Service Communications

Contents

  1. Service Communications Actions
  2. Add a Service Communication
  3. Service Port IP Statistics
    1. Netstat Statistics
    2. Values  Extrapolated from Netstat Statistics
    3. Netflow Statistics
    4. Time Span Notes

Select Resources > Services > Service Communications to view, edit, or add service communication information.  Click the Client device name to edit an existing service communication.

Service Communications Actions

Select one or more Service Communications, and then select an Action to apply the action to the items.

Add a Service Communication

Click Add Service Communication to add a new communication.

Enter a Client IP Address, Listener IP Address. Port, and Protocol. You can also select the Client Device, Listener Device, and enter a Client process display name and a Client process name. Click Save at the bottom of the page to ad the service communication.

Service Port IP Statistics

Select Apps > Services > Service Communications to view service port IP statistics. As of version 16.00.00, Device42 has revamped statistics collection. Statistics are now only kept from a listener perspective and are client-IP-centric (not per client service). Previously collected statistics now appear in the Classic Statistics section of this page. See below for descriptions of the Netstat and Netflow statistics Device42 collects.

Netstat Statistics

Attribute Description
  • Netstat Total Samples
  • How many times D42 has discovered the listener (using Netstats) since this connection was discovered.
  • Netstat Active Samples
  • How many times D42 found this connection itself.
  • Netstat Total Ports
  • How many open connections (eports) found. This is a running total.
  • Netstat Average Client Connections
  • This is a actually a calculated number of Netstat Total Ports / Netstat Active Samples.
  • Netstat Client Connection First Found
  • First time D42 detected this connection.
  • Netstat Client Connection Last Found
  • Last time D42 detected this connection.

Values  Extrapolated from Netstat Statistics

Formula Description
  • Netstat Total Ports / Netstat Active Samples
  • Weight of connection. This is the average number of client open connections.
  • Netstat Active Samples / Netstat Total Samples * 100
  • Persistence of connection. Percentage of time that a connection is found when this listener is active. This last part is important as D42 only increments Total Samples when D42 actually discovers the listener. So if a service is only running on weekends for example, D42 doesn’t affect the client percentage time during weekdays. So a service could still be connected 100% of the time if every time D42 found this service listening, it also saw this connection, even if the service was only listening 15% of the time.

Netflow Statistics

Attribute Description
  • Netflow Active Samples
  • How many samples D42 found (this is really based on how you configure Netflow).
  • Netflow Total Events
  • How many events happened within all the samples.
  • Netflow Total Ports
  • Running total of how many ports were found.
  • Netflow Average Client Connections
  • This is a actually a calculated number of Netflow Total Ports / Netflow Active Samples.
  • Netflow Client Connection First Found
  • First time D42 detected this connection.
  • Netflow Client Connection Last Found
  • Last time D42 detected this connection.
  • Netflow Client Active Span
  • This is a running total of the time span in between First and Last Found where no connection was found during a full sample period.
  • Netflow Client Gap Span
  • This is a running total of the time span in between First and Last Found where a connection was found during a full sample period.

Time Span Notes

For the two time spans – Netflow Client Active Span and Netflow Client Gap Span – these are heavily affected by your sample period. So if you sample every 1 minutes, D42 will consider a connection active as long as D42 sees two communications within this 1 minute period, even if between samples. Consider this example:

Sample File 1:

Communication A <=> B at 12:01:15 AM

Communication A <=> B at 12:01:45 AM

Sample File 2:

Communication A <=> B at 12:02:10 AM

Communication A <=> B at 12:02:45 AM

Sample File 3:

Communication A <=> B at 12:03:50 AM

Communication A <=> B at 12:03:55 AM

Results for A <=>B stats are:

Active Samples: 3

Total Events: 6

First Found :12:01:15 AM

Last Found: 12:03:55 AM

Active Span: 1 Min 40 sec

Gap Span: 1 Min 5 Sec (This is the gap between 12:02:45 AM and 12:03:50 AM since it is longer than the sample interval.)

Also note that D42 doesn’t count the remaining 5 seconds of the last internal until D42 gets the next sample file. Once D42 gets that, it will either count those 5 seconds as a gap or as active based on when the next A<=>B match appears.


« »