Difference between revisions of "Sessions"

From UntangleWiki
Jump to: navigation, search
 
 
(14 intermediate revisions by one other user not shown)
Line 1: Line 1:
<span style="display:none" class="helpSource session_viewer">Session_Viewer</span>
+
<span style="display:none" class="helpSource sessions">Sessions</span>
 +
<span style="display:none" class="helpSource session_viewer">Sessions</span>
  
The Session Monitor gives a current view of session that exist that are going through the Untangle Server.
+
Sessions provides a view of the current [https://en.wikipedia.org/wiki/Session_(computer_science)|network sessions] (also known as connections)
  
Each row shows a session going through Untangle and its current properties.
+
Each row represents a single a network session/and its properties.
  
This is useful for debugging information, such as testing that Policy Manager rules are mapping traffic to the correct rack, or testing port forwards or NAT policies.
+
As Untangle and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible to other apps. The Sessions view provides a view into everything that is known about each session.
 +
 
 +
The Sessions view provides a real-time view into the network, and can also provide a great debugging.
 +
The controls provide a way to view the current sessions of a specific application, host, user, website, policy, etc.
 +
This can be used to view activity or to verify that traffic is being handled properly, by the proper policy, etc.
 +
 
 +
= Controls =
 +
 
 +
The sessions view by default shows all active session and some basic information about each session.
 +
To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.
 +
 
 +
# '''Refresh''' refreshes the grid with the current active sessions.
 +
# '''Auto Refresh''' toggles automatic refreshing of the grid.
 +
# '''Reset View''' resets the view to the default view. Any changes to the default view are saved in your local browser session.
 +
# '''Filter''' provides the ability to quickly filter all sessions my many key attributes.
 +
 
 +
More controls can be access by mousing over any column head and using the drowdown menu on the column header.
 +
 
 +
# '''Sort Ascending''' sorts the selected column in ascending order.
 +
# '''Sort Descending''' sorts the selected column in descending order.
 +
# '''Columns''' allows the removal or addition of columns to the current view.
 +
# '''Group by this Field''' will group the session data by the selected column.
 +
# '''Filter''' provides a way to filter current data on this column with the provided value.
 +
 
 +
= Columns =
  
 
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
 
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
 
{| border="1" cellpadding="2"
 
{| border="1" cellpadding="2"
 +
|+
 +
! Property !! Description
 
|-
 
|-
|width="30%"|'''Column Header'''
 
|width="70%"| Property Description
 
 
|-
 
|-
 +
|'''Creation Time'''
 +
| The creation time of the session (if scanned)
 +
|-
 +
|'''Session ID'''
 +
| The session ID (if scanned)
 +
|-
 +
|'''Mark'''
 +
| The netfilter connmark
 
|-
 
|-
 
|'''Protocol'''
 
|'''Protocol'''
|The protocol of the session (TCP or UDP)
+
| The protocol of the session (TCP/UDP)
|-  
+
|-
 
|'''Bypassed'''
 
|'''Bypassed'''
|True if this session is bypassed (not scanned)
+
| True if the session is [[Bypass Rules|bypassed]], False if it is scanned
|-
+
|-
|'''Priority'''
 
|Priority assigned to this session (by Banwidth Control and/or QoS)
 
|-  
 
 
|'''Policy'''
 
|'''Policy'''
|The policy or rack handling this session (if not bypassed)
+
| The policy handling the session (if scanned)
|-  
+
|-
 +
|'''Hostname'''
 +
| The hostname for the client address (if known)
 +
|-
 +
|'''NATd'''
 +
| True if the client address of the session was rewritten (NAT), False otherwise
 +
|-
 +
|'''Port Forwarded'''
 +
| True if the server address of the session was rewritten (port-forward), False otherwise
 +
|-
 +
|'''Tags'''
 +
| The tags attached to the session (inherited from [[Hosts]], [[Devices]], and [[Users]])
 +
|-
 +
|'''Tags String'''
 +
| The list of all tags attached to the session.
 +
|-
 +
|'''Local Address'''
 +
| The IP address of the "local" (non-WAN) participant or the ''Client Address'' if no local address.
 +
|-
 +
|'''Remote Address'''
 +
| The IP address of the "remote" (WAN) participant or the ''Server Address'' if no remote address.
 +
|-
 +
|'''Bandwidth Control Priority'''
 +
| The priority of the session set by [[Bandwidth Control]].
 +
|-
 +
|'''QoS Priority'''
 +
| The priority set by [[QoS]].
 +
|-
 +
|'''Pipeline'''
 +
| The application processing order (pipeline) of the session (if scanned).
 +
|-
 
