 |
 |
 |
 |
 |
 |
 |
| CommTraffic Help Documentation |
|
| |
|
||||||||||
|
|
 |
This chapter contains a set of recommendations on monitoring several network adapters simultaneously. CommTraffic has a very powerful feature of simultaneous monitoring of several network adapters. Please note: In most cases, you don't need to monitor several network adapters simultaneously. Moreover, if you use this feature incorrectly, this may result in double traffic accounting, traffic accounting errors, etc. Cases when you do not need to monitor several network adapters at the same time:
A general rule is that if the same Internet traffic goes through two different network adapters, only one of these adapters should be monitored. Let's examine the cases when it's necessary to monitor several network adapters simultaneously:
In all cases, multiple adapter monitoring requires a good understanding of networking. Let's examine each case listed above in detail. The server is connected to several LAN segments via two or more network adapters Please go to the Adapters page (Settings => Network => Adapters) and enable every network adapter connected to the LAN by checking the corresponding boxes next to the adapter names. Please click on the Configure button and select the Select provider option. 
Go to the Provider List tab and select one of the available providers or add a new provider by clicking on the Add Provider … button. 
This allows CommTraffic to monitor and log traffic from several network adapters and assign it to one provider. Click on the Traffic Rules … button and enter one or several IP address ranges of your LAN segment(s). 
Repeat the above steps for every network adapter that you monitor. CommTraffic is installed on a server that has several connections to the Internet via several network adapters If you have one network adapter connected to your LAN and you monitor the LAN traffic, CommTraffic is unable to count the Internet traffic of the gateway (server) where it is installed. If this limitation is critical for you, then you should configure CommTraffic to also monitor network adapters connected to the Internet Service Provider. Please choose the Select provider option located on the Provider Detection tab for every adapter that you monitor.
Go to the Provider List tab and select one of the existing providers or add a new provider by clicking on the Add Provider … button.
If the traffic from the LAN hosts is routed directly through the gateway (no Network Address Translation is performed), you need to enter the local IP address ranges for each of the monitored adapters. In the Provider List tab select an adapter, click on the Traffic Rules button and enter the IP address ranges in the Local Network tab.
In case the server is running NAT (Network Address Translation) or a Proxy, then you shouldn't enter local IP addresses in the adapter settings. If you do that, the Internet traffic won't be counted at all. A server or a PC uses one-way satellite connection to the Internet In this case, two network adapters need to be monitored: - the DVB adapter that receives incoming traffic from the satellite (dish) - the network adapter that sends outgoing traffic via terrestrial lines Generally, the WAN Miniport is used as an adapter for terrestrial lines. It's used for establishing a dial-up or VPN connection with a terrestrial Satellite Operator service. If you would like to monitor both incoming and outgoing traffic passing through the two network adapters to be assigned to a single provider, you need to enable the Select provider option located at the Provider Detection tab for every adapter that you monitor.
Please go to the Provider List tab and select one of the existing providers or add a new provider by clicking on the Add Provider … button.
General recommendations on assigning several providers to one network adapter When monitoring your network adapters, CommTraffic associates the captured data with the textual names of your network connections (providers). This allows you to view the traffic statistics for every provider separately. For instance, CommTraffic uses connection names for dial-up and VPN-connections as provider names. You can also enter additional provider names by yourself. Starting from version 3.0, CommTraffic allows you to allocate the data recorded from a single network adapter to multiple ISPs. This may be useful if you have a VPN-connection that works over a dial-up one. The WAN miniport adapter will contain both network packets going through the VPN and the packets of VPN itself that incapsulate the data. It is possible to separate the data going through dial-up and VPN connections and assign it to different providers. Therefore, you'll be able to view traffic statistics for the dial-up and VPN connections separately. Go to the Provider Detection tab and select the Multiple providers option to enable multiple providers monitoring mode. 
Select the provider names you would like to assign the Internet traffic to in the Provider List tab. You can also add more provider names by clicking the Add Provider … button. 
