Monitoring active hosts

Kerio Control displays the hosts within the local network, or active users using Kerio Control for communication with the Internet in Status > Active Hosts.

Look at the upper window to view information on individual hosts, connected users, data size/speed, etc.

The section can, for example, display:

Clicking the right mouse button in the Active Hosts window (or on the record selected) displays a context menu that provides the following options:

Option Description
View in Users

This option is available if the user is logged in.

Kerio Control redirects you to the Configuration > Users section (the user's account is automatically highlighted) and you can change the details of the account.

For example: in the Active Hosts section, you find out that one of the Kerio Control users have huge download. Click View in Users and you are immediately in the Users section, the user is highlighted and you can set a quota for them.

View in Statistics

This option is available if the user is logged in.

Kerio Control redirects you to the Status > User Statistics section (the user is automatically highlighted) and you can check user's statistics.

For example: in the Active Hosts section, you find out that one of the Kerio Control users have huge download. Click View in Statistics and you are immediately in the User Statistics section, the user is highlighted and you can check if the user's download is often so high.

Make DHCPDynamic Host Configuration Protocol - A protocol that automatically gives IP addresses and additional configuration to hosts in a network. reservation by MAC

If Kerio Control knows the MAC address, you can make a DHCP reservation by MAC. For more information refer to Reserving an IP address.

Login user automatically by MAC

This option is available if the user is logged in and Kerio Control knows the MAC address of the host.

If users work at reserved workstations (i.e. their computers are not used by any other user), they can use automatic login to Kerio Control. Their computers are identified with Media Access Control address (MAC addressMedia Access Control Address - A unique identifier that specifies a device in a network.). For more information refer to Configuring automatic user login.

Logout User Immediate logout of a selected user from the selected active host or hosts.
Logout All Users Immediate logout of all firewall users.

The Active Hosts section provides detailed information on a selected host and connected user in . If you cannot see the details, click the Show details button:

General

Open the General tab to view and copy&paste information on user's login, size/speed of transmitted data and information on the activities of the user.

Host information

Option Description
Host DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. name (if available) or IPv4Version 4 of the Internet Protocol. address of the host
User

Kerio Control username of the user

Login time date and time when a user logged-in.
Inactivity time time for which no packet is sent
IPv4 address IPv4 address of the host
IPv6Version 6 of the Internet Protocol. address IPv6 address of the host
Authentication type this is displayed if the host uses an authentication.
MAC address the MAC address is displayed if Kerio Control knows the MAC address of the host.

Traffic information

Information on size of data received (Download) and sent (Upload) by the particular user (or host) and on current speed of traffic in both directions.

The Connections item means the number of TCPTransmission Control Protocol - ensures packet transmission./UDPUser Datagram Protocol - ensures packet transmission. connections.

Activity

Option Description
Active since Time (in minutes and seconds) when the activity was detected.
Event Type

Type of detected activity (network communication). Kerio Control distinguishes many activities, for example SMTP, POP3Post Office Protocol 3 - A protocol used by local email clients to retrieve emails from mailboxes over a TCP/IP connection., WWW (HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML. traffic), FTPFile Transfer Protocol - Protocol for transferring computer files from a server., Streams (real-time transmission of audio and video streams), VPNVirtual private network - A network that enables users connect securely to a private network over the Internet., etc.

Description Detailed information on an activity. For example:

WWW — title of a Web page to which the user is connected (if no title is available, URL will be displayed instead). For better transparency, only the first visited page of each web server, to which the user connected, is displayed.

FTP — DNS name or IP address of the server, size of downloaded/saved data, information on currently downloaded/saved file (name of the file including the path, size of data downloaded/uploaded from/to this file).

P2PPeer-to-Peer networks are worldwide distributed systems where each node can be used both as a client and a server. — information that the client is probably using Peer-To-Peer network.

Connections

The Connections tab displays all active connections to the Internet. Information about each connection includes the processed traffic rule, transfer rate, protocol, outgoing interface, remote host and more.

Use the Show DNS names option to enable/disable showing of DNS names instead of IP addresses in the Source and Destination columns. If a DNS name for an IP address cannot be resolved, the IP address is displayed.

NOTE

To kill a connection between the LANLocal area network - A network that connects computers and other devices in a small area. and the Internet immediately, right-click the connection and select Kill connection.

The selected host's overview of connections lists only connections established from the particular host to the Internet and vice versa. Local connections established between the particular host and the firewall can be viewed only in Status > Connections. Connections between hosts within the LAN are not routed through Kerio Control and, therefore, they cannot be viewed there.

Histogram

The Histogram tab provides information on data volume transferred from and to the selected host in a selected time period. The chart provides information on the load of this host's traffic on the Internet line through the day.