Kerio Tech Network Monitor User Manual

User’s GuideKerio Technologies

Chapter 3 Technical Information10including headers, etc.). The information gathered by Kerio Network Monitor cantherefore differ from those acquired by

3.2 How does Kerio Network Monitor work?11data (the high resolution data — one file per day, the low resolution data — one file per28 days).Then there a

Chapter 3 Technical Information12Warning: Subfolder license must remain in the same folder as the program files (i.e.where was Kerio Network Monitor or

3.3 Technical Limitations13The most common case is the situation when the mail server runs on the computer thatis also the internet gateway. Kerio Net

Chapter 3 Technical Information14

15Chapter 4InstallationKerio Network Monitor can be installed on any computer in your local network runningWindows 95 OSR2, 98, Me, NT 4.0, 2000 or XP

Chapter 4 Installation16NetMon Application Viewer. It can be installed on any number of computers, whereyou will connect to the service from.Note: We

4.2 Importing the License Key17Pressing the button Import license displays a dialog for opening the file with the license(license.key). When it is load

Chapter 4 Installation18

19Chapter 5Program Control5.1 Logging in the ViewerThe viewer can be started by choosing Programs → Kerio → Network Monitor in themenu Start. The logi

C 2001–2003 Kerio Technologies. All rights reserved.Printing date: April 10, 2003Current product version: Kerio Network Monitor 2.1.0. All additional

Chapter 5 Program Control20User authentication — enter your user name and password. In case you are loggingto Kerio Network Monitor for the first time

5.3 Initial Configuration21cation (Installed (APP) — in Windows 9x/Me) or is not installed as service (Not installed(SVC)).Start Runs the service (if s

Chapter 5 Program Control22if the network address translation is used (NAT), we can see only the address of thecomputer, which Kerio Network Monitor i

23Chapter 6ConfigurationAll settings of Kerio Network Monitor are done in the Configuration window, which canbe accessed by choosing Settings / Configura

Chapter 6 Configuration24to the most general. The arrow buttons are used for moving the selected definitionup or down in the list.Definition of IP Addres

6.1 IP Addresses Ranges25Domain type specification Type (domain) of IP addresses group. This option defines,how will the packets, whose source and targe

Chapter 6 Configuration26• TCP protocol with port — the rule will be valid only for the TCP protocol and thegiven port. The protocol and the port define

6.2 Monitored Services27If your network is not created from cascading segments (e.g. more subnets intercon-nected by routers), you have not to define a

Chapter 6 Configuration28List of services The window shows the list of the defined services (in the default set-tings, there is already predefined the ma

6.3 User Accounts29All traffic of ... protocol type Protocol, which is used by the given service. The pos-sibilities are: TCP, UDP, ICMP (Internet Contr

3Contents1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 6 Configuration30access to the data and the program configuration and no data breach or its intentionalfalsification by changing the configuration

6.3 User Accounts31User DefinitionThe dialog for definition of the user account will be shown after pressing the Add or Editbuttons .Username Name of th

Chapter 6 Configuration32This right is in the column Rights in the list of the users shown as Conf .Change own password The user has the right to modif

6.4 Log Settings33The time for keeping of the data is determined by the two following parameters:• Data for the high resolution — data with the high r

Chapter 6 Configuration34Note: If the computer with Kerio Network Monitor is turned off in the given time,maintenance will be performed on the next star

6.6 WWW Interface Parameters35The ICMP protocol and UDP protocol options are used for setting the above describedintervals .TCP connection timeout The

Chapter 6 Configuration36Daemon is installed, it is possible to use the standard port 80 — then it will be nolonger necessary to specify the port in th

6.7 Additional Settings37Log access rights Access rights to the logs (No logs access at all — no logs, My ownlogs only — only logs for the computer wh

Chapter 6 Configuration38Warning: Keep in mind that monitoring the contents of E-mail violates user privacy!If this option is not enabled, all the user

6.7 Additional Settings39Note: If you want to compare data acquired by Kerio Network Monitor with data fromother programs or with the data from the In

48 Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598.1 Connect

Chapter 6 Configuration40

41Chapter 7Viewing and Analysis of Captured DataKerio Network Monitor offers several tools for the presentation and analysis of the cap-tured data. The

Chapter 7 Viewing and Analysis of Captured Data42KNM access log Log of information on users connecting into the application and onaccess to the Web in