|'''Client Interface'''
 
|'''Client Interface'''
|The interface of the client of this session
+
| The network interface of the client (source).
|-  
+
|-
|'''Client (Pre-NAT)'''
+
|'''Client Address (Pre-NAT)'''
|The client IP of this session
+
| The IP address of the client (initiator) of the session.
|-
+
|-
|'''Server (Pre-NAT)'''
 
|The server IP of this session
 
|-  
 
 
|'''Client Port (Pre-NAT)'''
 
|'''Client Port (Pre-NAT)'''
|The client port of this session (0-65535)
+
| The port of the client (initiator) of the session.
|-  
+
|-
 +
|'''Client Address (Post-NAT)'''
 +
| The IP address of the client (initiator) of the session post-NAT.
 +
|-
 +
|'''Client Port (Post-NAT)'''
 +
| The port of the client (initiator) of the session post-NAT.
 +
|-
 +
|'''Client Country'''
 +
| The country code of the client IP address.
 +
|-
 +
|'''Client Latitude'''
 +
| The latitude of the client IP address.
 +
|-
 +
|'''Client Longitude'''
 +
| The longitude of the client IP address.
 +
|-
 +
|'''Server Interface'''
 +
| The network interface of the server (destination).
 +
|-
 +
|'''Server Address (Pre-NAT)'''
 +
| The IP address of the server (receiver) of the session pre-NAT.
 +
|-
 
|'''Server Port (Pre-NAT)'''
 
|'''Server Port (Pre-NAT)'''
|The server port of this session (0-65535)
+
| The port of the server (receiver) of the session pre-NAT.
|-
+
|-
|'''Server Interface'''
+
|'''Server Address (Post-NAT)'''
|The interface of the server of this session
+
| The IP address of the server (receiver) of the session.
|-
+
|-
|'''Client (Post-NAT)'''
 
|The client IP of this session (after NAT and port forwards)
 
|-  
 
|'''Server (Post-NAT)'''
 
|The server IP of this session (after NAT and port forwards)
 
|-
 
|'''Client Port (Post-NAT)'''
 
|The client port of this session (after NAT and port forwards)
 
|-  
 
 
|'''Server Port (Post-NAT)'''
 
