TMeter :: Packet Logging into the plaintext file

Packet Logging into the plaintext file

Packet Logging into the file provides an easy technique to track the packets, matching at least one rule listed in the filter. To use this feature you should specify a Filename Template for the logfiles. Every filter must have a unique Filename Template because it has own independent Packet Collector.

An example of the logfile is shown below. The lines beginning with '---' are the time when the Packet Collector was flushed at. The first column is the protocol type. The 2nd and 3rd columns are the source IP address and the source port. The 4th and 5th columns are the destination IP address and the destination port. The 6th and 7th columns are the sent bytes counter and the received bytes counter.

 proto    src_ip     src_port    dst_ip        dst_port     sent       recv

--- Time: 2002-11-12 11:31:14
  TCP     192.168.3.1 client    64.12.174.121     80           0         80
  TCP     192.168.3.1 client    64.236.16.136     80         160         40
  TCP     192.168.3.1 client    207.46.249.27     80          40         81
  TCP     192.168.3.1 client    64.236.16.116     80          40          0
  TCP     192.168.3.1 client   207.200.91.184     80         160         80

--- Time: 2002-11-12 11:31:32
  TCP     192.168.3.1 client    64.236.16.136     80         432        256

--- Time: 2002-11-12 11:31:50
  TCP     192.168.3.1 client  205.188.238.185    443        1573      13652
  TCP     192.168.3.1 client    64.12.174.121     80         772        330
  TCP     192.168.3.1 client    207.46.249.27     80          40         41
  TCP     192.168.3.1 client  205.188.238.185     80         733        795

If "Log additional fields" option is enabled, you can see another picture below. The value in the brackets after 2nd and 4th column contains the source and destination MAC address correspondingly. The latest column contains the value of a TOS (Type of Service) field.

--- Time: 2002-11-12 11:41:35
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)     80       11629       8154   0
  TCP     192.168.3.1 (5254ab2088ad) client     193.45.10.72 (008048c28d3d)    443          80         80   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80         567          0   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80           0       1551   16
  TCP     192.168.3.1 (5254ab2088ad) client     216.26.160.8 (008048c28d3d)    110         383        494   0
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)    110         152        166   0

--- Time: 2002-11-12 11:41:53
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80          80          0   0
  TCP     192.168.3.1 (5254ab2088ad) client   216.239.39.101 (008048c28d3d)     80           0         40   16
  TCP     192.168.3.1 (5254ab2088ad) client   12.129.206.119 (008048c28d3d)    110         225        412   0

Note

"client" in the third column means any dynamic port (1024-65535).