For network administrators, it is necessary to understand the use of the network, and in the event of a network failure to quickly determine network failures, such as worm attacks. With the increase of network and the increase of the number of machines to be managed, the fault diagnosis and network analysis have become the content of large workload for network managers such as Enterprise network and Internet bar.
First, the statistical function of the router
We can use the Internet to monitor the user statistics to find out how many devices are currently online.
The user statistics can understand the IP address and Mac correspondence of each user machine connected to the HiPER, and the number of packets received and sent by the user since the line, if the number of packets downloaded by a user is particularly large, the user may be downloading or having other attacks. This reminds the administrator to be aware.
Second, the traffic management of routers
Through the System State ―> port statistics, can look at each LAN port, WAN and DMZ port input output bytes, broadcast packet number, the average rate of each direction flow, with bps and pps respectively, WAN input equivalent to download traffic, in the network internal flow is more normal situation, The out of the LAN port should be close to the in of the WAN, and the LAN port in and out of the WAN are more close.
We can easily understand the current network traffic status.
Third, the router's attack warning
Once users inside the LAN use multi-threaded software or have an attack, the HiPER can see the number of connections it occupies, including the total number of connections, the current number of connections.
If the number of failed connections is present, the number of NAT connections required by the entire network exceeds the number of connections to the system. There are 2 possible reasons, one is too much attack, two if there is no attack, indicating that the performance of this machine is no longer applicable, the need to replace better equipment; If some machines have more than a limited number of connections, So most of this user has a Dos attack.
Four, the router's fault diagnosis
The network traffic is very high, the conflict in the Ethernet is more or suffers to resemble the Blaster type attack, it used to rely on some advanced grab software or hardware to look for faults, and this kind of fault-finding software or hardware is expensive, and in a network with a switch, you have to operate through a mirrored port on the switch, And many companies use more than one switch, so it's inconvenient.
Now, on the hiper of the router as an exit, we can view the behavior of each user through the admin interface, such as viewing whether the user is using the WWW service or chatting via MSN. You can also look at some unusual behavior, such as a machine that is constantly sending out a broadcast packet or its destination address is a multicast address.
If you manage more machines, you can use the HiPER Management software query interface, input needs to query the object, can be the address of the internal network, can also be the server address of the external network.
Note : More wonderful tutorials Please pay attention to the triple QQ Skills Section