|'''Server Port (Post-NAT)'''
|The server port of this session (after NAT and port forwards)
+
| The port of the server (receiver) of the session.
|-  
+
|-
|'''Local'''
+
|'''Server Country'''
|True if this session is to the Untangle Server itself
+
| The country code of the server IP address.
|-  
+
|-
|'''NATd'''
+
|'''Server Latitude'''
|True if this session has been NAT translated.
+
| The latitude of the server IP address.
|-  
+
|-
|'''Port Forwarded'''
+
|'''Server Longitude'''
|True if this session has been port forwarded.
+
| The longitude of the server IP address.
 +
|-
 +
|'''Speed (KB/s) Client'''
 +
| The data rate of data sent by the client (updated every 60 seconds).
 +
|-
 +
|'''Speed (KB/s) Server'''
 +
| The data rate of data sent by the server (updated every 60 seconds).
 +
|-
 +
|'''Speed (KB/s) Total'''
 +
| The data rate of session (updated every 60 seconds).
 +
|-
 +
|'''Application Control Lite Protocol'''
 +
| The protocol according to [[Application Control Lite]].
 +
|-
 +
|'''Application Control Lite Category'''
 +
| The category according to [[Application Control Lite]].
 +
|-
 +
|'''Application Control Lite Description'''
 +
| The description of the protocol according to [[Application Control Lite]].
 +
|-
 +
|'''Application Control Lite Matched?'''
 +
| True if [[Application Control Lite]] matched the session.
 +
|-
 +
|'''Application Control Protochain'''
 +
| The protochain of [[Application Control]]
 +
|-
 +
|'''Application Control Application'''
 +
| The application of [[Application Control]]
 +
|-
 +
|'''Application Control Category'''
 +
| The category of the application of [[Application Control]]
 +
|-
 +
|'''Application Control Detail'''
 +
| The detail of the application of [[Application Control]]
 +
|-
 +
|'''Application Control Confidence'''
 +
| The confidence of the match of [[Application Control]]
 +
|-
 +
|'''Application Control Productivity'''
 +
| The productivity of the application of [[Application Control]]
 +
|-
 +
|'''Application Control Risk'''
 +
| The risk of the application of [[Application Control]]
 +
|-
 +
|'''Web Filter Category Name'''
 +
| The category of the last web request according to [[Web Filter]]
 +
|-
 +
|'''Web Filter Category Description'''
 +
| The description of the category of the last web request according to [[Web Filter]]
 +
|-
 +
|'''Web Filter Category Flagged'''
 +
| True if this category of the web request is flagged, False if not, null otherwise
 +
|-
 +
|'''Web Filter Category Blocked'''
 +
| True if this category of the web request is blocked, False if not, null otherwise
 +
|-
 +
|'''Web Filter Flagged'''
 +
| True if the last web request is flagged, False if not, null otherwise
 +
|-
 +
|'''HTTP Hostname'''
 +
| The HTTP hostname if an HTTP session.
 +
|-
 +
|'''HTTP URL'''
 +
| The HTTP URL of the last HTTP request of this session.
 +
|-
 +
|'''HTTP User Agent'''
 +
| The HTTP User Agent of the last HTTP request of this session.
 +
|-
 +
|'''HTTP URI'''
 +
| The HTTP URI of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Request Method'''
 +
| The HTTP Request Method of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Request File Name'''
 +
| The HTTP Request filename of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Request File Extension'''
 +
| The HTTP Request filename extension (.exe) of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Request File Path'''
 +
| The HTTP Request file path of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Content Type'''
 +
| The HTTP Content Type of the last HTTP response of this session.
 +
|-
 +
|'''HTTP Referrer'''
 +
| The HTTP Referrer of the last HTTP request of this session.
 +
|-
 +
|'''HTTP Response File Name'''
 +
| The HTTP Response filename of the last HTTP response of this session.
 +
|-
 +
|'''HTTP Response File Extension'''
 +
| The HTTP Response filename extension (.exe) of the last HTTP response of this session.
 +
|-
 +
|'''HTTP Content Length'''
 +
| The HTTP content length of the last HTTP response of this session.
 +
|-
 +
|'''SSL Subject DN'''
 +
| The Subject DN of the SSL certificate of this session.
 +
|-
 +
|'''SSL Issuer DN'''
 +
| The Issuer DN of the SSL certificate of this session.
 +
|-
 +
|'''SSL Inspected'''
 +
| True if SSL Inspected, False if not inspected, null otherwise.
 +
|-
 +
|'''SSL SNI Hostname'''
 +
| The SNI hostname specified in the request of this session (if specified).
 +
|-
 +
|'''FTP Filename'''
 +
| The name of the last file downloaded in this session via FTP.
 +
|-
 +
|'''FTP Data Session'''
 +
| True if this is an FTP data session, null otherwise.
 
|}
 
|}
 +
 
</blockquote>
 
</blockquote>
 
''Note:'' This tools only shows existing sessions. As such very short lived sessions will not be visible.
 

Latest revision as of 13:57, 12 June 2020

Sessions provides a view of the current sessions (also known as connections)

Each row represents a single a network session/and its properties.

As Untangle and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible to other apps. The Sessions view provides a view into everything that is known about each session.

The Sessions view provides a real-time view into the network, and can also provide a great debugging. The controls provide a way to view the current sessions of a specific application, host, user, website, policy, etc. This can be used to view activity or to verify that traffic is being handled properly, by the proper policy, etc.

Controls

The sessions view by default shows all active session and some basic information about each session. To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.

  1. Refresh refreshes the grid with the current active sessions.
  2. Auto Refresh toggles automatic refreshing of the grid.
  3. Reset View resets the view to the default view. Any changes to the default view are saved in your local browser session.
  4. Filter provides the ability to quickly filter all sessions my many key attributes.

More controls can be access by mousing over any column head and using the drowdown menu on the column header.

  1. Sort Ascending sorts the selected column in ascending order.
  2. Sort Descending sorts the selected column in descending order.
  3. Columns allows the removal or addition of columns to the current view.
  4. Group by this Field will group the session data by the selected column.
  5. Filter provides a way to filter current data on this column with the provided value.