7.1 List of Computers43Use of List of ComputersThe list of computers is important for presentation of chart (see chapter 7.2) and tableof transferred

Chapter 7 Viewing and Analysis of Captured Data44Note: If the packet with the same IP address is detected anytime afterwards, thecomputer will be auto

7.2 Traffic chart457.2 Traffic chartShows the chart of transferred data. The horizontal axis shows time, the vertical axisthe connection load (in bytes pe

Chapter 7 Viewing and Analysis of Captured Data46axis to the maximum captured value in the given representation (the option is implicitlyturned on). T

7.3 Current Connections47The Current connections window shows only the computers (or groups, respectively) thathave at least one connection open (the

Chapter 7 Viewing and Analysis of Captured Data48Closed connections remain displayed in the Current connections window for timespecified in the program

7.4 Tree of Scanned Data49Columns included in the connection list The user can select which columns (informa-tion) will be displayed in the Current co

5Chapter 1IntroductionKerio Network Monitor is a small, though powerful tool for online monitoring of networktraffic. It offers a whole set of choices wh

Chapter 7 Viewing and Analysis of Captured Data50Tree of data (in the left part of the window) contains two base branches:• By client — data sorted ac

7.5 Status Information51Stop current transfer Stops the transfer of the opening WWW pages (as in a browser)Refresh tree Updates information in a tree

Chapter 7 Viewing and Analysis of Captured Data52• Packets filtered — number of filtered (discarded) packets — their source and targetaddress belongs to

7.6 Transferred Data Volume Table53Disk space used by logs The total disk space occupied by recorded files and the totalnumber of lines in these files.7

Chapter 7 Viewing and Analysis of Captured Data54Example: If we set the extent of a table according to the previous example, buttonSuggest start date

7.7 Log Windows55Print the report Prints the table. This option opens a standard system print dialogwhere a printer etc. can selected.Save the report

Chapter 7 Viewing and Analysis of Captured Data56Log files can be further processed by external analytical tools (e.g. by Kerio Log Analyzerapplication

7.7 Log Windows57• GET — method of HTTP protocol (GET /POST )• http://www.kerio.com/resources/home.gif — complete URL of a requestedobject• HTTP/1.1 —

Chapter 7 Viewing and Analysis of Captured Data58’c:\Program Files\Kerio\Network Monitor\logs\mail.idx’• Fri 8/Mar/2002 14:26:01 — date and time when

59Chapter 8Web InterfaceKerio Netwok Monitor provides access to captured data using the basic Web interface.This interface can display a chart of conn

Chapter 1 Introduction6transferred using encrypted connections). The sender address, the recipient addressand the size of sent message are stored.ICQ

Chapter 8 Web Interface60If you want to display data about all computers in a local network, log in the loginsection. Information about all computers

8.5 Page Connections61Select format Formats of the table (HTML page or file in CSV format)Specify report parameters Table parameters settings (see chap

Chapter 8 Web Interface62of transferred data volume or view of current connections etc.) can be integrated intoyour own web site in this way.General F

8.7 Integration of the WWW Interface into the Company Website63Chart of Transferred Data VolumeThe following URL displays the page with the chart of t

Chapter 8 Web Interface64http://netmon:81/chart/image.png?resolution=3&IP1=0.0.0.0&IP2=127.0.0.1&service=1This example shows an isolated c

8.7 Integration of the WWW Interface into the Company Website65Value 1 2 3Meaning incoming (download) outgoing (upload) sum of both directions• servic

Chapter 8 Web Interface66

67Chapter 9Glossary of TermsE-mail address Determines message recipient and sender during communication usingthe electronic mail.HTTP Protocol for WWW

Chapter 9 Glossary of Terms68Proxy server An older method of Internet connection sharing. Client in a local networkdoes not communicate directly with

69Chapter 10Index31adapternetwork 21computersgroups 44list 42names 43connectionlog 56principle of watching 10connectionsactive 61current 46Daemon 9, 9

7Chapter 2Quick ChecklistThis chapter gives you a basic step-by-step guide to quickly set up the important param-eters of Kerio Network Monitor progra

Chapter 2 Quick Checklist8

9Chapter 3Technical Information3.1 Kerio Network Monitor ComponentsKerio Network Monitor consists of two separate components:Watching service (Daemon)