Table of Contents
- 6.1. IP Addresses Ranges
- 6.2. Monitored Services
- 6.3. User Accounts
- 6.4. Log Settings
- 6.5. Protocol Monitoring Parameters
- 6.6. WWW Interface Parameters
- 6.7. Additional Settings
All settings of Kerio Network Monitor are done in the Configuration window, which can be accessed by choosing Settings / Configuration in the main menu or by pressing the Ctrl+S shortcut.
Note: All settings in the Configuration dialog have immediate effect (after pressing the OK button). In any case there is no need to restart the Kerio Network Monitor Daemon service.
The IP Addresses tab allows the user to choose network interface, which will be the packet captured on. It also allows definition of IP addresses range, which they will be logged within.
- Capture packets from interfaces
Usually, it should include all the adapters connected to the local network. There is usually no use of monitoring the packets on the adapter connected to the Internet — if the network address translation is used (NAT), we can see only the address of the computer, which the Kerio Network Monitor is running on.
- List of IP addresses groups
List of individual groups of IP addresses with the group type (on LAN, on Internet or discard packet). Detailed description is later in this document.
- All other addresses
This option specifies a group, which includes all IP addresses, which do not comply with any of the introduced specifications.
Typical usage example: we specify addresses belonging to the local network and using this option we set that “all other addresses belong to the Internet ” (are on Internet).
- Add, Edit, Remove
These buttons are used for adding new group of addresses, respectively for modification or deleting of the selected group.
- Arrow buttons (up / down)
The list of IP addresses definitions is always traversed from up to bottom. Therefore the definitions must be ordered from the most specific to the most general. The arrow buttons are used for moving the selected definition up or down in the list.
After pressing the Add or Edit button the dialog for IP addresses group definition will appear.
- IP range specification
Type of the group. One of the following types can be chosen:
Host — IP address of a particular computer
Subnet: IP address / mask — IP subnet with appropriate mask.
IP addresses & masks of the local interfaces — all IP addresses of the network, which are connected to the adapters selected for packets monitoring, will be added to the group.
All addresses — all IP addresses
- Domain type specification
Type (domain) of IP addresses group. This option defines, how will the packets, whose source and target address belong to this group, be processed. The group of addresses can be included in one of the following domains:
LAN — local network. The specific property of this group is that all captured addresses from this group are added to the list of computers (see chapter 7.1).
Internet — addresses from this group are measured but no list is created from them.
discard data if source or target address belongs to this group, the volume of the data in this packet will not be counted.
Note: The volume of the data in the packet will be measured only when one of the addresses (source or target) in the packet header belongs to the group LAN and the other to the group Internet. Details are to be found in the chapter 3.2.
- The rule above is valid for
Specification of the protocol and the port, which is this rule valid for. This way it is possible to define e.g. that only data for particular service will be measured.
All protocols — the rule will be valid for all protocols (and therefore also for all services)
TCP protocol with port — the rule will be valid only for the TCP protocol and the given port. The protocol and the port define particular service (e.g. SMTP, WWW, etc.) The port number 0 (zero) means all ports — so all services using the TCP protocol.
UDP protocol with port — the rule will be valid only for the UDP protocol and the given port. The similar considerations are valid as in the case of the TCP protocol.
After installation of Kerio Network Monitor, there are some predefined groups of addresses in the IP Addresses tab. They are intended to maximally simplify the program configuration — so that it should be usable with the default settings in the highest possible number of standard situations,
Rules for all addresses (<all addresses>) with specified protocols and ports. These rules specify the services, which are running in the local network but should be monitored as the Internet ones (typically the proxy server and the mail server)
If your network is connected to the Internet via proxy server, the rule for the proxy server should be defined (otherwise no data will be measured because the communication between the client and the proxy server takes place only in the local network). The default rule supposes the standard port 3128 (TCP3128). If the proxy server in your network is running on another port (e.g. 80 or 8080), correct the port number in this rule.
If the mail server is running on the computer, which is also the Internet gateway, then Kerio Network Monitor can not measure the volume of sent and received mail, because it is communication within the local network. For this reason there are predefined rules for the SMTP (TCP25), POP3 (TCP110) and IMAP (TCP143) protocols.
Rules for private ranges of IP addresses (10.0.0.0, 172.16.0.0 and 192.168.0.0). These addresses are reserved for private network and can not appear anywhere in the Internet, therefore Kerio Network Monitor automatically supposes, that it deals with local network.
Rule for adapters, which are the packets captured on (<used interfaces>).
As it was already described earlier (see chapter 5.3), the packets should be monitored on the interfaces connected to the local network (so that Kerio Network Monitor could detect IP addresses of individual computers in the network). Therefore it is supposed that the adapters, which were chosen for packets monitoring, are connected to the local network (domain LAN).
If your network is not created from cascading segments (e.g. more subnets interconnected by routers), you have not to define any other rule for IP addresses.
All the predefined rules can be modified or deleted if they do not meet the particular configuration. Usually it is not necessary — if there are e.g. in the local network used only the IP addresses from the range 192.168.0.0, the rules for other private ranges (10.0.0.0 and 172.16.0.0) are not efficient, because those addresses Kerio Network Monitor never captures. Similar consideration is valid also for the mail and the proxy server.