10.07.2018

FastNetMon per protocol traffic counters

By default, FastNetMon tracks only three kinds of speed (packets per second, bytes per second and flows per second) in each direction and export this information to InfluxDB or ClickHouse. But FastNetMon can export much more details. These additional fields require more memory and disk space and we keep them disabled by default.

To enable per-protocol counters (udp, tcp, tcp syn, fragmens) export to InfluxDB or Clickhouse you need to enable following option using command line management tool:

sudo fcli set main influxdb_per_protocol_counters enable
sudo fcli set main clickhouse_metrics_per_protocol_counters enable
sudo fcli commit

After this, FastNetMon will export bandwidth/speed for following types of traffic for hosts:

bits_incoming
bits_outgoing
flows_incoming
flows_outgoing
fragmented_bits_incoming
fragmented_bits_outgoing
fragmented_packets_incoming
fragmented_packets_outgoing
icmp_bits_incoming
icmp_bits_outgoing
icmp_packets_incoming
icmp_packets_outgoing
packets_incoming
packets_outgoing
tcp_bits_incoming
tcp_bits_outgoing
tcp_packets_incoming
tcp_packets_outgoing
tcp_syn_bits_incoming
tcp_syn_bits_outgoing
tcp_syn_packets_incoming
tcp_syn_packets_outgoing
udp_bits_incoming
udp_bits_outgoing
udp_packets_incoming
udp_packets_outgoing

Then, to check it, please select one heavy loaded host using fcli:

sudo fcli show host_counters

Output will look like:

11.22.33.44 4284 pps 44 mbps 0 flows/s
22.33.44.55 4059 pps 35 mbps 0 flows/s
55.66.77.88 2889 pps 29 mbps 0 flows/s
99.00.11.22 3423 pps 29 mbps 0 flows/s

Open InfluxDB client:

influx

And enter following commands to retrieve all available counters for specified host:

use fastnetmon
select last(*) from hosts_traffic WHERE host = '11.22.33.44' AND time > now() - 1h;

And InfluxDB will return latest data for all available counters:

name: hosts_traffic
time last_bits_incoming last_bits_outgoing last_flows_incoming last_flows_outgoing last_fragmented_bits_incoming last_fragmented_bits_outgoing last_fragmented_packets_incoming last_fragmented_packets_outgoing last_icmp_bits_incoming last_icmp_bits_outgoing last_icmp_packets_incoming last_icmp_packets_outgoing last_packets_incoming last_packets_outgoing last_tcp_bits_incoming last_tcp_bits_outgoing last_tcp_packets_incoming last_tcp_packets_outgoing last_tcp_syn_bits_incoming last_tcp_syn_bits_outgoing last_tcp_syn_packets_incoming last_tcp_syn_packets_outgoing last_udp_bits_incoming last_udp_bits_outgoing last_udp_packets_incoming last_udp_packets_outgoing
---- ------------------ ------------------ ------------------- ------------------- ----------------------------- ----------------------------- -------------------------------- -------------------------------- ----------------------- ----------------------- -------------------------- -------------------------- --------------------- --------------------- ---------------------- ---------------------- ------------------------- ------------------------- -------------------------- -------------------------- ----------------------------- ----------------------------- ---------------------- ---------------------- ------------------------- -------------------------
1531255903575088478 84848024 64061304 0 0 0 0 0 0 13432 64848 0 54 13925 7828 6761960 8625736 1681 1379 25632 8912 10 0 78072224 55370272 12203 6334
>

You also can retrieve same information for all available networks. For networks FastNetMon export same counters as for hosts excluding flow counters:

bits_incoming
bits_outgoing
fragmented_bits_incoming
fragmented_bits_outgoing
fragmented_packets_incoming
fragmented_packets_outgoing
icmp_bits_incoming
icmp_bits_outgoing
icmp_packets_incoming
icmp_packets_outgoing
packets_incoming
packets_outgoing
tcp_bits_incoming
tcp_bits_outgoing
tcp_packets_incoming
tcp_packets_outgoing
tcp_syn_bits_incoming
tcp_syn_bits_outgoing
tcp_syn_packets_incoming
tcp_syn_packets_outgoing
udp_bits_incoming
udp_bits_outgoing
udp_packets_incoming
udp_packets_outgoing

Select heavy loaded network:

sudo fcli show network_counters

Example output:

11.22.33.44/22 in packets: 172656 out packets: 165568 in mbps: 956 out mbps: 1000
22.33.44.55/22 in packets: 91338 out packets: 98779 in mbps: 468 out mbps: 671
66.77.88.99/22 in packets: 73421 out packets: 73215 in mbps: 375 out mbps: 433

Open InfluxDB client:

influx

And enter following commands:

use fastnetmon
select * from networks_traffic WHERE network = '11.22.33.00/22' AND time > now() - 1h;

Example output:

name: networks_traffic
time last_bits_incoming last_bits_outgoing last_fragmented_bits_incoming last_fragmented_bits_outgoing last_fragmented_packets_incoming last_fragmented_packets_outgoing last_icmp_bits_incoming last_icmp_bits_outgoing last_icmp_packets_incoming last_icmp_packets_outgoing last_packets_incoming last_packets_outgoing last_tcp_bits_incoming last_tcp_bits_outgoing last_tcp_packets_incoming last_tcp_packets_outgoing last_tcp_syn_bits_incoming last_tcp_syn_bits_outgoing last_tcp_syn_packets_incoming last_tcp_syn_packets_outgoing last_udp_bits_incoming last_udp_bits_outgoing last_udp_packets_incoming last_udp_packets_outgoing

To add per protocol counters to Grafana for each host, please use bundled dashboard “FastNetMon Advanced Traffic for specified host”, click on any graph (“incoming traffic” for example), select “Edit” and select any required traffic type in “SELECT” field.

For per network counters you can use “FastNetMon Advanced networks traffic” as reference.