What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Packet Sniffer sensor - Adding channel for specific IP

Votes:

0

I am trying to monitor traffic to a specific server but the sensor does not show any traffic. I have tried the following channel filters (and a few others) without success:

#2001:Server
(DestinationIP[192.168.1.1]) OR (SourceIP[192.168.1.1])

and

#2001:Server
((Protocol[TCP] OR Protocol[UDP]) AND (DestinationIP[192.168.1.1] OR SourceIP[192.168.1.1]))

I have configured other channels but this is the first I've tried that filters by IP address.

Is here something I've missed that's needed to get this to work ?

channel ip-address packet-sniffing

Created on Oct 5, 2011 1:59:56 PM

Last change on Oct 5, 2011 3:17:34 PM by Torsten Lindner [Paessler Support]



6 Replies

Votes:

0

Hello,

please bear in mind that PRTG goes from top-to-bottom in such Channel Definitions to categorize Traffic. And if Traffic is already put into a channel (for example the first one) then it cannot be put into another channel later on again. So it's very likely that the Traffic to and from this server was already put into another channel before this number 2001.

best regards.

Created on Oct 5, 2011 3:19:31 PM by Torsten Lindner [Paessler Support]



Votes:

0

I placed this at the top of the definitions to ensure that nothing else could intercept the traffic.

Can I assume that the filter rules should work as per the examples ?

Is there any way to get debug info to see which channels are handling the traffic ?

Created on Oct 5, 2011 3:23:21 PM



Votes:

0

You can enable the LogStream-Logfile in the sensor settings. This will write a CSV-File with all traffic information gathered by the sensor.

Created on Oct 5, 2011 4:04:01 PM by Torsten Lindner [Paessler Support]



Votes:

0

I've captured the debug data for a while and much of the traffic for this server is being allocated to other channels even though the definition is at the top of the list.

There are multiple entries in the CSV file with the same source and destination IP addresses and some of the traffic is allocated to this sensor and some to another. The data looks identical other than the size so I cannot see why this would happen.

Any ideas on how to fix this ?

Created on Oct 5, 2011 4:32:17 PM



Votes:

0

It would be good then if you could send us the log-file and also some screenshots to [email protected]

Created on Oct 6, 2011 2:41:52 PM by Torsten Lindner [Paessler Support]



Votes:

1

I know this is a bit of an old topic but I've just put this here just for reference if needed. The following sensor 'Channel Defintions' worked for me and I have created 2 different Custom Packet Sniffer sensors for the same LAN so that I can easily identify which devices on my LAN are using the most internet bandwidth for either uploads or downloads at any given time:

#3010:Server upload
(Protocol[TCP] OR Protocol[UDP]) and (SourceIP[192.168.8.10])

#3011:Server download
(Protocol[TCP] OR Protocol[UDP]) and (DestinationIP[192.168.8.10])

Created on Dec 30, 2018 7:52:49 PM

Last change on Jan 1, 2019 7:28:59 AM by Luciano Lingnau [Paessler]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.