Prerequisites
You can view the number of new TCP connections by source IP address only after Top N TCP Source IP Addresses by New Connection is enabled. For details, see Top N Study.
Function
Number of TCP connections provides visibility into the number of new TCP connections and number of concurrent TCP connections by destination IP address, and number of new connections by source IP address with the most connections. In normal cases, observe and record the number of new connections and that of concurrent connections of services in the report. If the number of new connections or the number of concurrent connections is greater than the normal value, capture packets for analyzing anomalies or attacks.
Parameter
When Type is set to Destination IP Address, you can view the number of new connections and concurrent connections by destination IP address. For parameters, see Table 1. When Type is set to Source IP Address, you can view the number of new TCP connections by source IP address with the most connections within the given time segment. For parameters, see Table 2.
| Parameter | Description |
|---|---|
| Device | Select a cleaning device from the drop-down list. The Total (Cleaning) indicates the number of connections on all cleaning devices. |
| Zone | Click  ,
select a Zone on the Zone page that is displayed,
and then click OK. |
| Service | Select a service or service group
from the drop-down list. For details about service configuration, see (Optional) Creating a Service and a Defense Policy. |
| Type | Select Destination IP Address. |
| IP Address | Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The number of connections to the IP address is queried. |
| Time | Click  to select
the start time and end time of statistics. Or you can change the time
values in corresponding text boxes.The end time should be later than the start time and the interval cannot be longer than one year.
|
| Statistics | Select a mode for collecting statistics.
|
| Parameter | Description |
|---|---|
| Device | Select a cleaning device from the drop-down list. The Total (Cleaning) indicates the number of connections on all cleaning devices. |
| Zone | Click ,
select a Zone on the Zone page that is displayed,
and then click OK. |
| Type | Select Source IP Address. |
| Time | Click to select
the start time and end time of statistics. Or you can change the time
values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year.
|
Example
If the Device is set to Total (Cleaning), Zone to Total, service to TCP, and statistical method to Average Value, the number of connections within a period of time is displayed in Figure 1.
Procedure
- Choose .
- Click the Number of TCP Connections tab.
- Enter query parameters.
- Click Search.
The number of connections that meet the query conditions is displayed.
NOTE: The queried number of TCP connections is the number of session connections after the TCP three-way handshake.
- Optional: Open or
save the query results as files, or send queried reports to the specified
email address.
- Click
to open or
save the query results as PDF files. A maximum of 10,000 entries can
be displayed. - Click
to open or
save the query results as EXCEL files. A maximum of 10,000 entries
can be displayed. - Click
to open or
save the query results as CSV files. All data except figures can be
displayed. - Click
to enter
a recipient mail address and select an attachment format. Then click OK.
- Click