Statistics Modules
Statistics Modules |
|
|
|
Statistics modules are used by the Statistics View, the Load over Time Statistics View, and for report generation. They can be selected on the respective settings pages (Statistics Settings, Load over Time Statistics Settings, and Report Data) in the Settings dialog.
The statistics modules are assigned to seven different groups:
A) Network Interface Statistics
This group contains only one statistics module that will display the total traffic for each network card or virtual network interface (some DSL drivers use this) of the local system.
B) Address Statistics
This group contains modules that can display the total, received, and sent traffic for every detected LAN (MAC) address or VLAN ID (both layer 2) or Internet (layer 3) address. Use the layer 2 modules if you are only interested in the traffic inside your LAN.
C) Directed Traffic Statistics
This group contains modules that can display the traffic that was sent from one LAN (layer 2) address to another LAN address, from Internet (layer 3) to Internet address, or the traffic between two systems on layer 2 or 3. When using one of the first modules (A --> B), you will get two entries for each connection, one for traffic from A to B and one for traffic in the opposite direction.
D) Protocol Statistics
This group contains modules that will show the traffic that was generated by different protocols in your network. If the Easy Statistics Mode in the Tools menu is enabled, you will get two versions of each statistics module that handles protocols. A basic version and a detailed version. The detailed version will create more statistics entries as it further subdivides some protocols. If you capture SMB data, the basic version will always display SMB while the detailed version will create different entries for SMB-Transaction, SMB-Close, etc.
In the advanced statistics mode you get a detailed and a basic version for the layers 2 to 4 and for the upper protocols above layer 4. The difference is here too that the detailed version distinguishes between some data units of protocols as well. For example: while the basic layer 4 traffic statistics will display the traffic that was generated by the TCP protocol only, the detailed version will further subdivide this to traffic that was generated by TCP data, synch, final, and reset packets.
E) Address and Protocol Statistics
This group contains statistics modules that display the traffic that was generated by LAN (layer 2) or Internet (layer 3) addresses together with the protocols that were used. It is in general a combination of the group B and D statistics modules.
F) Connection and Protocol Statistics
This group contains statistics modules that display the traffic that was generated on a connection between two layer 2 or layer 3 systems together with the protocols that were used. You can use modules for traffic in a single direction (A --> B) that will usually create two entries per connection or modules that create only one entry per connection (A <-> B). This group is a combination of the groups C and D.
G) VLAN and Protocol Statistics
This group contains modules that display the traffic that was generated in different VLANs together with the protocols that were used. If you do not want to see normal LAN traffic (packets without VLAN ID), add also a VLAN ID filter and exclude the 'No VLAN' entry; see VLAN Filter Settings.
Some tips for choosing a statistics module (the names in the brackets are displayed if you switch of the Easy Statistics Mode):
If you just want to know the network traffic that is generated by each system in your LAN, use the LAN Traffic per System (L2 Address Statistics) module from group B. If you want to check the speed of an internet connection of a single computer, use the group A Traffic per Network Card (Network Interface Statistics) module.
If you want to know which protocols are used in your LAN, use the Traffic per Protocol (Higher Protocol Statistics) module from group D; use the Detailed (Highest Protocol) module for more or any other (in advanced statistics mode) for less details.
If you want to find a system in your LAN that generates lots of traffic using specific protocols, use the LAN Traffic (L2 Addr Higher Protocol) or Internet Traffic (L3 Addr Higher Protocol) Statistics from group E or F.
Note: Currently the statistics views and the reports will show only upper TCP and UDP protocols for which the port is known. Any traffic caused by packets that are using ports for unknown protocols will be displayed as TCP traffic. So if you want to see statistics for specific ports, you may need to add them to the tcp.ports file and assign a protocol name (see 'Modifying the configuration files' for more details).