Columns

Property Description
Creation Time The creation time of the session (if scanned)
Session ID The session ID (if scanned)
Mark The netfilter connmark
Protocol The protocol of the session (TCP/UDP)
Bypassed True if the session is bypassed, False if it is scanned
Policy The policy handling the session (if scanned)
Hostname The hostname for the client address (if known)
NATd True if the client address of the session was rewritten (NAT), False otherwise
Port Forwarded True if the server address of the session was rewritten (port-forward), False otherwise
Tags The tags attached to the session (inherited from Hosts, Devices, and Users)
Tags String The list of all tags attached to the session.
Local Address The IP address of the "local" (non-WAN) participant or the Client Address if no local address.
Remote Address The IP address of the "remote" (WAN) participant or the Server Address if no remote address.
Bandwidth Control Priority The priority of the session set by Bandwidth Control.
QoS Priority The priority set by QoS.
Pipeline The application processing order (pipeline) of the session (if scanned).
Client Interface The network interface of the client (source).
Client Address (Pre-NAT) The IP address of the client (initiator) of the session.
Client Port (Pre-NAT) The port of the client (initiator) of the session.
Client Address (Post-NAT) The IP address of the client (initiator) of the session post-NAT.
Client Port (Post-NAT) The port of the client (initiator) of the session post-NAT.
Client Country The country code of the client IP address.
Client Latitude The latitude of the client IP address.
Client Longitude The longitude of the client IP address.
Server Interface The network interface of the server (destination).
Server Address (Pre-NAT) The IP address of the server (receiver) of the session pre-NAT.
Server Port (Pre-NAT) The port of the server (receiver) of the session pre-NAT.
Server Address (Post-NAT) The IP address of the server (receiver) of the session.
Server Port (Post-NAT) The port of the server (receiver) of the session.
Server Country The country code of the server IP address.
Server Latitude The latitude of the server IP address.
Server Longitude The longitude of the server IP address.
Speed (KB/s) Client The data rate of data sent by the client (updated every 60 seconds).
Speed (KB/s) Server The data rate of data sent by the server (updated every 60 seconds).
Speed (KB/s) Total The data rate of session (updated every 60 seconds).
Application Control Lite Protocol The protocol according to Application Control Lite.
Application Control Lite Category The category according to Application Control Lite.
Application Control Lite Description The description of the protocol according to Application Control Lite.
Application Control Lite Matched? True if Application Control Lite matched the session.
Application Control Protochain The protochain of Application Control
Application Control Application The application of Application Control
Application Control Category The category of the application of Application Control
Application Control Detail The detail of the application of Application Control
Application Control Confidence The confidence of the match of Application Control
Application Control Productivity The productivity of the application of Application Control
Application Control Risk The risk of the application of Application Control
Web Filter Category Name The category of the last web request according to Web Filter
Web Filter Category Description The description of the category of the last web request according to Web Filter
Web Filter Category Flagged True if this category of the web request is flagged, False if not, null otherwise
Web Filter Category Blocked True if this category of the web request is blocked, False if not, null otherwise
Web Filter Flagged True if the last web request is flagged, False if not, null otherwise
HTTP Hostname The HTTP hostname if an HTTP session.
HTTP URL The HTTP URL of the last HTTP request of this session.
HTTP User Agent The HTTP User Agent of the last HTTP request of this session.
HTTP URI The HTTP URI of the last HTTP request of this session.
HTTP Request Method The HTTP Request Method of the last HTTP request of this session.
HTTP Request File Name The HTTP Request filename of the last HTTP request of this session.
HTTP Request File Extension The HTTP Request filename extension (.exe) of the last HTTP request of this session.
HTTP Request File Path The HTTP Request file path of the last HTTP request of this session.
HTTP Content Type The HTTP Content Type of the last HTTP response of this session.
HTTP Referrer The HTTP Referrer of the last HTTP request of this session.
HTTP Response File Name The HTTP Response filename of the last HTTP response of this session.
HTTP Response File Extension The HTTP Response filename extension (.exe) of the last HTTP response of this session.
HTTP Content Length The HTTP content length of the last HTTP response of this session.
SSL Subject DN The Subject DN of the SSL certificate of this session.
SSL Issuer DN The Issuer DN of the SSL certificate of this session.
SSL Inspected True if SSL Inspected, False if not inspected, null otherwise.
SSL SNI Hostname The SNI hostname specified in the request of this session (if specified).
FTP Filename The name of the last file downloaded in this session via FTP.
FTP Data Session True if this is an FTP data session, null otherwise.