Home
TrafMeter Web Online Help
TrafMeter
What is TrafMeter?
License Agreement
TrafMeter Editions
Registration Info
How To Contact Us
Description
System requirements
Introduction
Installation Package
Installation Guide
Opening the configuration
Selecting NIC
Capturing the traffic
TrafMeter Service Monitor
User authentication
Sending SMS
NAT
Traffic Shaper
Viewing the Traffic Counters
Processing the captured packet
Logging the Application Events
Logging the denied packets
Firewall
Zeroing counters
Users
Filter Manager
Filter Editor
Rule Editor
IP Address Groups
Database Connection String
XML Traffic Reports
Using XSL formatting
The example of XSL formatting
The example of XSL formatting (2)
Traffic Logging into the Database
Database table
Packet Logging
Into the plaintext file
Filename template
Into the database
Database Table
Microsoft SQL Server Syntax
MySQL Server Syntax
Microsoft Access Syntax
Useful SQL scripts
Host Header Logging
Into the plaintext file
Into the database
Database Table
Microsoft SQL Server Syntax
MySQL Server Syntax
Microsoft Access Syntax
Result Codes
Counting VPN packests
Table for storing Filter Names
Registry Settings
FAQ
TrafMeter FAQ
Traffic counting with TrafMeter FAQ
Configuration examples
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
Knowledge base
IP protocol number
Type Of Service (ToS) field
MAC address
Promiscuous mode
Ethernet hub
Ethernet switch
Ethernet
NAT router
HOWTO: Creating an OLE DB Connection String for Microsoft SQL Server
HOWTO: Creating an OLE DB Connection String for an Access
HOWTO: Creating an OLE DB Connection String for MySQL
Manual editing of the XML files
Zeroing counters using TrafReset
How to enable
Reloading the Filterset

Packet Logging into the plaintext file

Packet Logging into the file provides an easy technique to track the packets, matching at least one rule listed in the filter. To use this feature you should specify a Filename Template for the logfiles. Every filter must have a unique Filename Template because it has own independent Packet Collector.

An example of the logfile is shown below. The lines beginning with '---' are the time when the Packet Collector was flushed at. The first column is the protocol type. The 2nd and 3rd columns are the source IP address and the source port. The 4th and 5th columns are the destination IP address and the destination port. The 6th and 7th columns are the sent bytes counter and the received bytes counter.
 

 proto    src_ip     src_port    dst_ip        dst_port     sent       recv
  
--- Time: 2002-11-12 11:31:14
  TCP     192.168.3.1 client    64.12.174.121     80           0         80
  TCP     192.168.3.1 client    64.236.16.136     80         160         40
  TCP     192.168.3.1 client    207.46.249.27     80          40         81
  TCP     192.168.3.1 client    64.236.16.116     80          40          0
  TCP     192.168.3.1 client   207.200.91.184     80         160         80

--- Time: 2002-11-12 11:31:32
  TCP     192.168.3.1 client    64.236.16.136     80         432        256

--- Time: 2002-11-12 11:31:50
  TCP     192.168.3.1 client  205.188.238.185    443        1573      13652
  TCP     192.168.3.1 client    64.12.174.121     80         772        330
  TCP     192.168.3.1 client    207.46.249.27     80          40         41
  TCP     192.168.3.1 client  205.188.238.185     80         733        795

If "Log additional fields" option is enabled, you can see another picture below. The value in the brackets after 2nd and 4th column contains the source and destination MAC address correspondingly. The latest column contains the value of a TOS (Type of Service) field.
 

--- Time: 2002-11-12 11:41:35
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)     80       11629       8154   0
  TCP     192.168.3.1 (5254ab2088ad) client     193.45.10.72 (008048c28d3d)    443          80         80   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80         567          0   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80           0       1551   16
  TCP     192.168.3.1 (5254ab2088ad) client     216.26.160.8 (008048c28d3d)    110         383        494   0
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)    110         152        166   0

--- Time: 2002-11-12 11:41:53
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80          80          0   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80           0         40   16
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)    110         225        412   0

 Note

  • "client" in the third column means any dynamic port (1024-65535).

 
This HTML Help has been published using the chm2web software.