Service Communications
Select Resources > Services > Service Communications to view, edit, or add service communication information. Click the Client device name to edit an existing service communication.
Service Communications Actions
Select one or more Service Communication records, and then select an Action to apply to the selected items.
Add a Service Communication
Click Create from the Service Communications list page to add a new communication.
Enter a Client IP Address, Listener IP Address, Port, and Protocol. You can also select the Client Device, Listener Device, and enter a Client process display name and a Client process name. Click Save at the bottom of the page to add the service communication.
Service Port IP Statistics
Select Resources > Services > Service Communications and click on a record ID to view service port IP statistics.
Statistics are only kept from a listener perspective and are client-IP-centric (not per client service). Collected statistics appear in the Classic Statistics section of this page. See below for descriptions of the Netstat and Netflow statistics Device42 collects.
Statistics
Classic Statistics
Netstat Statistics
| Attribute | Description |
| Netstat Total Samples | How many times D42 has discovered the listener (using Netstats) since this connection was discovered. |
| Netstat Active Samples | How many times D42 found this connection itself. |
| Netstat Total Ports | How many open connections (ephemeral ports) found. This is a running total. |
| Netstat Average Client Connections | This is actually a calculated number of Netstat Total Ports / Netstat Active Samples. |
| Netstat Client Connection First Found | First time D42 detected this connection. |
| Netstat Client Connection Last Found | Last time D42 detected this connection. |
Values Extrapolated from Netstat Statistics
| Formula | Description |
| Netstat Total Ports / Netstat Active Samples | Weight of connection. This is the average number of client open connections. |
| Netstat Active Samples / Netstat Total Samples * 100 | Persistence of connection. Percentage of time that a connection is found when this listener is active. This last part is important, as D42 only increments Total Samples when D42 actually discovers the listener. So if a service is only running on weekends for example, D42 doesn't affect the client percentage time during weekdays. So a service could still be connected 100% of the time if every time D42 found this service listening, it also saw this connection, even if the service was only listening 15% of the time. |
Netflow Statistics
| Attribute | Description |
| Netflow Active Samples | How many samples D42 found (this is really based on how you configure Netflow). |
| Netflow Total Events | How many events happened within all the samples. |
| Netflow Total Ports | Running total of how many ports were found. |
| Netflow Average Client Connections | This is actually a calculated number of Netflow Total Ports / Netflow Active Samples. |
| Netflow Client Connection First Found | First time D42 detected this connection. |
| Netflow Client Connection Last Found | Last time D42 detected this connection. |
| Netflow Client Active Span | This is a running total of the time span in between First and Last Found where no connection was found during a full sample period. |
| Netflow Client Gap Span | This is a running total of the time span in between First and Last Found where a connection was found during a full sample period. |
Time Span Notes
For the two time spans – Netflow Client Active Span and Netflow Client Gap Span – these are heavily affected by your sample period. So if you sample every 1 minute, D42 will consider a connection active as long as D42 sees two communications within this 1 minute period, even if between samples. Consider this example:
Sample File 1:
Communication A <=> B at 12:01:15 AM
Communication A <=> B at 12:01:45 AM
Sample File 2:
Communication A <=> B at 12:02:10 AM
Communication A <=> B at 12:02:45 AM
Sample File 3:
Communication A <=> B at 12:03:50 AM
Communication A <=> B at 12:03:55 AM
Results for A <=> B stats are:
Active Samples: 3
Total Events: 6
First Found :12:01:15 AM
Last Found: 12:03:55 AM
Active Span: 1 Min 40 sec
Gap Span: 1 Min 5 Sec (This is the gap between 12:02:45 AM and 12:03:50 AM since it is longer than the sample interval.)
Also note that D42 doesn't count the remaining 5 seconds of the last interval until D42 gets the next sample file. Once D42 gets that, it will either count those 5 seconds as a gap or as active based on when the next A <=> B match appears.