What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Only first channel on a custom sniffer sensor is visible

Votes:

0

Your Vote:

Up

Down

Hello knowledgebase people :-)

Having just upgraded from v6 to v9 (yes, I know), I am on a steep learning curve! However, I was hoping that my massive collection of custom packet sniffing channel defs would transfer across ok - I seem to be having some issues though.

Summary: On a custom packet sniffer sensor I have defined a number of channels, only the first of which is visible and selectable. Another custom sniffer has multiple channels and is working as expected.

My PRTG server has one NIC patched to a monitor session on our core switch, receiving all traffic from our data VLANs.

I have created a number of custom packet sniffer sensors, one of which captures traffic from the LAN to our hosted servers. This traffic goes over a VPN tunnel but that is transparent as far as the monitor session is concerned.

I want to capture both inbound and outbound traffic for various channels and so I have the following include filter and channel definitions (some values changed).

Thanks in advance.

Include filter:

(
  IP[10.0.a.0/24] or 
  IP[10.0.b.0/24] or 
  IP[10.0.c.0/24] or 
  IP[10.0.d.0/24]
)

Channel defs:

#1:InboundSQL
Protocol[TCP] and SourcePort[1433] and
(
 SourceIP[10.0.a.0/24] or
 SourceIP[10.0.b.0/24] or 
 SourceIP[10.0.c.0/24] or 
 SourceIP[10.0.d.0/24]
)

#2:OutboundSQL
Protocol[TCP] and DestinationPort[1433]
(
 DestinationIP[10.0.a.0/24] or
 DestinationIP[10.0.b.0/24] or 
 DestinationIP[10.0.c.0/24] or 
 DestinationIP[10.0.d.0/24]
)

#3:InboundWWW
Protocol[TCP] and SourcePort[80]
(
 SourceIP[10.0.a.0/24] or
 SourceIP[10.0.b.0/24] or 
 SourceIP[10.0.c.0/24] or 
 SourceIP[10.0.d.0/24]
)

#4:OutboundWWW
Protocol[TCP] and DestinationPort[80]
(
 DestinationIP[10.0.a.0/24] or
 DestinationIP[10.0.b.0/24] or 
 DestinationIP[10.0.c.0/24] or 
 DestinationIP[10.0.d.0/24]
)

#5:InboundRDP
Protocol[TCP] and SourcePort[3389]
(
 SourceIP[10.0.a.0/24] or
 SourceIP[10.0.b.0/24] or 
 SourceIP[10.0.c.0/24] or 
 SourceIP[10.0.d.0/24]
)

#6:OutboundRDP
Protocol[TCP] and DestinationPort[3389]
(
 DestinationIP[10.0.a.0/24] or
 DestinationIP[10.0.b.0/24] or 
 DestinationIP[10.0.c.0/24] or 
 DestinationIP[10.0.d.0/24]
)

#7:InboundDNS
Protocol[UDP] and SourcePort[53]
(
 SourceIP[10.0.a.0/24] or
 SourceIP[10.0.b.0/24] or 
 SourceIP[10.0.c.0/24] or 
 SourceIP[10.0.d.0/24]
)

#8:OutboundDNS
Protocol[UDP] and DestinationPort[53]
(
 DestinationIP[10.0.a.0/24] or
 DestinationIP[10.0.b.0/24] or 
 DestinationIP[10.0.c.0/24] or 
 DestinationIP[10.0.d.0/24]
)

channels packet-sniffer prtg

Created on May 2, 2012 4:31:46 PM by  ParadigmSystems (0) 1



3 Replies

Votes:

0

Your Vote:

Up

Down

Hello,

please bear in mind that these channels will only be "added" (i.e. shown) once PRTG detected traffic matching the according definition.

best regards.

Created on May 2, 2012 4:48:18 PM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Thanks for the quick response.

I additionally noticed some syntax errors in my channel defs, though these were apparently allowed as I could save the sensor.

I know that relevant traffic is flowing as I can see it using Wireshark on the same monitoring server, so I restarted the core prtg service - job done, the channels have appeared.

Are there any threads/external forums that you are aware of with discussions relating to custom channel definitions? I would love to use channels to define "services" e.g. dropbox, spotify etc. to better understand what network traffic is going on.

Thanks again Torsten.

Created on May 2, 2012 4:58:13 PM by  ParadigmSystems (0) 1



Votes:

0

Your Vote:

Up

Down

I'm afraid the 'forum' there would be this KB.

Created on May 2, 2012 6:56:34 PM by  Torsten Lindner [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.