2.4 Top Talkers

Top Talkers allows an administrator to monitor network activity between machines on the local network and machines at remote sites and/or the Internet, to identify what machine pairs are using up the most bandwidth (i.e., the "top talkers"). This feature is useful, for example, as a way of identifying machines infected by a Trojan horse or local users abusing BitTorrent.

This option is available via the Monitoring button when logged into Gateway Viewer as an administrator.

Figure 2.12 Top Talkers

This screenshot shows the Top Talkers page in the Gateway Viewer.

When an administrator selects Top Talkers, the page will be opened using the default configuration settings. Top Talkers will begin after a 10 second delay, during which time it is gathering information. The Top Talkers page will then be updated automatically based on the refresh rate that you choose for the Monitoring pages. (The maximum refresh rate allowed for Top Talkers is 60 seconds. If a refresh rate longer than 60 seconds has been chosen for the Monitoring pages, the refresh rate will be temporarily changed while the Top Talkers page is open to refresh every 60 seconds. Similarly, the minimum refresh rate allowed is 10 seconds. If a refresh rate shorter than 10 seconds has been chosen, the refresh rate will be temporarily changed to 10 seconds while the Top Talkers page is open.) Each refresh presents new, non-aggregated data.

Only one administrator can monitor the Top Talkers page for a Corente Virtual Services Gateway at a time. If another administrator of the Location gateway attempts to open the Top Talkers page, an error message will be displayed to inform the administrator that someone else is already using it.

The page presents the following data in a table:

  • Local Host: the WINS name (if applicable) of the local machine in the top talker pair.

  • Local IP: the IP address of the local machine in the top talker pair.

  • Port: the port number being communicated with on the local machine in the top talker pair (when Display Type is By Address and Port; see Set Options).

  • Remote IP: the IP address of the remote machine to which the Local Host is "talking".

  • Remote Port: the port number being communicated with on the remote machine (when Display Type is By Address and Port; see Set Options).

  • Packets/Bytes Sent: the number of packets or bytes sent by the local top talker to the remote machine (what is displayed here depends upon the Data Type chosen; see Set Options). This heading will be in bold if this Data Type is being used to calculate the top talkers.

  • Packets/Bytes Received: the number of packets or bytes received by the local top talker from the remote machine (what is displayed here depends upon the Data Type chosen; see Set Options). This heading will be in bold if this Data Type is being used to calculate the top talkers.

  • Packets/Bytes Total: the aggregate number of packets or bytes both sent and received by the local top talker to/from the remote machine (what is displayed here depends upon the Data Type chosen; see Set Options). This heading will be in bold if this Data Type is being used to calculate the top talkers.

An administrator can click Set Options to view or change the monitor and display options. Any new selections will apply to all subsequent reports until the options are changed again or you navigate to another page.

Note

Only the traffic that travels through the Location gateway will be measured by Top Talkers. This means that if your Location gateway is in the Peer configuration, only secure Corente network traffic and traffic that is specifically routed through the gateway will be included in the calculations.

2.4.1 Set Options

When you select Set Options, you can change how the Top Talkers page reports and displays data.

Figure 2.13 Set Options for Top Talkers

This screenshot shows the Top Talkers Report Options page in the Gateway Viewer.

You can change the options on this page as follows:

  • Interfaces: Enter the network interfaces of the Location gateway that will be monitored for discovering top talkers. By default, the LAN-side interface(s) of the gateway will be included.

  • AddressRanges: Enter an address pool of local IP addresses that willbe included in calculating the Top Talkers. By default, this field will be filled in with an address pool containing all of the local subnets that the Location gateway knows about, including the entire Default User Group of this Location as well as any addresses entered in the Special Internal Network Description User Group.

  • Display Type: Choose the way in which is data is examined and displayed. By default, By Address and Port will be selected. Bandwidth use will be examined in port number to port number pairs between each pair of local and remote machines. This can be helpful for administrators, if they are trying to narrow down the specific bandwidth stealing culprits on the machine pairs (i.e., web traffic, a specific application, etc.). Selecting By Address Only will change Top Talkers monitoring so that top talkers will be determined by the total traffic between machine pairs.

  • Data Type: Choose the way in which Top Talkers data is calculated. You can choose to calculate the top talkers in terms of Bytes Sent, Bytes Received, Bytes Total, Packets Sent, Packets Received, or Packets Total. The option that you select here will have its heading bolded on the Top Talkers interface to indicate that is how Top Talkers is being calculated. By default, Bytes Total will be selected.

  • Report Count: Enter the number of top talkers to display. By default, the top 10 talkers will be displayed. The maximum number of top talkers that can be displayed is 50.

When you select Submit to save your changes, the new options will apply to all subsequent Top Talkers refreshes (until the options are changed again). If you navigate to another page, all options you have changed will return to the default values.