CommTraffic should be able to determine what network packets should be assigned to what ISP. Therefore, we need to define the traffic rules by clicking on the Traffic Rules … button and going to the Traffic Rules tab. 
CommTraffic processes every network packet and examines its header against the incoming and outgoing traffic rules for every selected provider. When a match is found, the packet is assigned to a corresponding provider. That is the reason why it's very important to configure the traffic rules properly to avoid double assignment of one packet to several providers. Let's look at a few examples of how to properly define traffic rules and avoid configuration errors: In this example, we monitor Dial-up and VPN providers. A computer receives 10.20.30.40 and 50.60.70.80 IP addresses respectively when the Dial-up and the VPN connections are established. The following traffic rules must be defined: Dial-up: IN rule: (dip=10.20.30.40) and (IPproto<>GRE) OUT rule: (sip=10.20.30.40) and (IPproto<>GRE) VPN: IN rule: dip=50.60.70.80 OUT rule: sip=50.60.70.80 Incorrect traffic rules Dial-up: IN rule: dip<>50.60.70.80 OUT rule: sip<>50.60.70.80 VPN: IN rule: dip=50.60.70.80 OUT rule: sip=50.60.70.80 The example below assumes that your LAN has access to the Internet and ISP's Media server. For our convenience, we'll assume the Internet traffic and Media server's traffic is assigned to different providers. The LAN users are assigned IP addresses from the 10.100.100.0/255.255.255.0 range. We create two providers with Inet and Media names respectively. Correct traffic rules Inet: IN rule: (dip=10.100.100.0/255.255.255.0) and ((sip<>10.100.100.0/255.255.255.0) and (sip<>10.100.200.1)) OUT rule: (sip=10.100.100.0/255.255.255.0) and ((dip<>10.100.100.0/255.255.255.0) and (dip<>10.100.200.1)) Media: IN rule: (sip=10.100.200.1) and (dip=10.100.100.0/255.255.255.0) OUT rule: (dip=10.100.200.1) and (sip=10.100.100.0/255.255.255.0) Incorrect traffic rules Inet: IN rule: sip<>10.100.200.1 OUT rule: dip<>10.100.200.1 Media: IN rule: sip=10.100.200.1 OUT rule: dip=10.100.200.1 Configuring multiple providers on a single network adapter still allows you to monitor several network adapters. Please note that provider names can be used in different modes on different network adapters. For example: WAN miniport, Select provider mode, Inet selected. Ethernet adapter, Multiple providers mode, Inet and Media selected. General recommendations for using the Ignore network packet direction in traffic rules option This option is located in the Advanced tab of the Traffic Rules page and is available for every provider. 
This option is disabled by default, allowing CommTraffc to determine the direction of every network packet. This makes it possible to use simpler traffic rules, such as: In: IPproto=TCP Out: IPproto=TCP If CommTraffic doesn't determine the direction of a network packet, then every packet will match both incoming and outgoing traffic rules. At first, CommTraffic determines the direction of a network packet and then matches a packet against a specific rule and combines the result of these two operations with AND Boolean operator. In certain networking environments such behavior is not desirable. Sometimes incoming packets should be treated as outgoing and vice versa. Sometimes all network packets must be considered as having a single direction. Such conditions are possible when monitoring the WAN miniport adapter on a VPN server and you will need to ignore the network packets direction to count the traffic correctly. Please note that the simple traffic rules examples provided above won't work with the Ignore network packet direction in traffic rules option enabled. You need to define the full traffic rules: Assuming that the clients connecting to the VPN server are assigned the IP addresses of the 10.100.100.0/255.255.255.0 IP address range, then the traffic rules should look the following way: In: (dip=10.100.100.0/255.255.255.0) and (sip<>10.100.100.0/255.255.255.0) Out: (sip=10.100.100.0/255.255.255.0) and (dip<>10.100.100.0/255.255.255.0) |
