In Status → Active Hosts, the hosts within the local network or active users using WinRoute for communication with the Internet will be displayed.
Note: For more details about the firewall user's logon see chapter 10.1 Firewall User Authentication.
Look at the upper window to view information on individual hosts, connected users, data size/speed, etc.
The following information can be found in the Active Hosts window:
DNS name of a host. In case that no corresponding DNS record is found, IP address is displayed instead.
Name of the user which is connected from a particular host. If no user is connected, the item is empty.
Monitors current traffic speed (kilobytes per second) in both directions (from and to the host — Rx values represent incoming data, Tx values represent outgoing data)
The following columns are hidden by default. To view these columns select the Modify columns option in the context menu (see below).
IP address of the host from which the user is connecting from
Date and time of the recent user login to the firewall
Monitors length of the connection. This information is derived from the current time status and the time when the user logged on
Duration of the time with zero data traffic. You can set the firewall to logout users automatically after the inactivity exceeds allowed inactivity time (for more details see chapter 11.1 Web interface preferences)
Date and time when the host was first acknowledged by WinRoute. This information is kept in the operating system until the WinRoute Firewall Engine disconnected.
Total size of the data (in kilobytes) received and transmitted since the Start time
Total number of connections to and from the host. Details can be displayed in the context menu (see below)
Authentication method used for the recent user connection:
plaintext — user is connected through an insecure login site plaintext
SSL — user is connected through a login site protected by SSL security system SSL
proxy — a WinRoute proxy server is used for authentication and for connection to Websites
NTLM — user was authenticated with NTLM in NT domain (this is the standard type of login if Internet Explorer 5.5 or later or Firefox/SeaMonkey core version 1.3 or later is used)
VPN client — user has connected to the local network using the Kerio VPN Client (for details, see chapter 23 Kerio VPN).
Note: Connections are not displayed and the volume of transmitted data is not monitored for VPN clients.
For more details about connecting and user authentication see chapter 10.1 Firewall User Authentication.
Information displayed in the Active Hosts window can be refreshed by clicking on the button.
Use the
to open the bottom window providing detailed information on a user, host and open connections.Clicking the right mouse button in the Active Hosts window (or on the record selected) will display a context menu that provides the following options:
Use this option to show quota of the particular user (Administration Console switches to the User quota tab in Status → Statistics and selects the particular user automatically).
The User quota option is available in the context menu only for hosts from which a user is connected to the firewall.
This option refreshes information in the Active Hosts window immediately (this function is equal to the button displayed at the bottom of the window).
Settings for automatic refreshing of the information in the Active Hosts window. Information can be refreshed in the interval from 5 seconds up to 1 minute or the auto refresh function can be switched off (No refresh).
Immediate logout of a selected user.
Immediate logout of all firewall users.
By choosing this option you can select columns to be displayed in the Active Hosts window (see chapter 3.2 Administration Console - view preferences).
Detailed information on a selected host and connected user are provided in the bottom window of the Active Hosts section.
Open the General tab to view information on user's login, size/speed of transmitted data and information on activities of a particular user.
Information on logged-in users:
User — name of a user, DNS name (if available) and IP address of the host from which the user is connected
Login time — date and time when a user logged-in, authentication method that was used and inactivity time (idle).
If no user is connected from a particular host, detailed information on the host are provided instead of login information.
Host — DNS name (if available) and IP address of the host
Idle time — time for which no network activity performed by the host has been detected
Information on size of data received (Download) and sent (Upload) by the particular user (or host) and on current speed of traffic in both directions.
Overview of detected activities of the particular user (host) are given in the main section of this window:
Time (in minutes and seconds) when the activity was detected.
Type of detected activity (network communication). WinRoute distinguishes between the following activities: SMTP, POP3, WWW (HTTP traffic), FTP, Streams (real-time transmission of audio and video streams) and P2P (use of Peer-to-Peer networks).
