Monitoring TCP Connections
-
Hi! This is my first post!! I´m from Argentina and my English is very basic, i hope you understand me!!
I want to know how am i do to monitor TCP Connections, i need reports that shows me for example:
Average connections/sec
Peak connections/sec
Non-peak connections/secMany applications (ntop, sarg, bandwidthd, states, vnstat2, etc.) have many information but nothing about TCP connections.
Could you help me?
Best regards!
-
The states graph (Status > RRD Graphs, System tab, pick states from the drop-down) might be as close as you can get.
That doesn't just graph TCP, but all connections.
Diagnostics > pfInfo may also be useful
-
Thanks Jimp but i don´t understand this RRD Graphs?? Y axis shows "States, IP," i don't understand what means and in which units is expressed. Moreover, units appear as "m cps", i don´t understand it!! Where i can get information about these RRD graphs? Sorry but my english very basic!
Thank you!
-
The red line is the total number of states.
The legend under the graph shows which colors mean what things, but I'll expand on them a little here:
system-pfrate - The rate at which connections are changed (new connections, states expiring) expressed in changes per second.
system-pfstates - The total number of active states at that point in time.
system-pfnat - The number of the above states which are doing NAT.
system-srcip - The number of unique source IPs connected at a given time.
system-dstip - The number of unique destination IPs connected at a given time. -
Again thank you jimp!!! My last question… i hope... Sorry for my ignorance but I don´t understand what "states" are... for example "system-pfstates - The total number of active states at that point in time" i don´t understand what "active states" are!! Are states=connections??
Thanks!
-
When a connection passes through the firewall, the firewall remembers that it was passed so the return traffic can flow automatically. This knowledge is called a "state".
For each user connection, two states are made - one on the way into the firewall, one on the way out. So if you have 20,000 states active, then you have approximately 10,000 user connections active.
-
Great!!
Thank you!!
