For network administrators, it is necessary to understand the use of the network, and in the event of a network failure to quickly determine network failures, such as worm attacks. With the increase of network and the increase of the number of machines to be managed, the fault diagnosis and network analysis have become the content of large workload for network managers such as Enterprise network and Internet bar.
First, the statistical function of the router
We can use the Internet to monitor the user statistics to find out how many devices are currently online.
The user statistics can understand the IP address and Mac correspondence of each user machine connected to the HiPER, and the number of packets received and sent by the user since the line, if the number of packets downloaded by a user is particularly large, the user may be downloading or having other attacks. This reminds the administrator to be aware.
Second, the traffic management of routers
through the System state ―> port statistics, you can view the various LAN ports, WAN and DMZ input and output bytes, the number of broadcast packets, the average rate of flow in each direction, with bps and pps respectively, the input of the WAN port equivalent to the download of traffic, In the case that the network internal traffic is more normal, the out of the LAN port should be close to the in of the WAN port, and the LAN port in and the WAN port are more close.
We can easily understand the current network traffic status.
Third, the router's attack warning
once users inside the LAN use multi-threaded software or have an attack, the HiPER can see the number of connections it occupies, including the total number of connections, the current number of connections.
If the number of failed connections is present, the number of NAT connections required by the entire network exceeds the number of connections to the system. There are 2 possible reasons, one is too much attack, two if there is no attack, indicating that the performance of this machine is no longer applicable, the need to replace better equipment; If some machines have more than a limited number of connections, So most of this user has a Dos attack.
Four, the router's fault diagnosis
network traffic is very high, in the Ethernet conflict more or suffer similar to the Blaster type of attack, before rely on some advanced grab software or hardware to find fault, and this kind of fault-finding software or hardware equipment cost more expensive, In a network that uses a switch, it is also done through a mirrored port on the switch, and many companies use more than one switch, making it inconvenient.
Now, on the hiper of the router as an exit, we can view the behavior of each user through the admin interface, such as viewing whether the user is using the WWW service or chatting via MSN. You can also look at some unusual behavior, such as a machine that is constantly sending out a broadcast packet or its destination address is a multicast address.
If you manage more machines, you can use the HiPER Management software query interface, input needs to query the object, can be the address of the internal network, can also be the server address of the external network