Note: WinRoute is not able to recognize which type of P2P network is used. According to results of certain testing it can only "guess" that it is possible that the client is connected to such network. For details, refer to chapter 17.1 P2P Eliminator.
Detailed information on a particular activity:
WWW — title of a Web page to which the user is connected (if no title is available, URL will be displayed instead). Page title is a hypertext link — click on this link to open a corresponding page in the browser which is set as default in the operating system.
Note: For better transparency, only the first visited page of each web server to which the user connected is displayed. For detailed information about all visited pages, refer to Kerio StaR (see chapter 21 Kerio StaR - statistics and reporting).
SMTP, POP3 — DNS name or IP address of the server, size of downloaded/uploaded data.
FTP — DNS name or IP address of the server, size of downloaded/saved data, information on currently downloaded/saved file (name of the file including the path, size of data downloaded/uploaded from/to this file).
Multimedia (real time transmission of video and audio data) — DNS name or IP address of the server, type of used protocol (MMS, RTSP, RealAudio, etc.) and volume of downloaded data.
P2P — information that the client is probably using Peer-To-Peer network.
On the Connections tab, you can view detailed information about connections established from the selected host to the Internet and in the other direction (e.g. by mapped ports, UPnP, etc.). The list of connections provides an overview of services used by the selected user. Undesirable connections can be terminated immediately.
Information about connections:
Name of the WinRoute traffic rule (see chapter 7 Traffic Policy) by which the connection was allowed.
Name of the service. For non-standard services, port numbers and protocols are displayed.
Source and destination IP address (or name of the host in case that the Show DNS names option is enabled —see below).
The following columns are hidden by default. They can be shown through the Modify columns dialog opened from the context menu (for details, see chapter 3.2 Administration Console - view preferences).
Source and destination port (only for TCP and UDP protocols).
Protocol used for the transmission (TCP, UDP, etc.).
Time left before the connection will be removed from the table of WinRoute's connections.
Each new packet within this connection sets timeout to the initial value. If no data is transmitted via a particular connection, WinRoute removes the connection from the table upon the timeout expiration — the connection is closed and no other data can be transmitted through it.
Volume of incoming (Rx) and outgoing (Tx) data transmitted through a particular connection (in KB).
Additional information (such as a method and URL in case of HTTP protocol).
Use the Show DNS names option to enable/disable showing of DNS names instead of IP addresses in the Source and Destination columns. If a DNS name for an IP address cannot be resolved, the IP address is displayed.
You can click on the
button to open a dialog where colors used in this table can be set.Note:
Upon right-clicking on a connection, the context menu extended by the Kill connection option is displayed. This option can be used to kill the particular connection between the LAN and the Internet immediately.
The selected host's overview of connections lists only connections established from the particular host to the Internet and vice versa. Local connections established between the particular host and the firewall can be viewed only in Status → Connections (see chapter 19.2 Network connections overview). Connections between hosts within the LAN are not routed through WinRoute, and therefore they cannot be viewed there.
The Histogram tab provides information on data volume transferred from and to the selected host in a selected time period. The chart provides information on the load of this host's traffic on the Internet line through the day.
Select an item from the Time interval combo box to specify a time period which the chart will refer to (2 hours or 1 day). The x
axis of the chart represents time and the y
axis represents traffic speed. The x
axis is measured accordingly to a selected time period, while measurement of the y
axis depends on the maximal value of the time interval and is set automatically (bytes per second is the basic measure unit — B/s).
This chart includes volume of transferred data in the selected direction in certain time intervals (depending on the selected period). The green curve represents volume of incoming data (download) in a selected time period, while the area below the curve represents the total volume of data transferred in the period. The red curve and area provide the same information for outgoing data (upload). Below the chart, basic statistic information, such as volume of data currently transferred (in the last interval) and the average and maximum data volume per an interval, is provided.
Select an option for Picture size to set a fixed format of the chart or to make it fit to the Administration Console screen.