13.3. Speedometer

This statistic provides a live overview of the traffic on the system, broken down by the clients from which the connections originate.

The speedometer is determined by the connections and data transfers of the last sixty seconds. A continuous average is generated from the transfer volume of the clients during this period. The values of the received and sent bytes, as well as their total are listed in a separate table column. In a further column, the incoming and outgoing volume is also displayed as a bar chart. If a client is registered on the system with a profile or can be uniquely assigned to a defined network range or VPN, the name determined for this purpose is displayed. Clients unknown to the system are shown as their IP address.

The data representation is divided into three tables. In the "Internal Clients" list, clients that have established connections to the Internet or proxy from the intranet via the Intra2net system are listed. Under "External Clients" the data traffic between the Intra2net system and clients on the Internet can be tracked. This includes, for example, data requests from the proxy server and VPN connections. The third table,"Overview", summarizes the traffic in the categories Internal, External and Proxy.

13.3.1. Methodology

As soon as the speedometer page is opened under Information > Statistics > Speedometer, the system starts collecting data on IP connections. Therefore, it takes up to 10 seconds to display data on opening the menu. These are displayed in the tables of the internal and external hosts, depending on their origin.

A connection is considered to be internal if it starts from a client whose IP address can be assigned to a local address range and the target address is not also local. Otherwise it is considered external. This distinction determines the table in which a connection is listed.

The displayed data transmission rates correspond to the running average of the last minute of traffic. These averages are recalculated every ten seconds for each client. Connections for which no traffic is registered for at least one minute are considered inactive and will no longer be tracked. Clients without active connections are removed from the statistics after the connection information has been added to the Internet statistics database. For reasons of efficiency, this does not always happen immediately after the last connection of a client expires, so clients without active connections may remain on the speedometer overview for a certain time.

Connections are classified according to different properties: whether they are external connections and whether the target of the connection is the system's proxy server. The total volume of data for these traffic categories is summarized in a separate table on the overview page. The values on this table refer solely to active connections and do not always reflect the actual bandwidth usage of the WAN uplink. For example, if data traffic is routed through a VPN, there are at least two active connections: one for the tunnel to the peer and one for the data transported over it. Both connections are recorded in the connection overview: The IPsec tunnel built by the Intra2net system is assigned to the external table, the actual connection to the internal. Such overlapping effects can sometimes give the impression that the value specified in the "total" line exceeds the maximum connection amount. The actual incoming and outgoing traffic can be viewed on the Internet speedometer on the main page.

13.3.2. Sites

The speedometer features are divided into three levels. In addition to the main page, which provides an overview of clients from which data traffic originates, a list of existing connections can be displayed for each client, and in a further step, you can have them filtered according to various criteria. Clients

The main page of the Internet speedometer lists clients from which active connections are originating.

The data is displayed in columns. From left to right:

  • The sequential number of the entry in the respective table;

  • the IP address of a client and, if applicable, the internal name of a known client, network range or VPN;

  • the average values for the volume received and sent in the recording interval and their sum;

  • a representation of the incoming and outgoing data traffic as a Bar chart.

Above the tables there are two control elements on the main page. A drop-down menu can be used to increase or decrease the number of displayed clients. Using the Reset button, you can discard the data currently being recorded and start recording again. The data already registered by the system has been transferred to the statistics database beforehand. Connections

Clicking a client on the main page takes you to its connection table. This gives an overview of the connections that are currently considered active and have been established by the selected client. The available data is presented in nine columns:

  • The sequential number of the entry in the respective table;

  • the IP address of the target host;

  • the IP protocol used for the connection;

  • the target port and, if applicable, the classification as traffic to the proxy or the service registered with this port (the actually used service can of course deviate from it);

  • the direction from which the connection was established, i.e. whether it is an incoming, outgoing, external or internal connection;

  • the average values for volume received and sent at the point of collection, and their sum;

  • a representation of the incoming and outgoing data traffic on the given connection as a bar chart. Filter

By clicking one of the shown elements on the connection table, you can restrict the connection selection. This takes you to the filter display, in which only connections that match the selected criteria are shown. You can select the IP address of the target client, the transport protocol, the target port, and the connection direction as possible criteria.

13.3.3. Data Privacy

For reasons of data privacy, not all logged connection data is also displayed in traffic tracking. Password Protection

If a data privacy password has been set up for the system, this can also be used to protect the Internet speedometer from unauthorized access, under Information > Data Privacy. The password is always requested when the detailed view of a client is requested: The speedometer main page, on which internal and external clients are shown, can still be viewed by users with administrator rights even if the data privacy password is active. Address Masking

The target addresses of outgoing connections are provided by the system exclusively in a disguised form. The same applies to external system traffic to the ports of HTTP and HTTPS, which usually indicate requests served by the proxy. This mechanism is always active and cannot be bypassed by entering the data privacy password. Specifically, obfuscation means that the lower sixteen bits of the IPv4 address of the target host are ignored. In the web interface the hidden fields are marked with "X". The purpose of this measure is to protect the privacy of users on the intranet while at the same time providing the information necessary for diagnosing data traffic.