authenticated user.

  • Page 60: Page Main

    In the other case, the WWW interface remains in the anonymous mode. 8.2 Page Main This section shows information about the system where the Kerio Network Monitor Dae- mon runs (system time, license information, used disk space...). Information on this page (with a few exceptions) corresponds to the Engine status & info window —...

  • Page 61: Page Connections

    Show the log Shows log items according to the specified parameters. 8.7 Integration of the WWW Interface into the Company Website The WWW interface of Kerio Network Monitor enables access to particular pages or their parts using the special URL. Various charts or tables (e.g. chart of connection load, table...
  • Page 62 DNS. 81 — port where the WWW interface of Kerio Network Monitor runs (see chapter 6.6) directory — directory of the virtual Web server where the appropriate is stored page —...
  • Page 63 8.7 Integration of the WWW Interface into the Company Website Chart of Transferred Data Volume The following URL displays the page with the chart of transferred data volume: http://netmon:81/chart/form.html ?resolution=1&IP1=1.2.3.4&IP2=5.6.7.8 &IP3=10.11.12.13&service=1 where: resolution — time period from the following table: IP1, IP2, IP3 —...
  • Page 64 Chapter 8 Web Interface http://netmon:81/chart/image.png ?resolution=3&IP1=0.0.0.0&IP2=127.0.0.1&service=1 This example shows an isolated chart for time period 1 hour, the transferred data vol- ume for all computers will be highlighted in red color. The green color will represent the computer used for page viewing. Table of Transferred Data Volume The following URL shows the table of transferred data volume (Report) according to the specified parameters:...
  • Page 65 8.7 Integration of the WWW Interface into the Company Website Value Meaning incoming (download) service — data volume will be displayed for this services (see above — section Chart of transferred data volume) Correct parameters settings will be demonstrated at the example. http://netmon:81/report/output.html ?interval=2&back=1&columnscount=7 &columnswidth=1&sort=3&direction=3&service=0...
  • Page 66 Chapter 8 Web Interface...

  • Page 67: Glossary Of Terms

    Chapter 9 Glossary of Terms E-mail address Determines message recipient and sender during communication using the electronic mail. HTTP Protocol for WWW pages transfer. By default, TCP protocol and port 80 is used. HTTPS Secured version of HTTP protocol. Security is ensured by the encrypted protocol SSL.
  • Page 68 Chapter 9 Glossary of Terms Proxy server An older method of Internet connection sharing. Client in a local network does not communicate directly with the target computer in the Internet but it passes its request to a proxy server. The proxy server will process the request and deliver the response.

  • Page 69: Index

    Chapter 10 Index adapter network computers groups list names connection principle of watching connections active current Daemon 9, 9, 15, interface network 23, IP addresses IP addresses 9, 12, 17, Connection Log display on WWW page Error Log HTTP Log 38, Mail Log storage time storing to file...

Table of Contents