Enter a protocol pattern and click on the Submit button.
Topics:
- How do I get details if there is more than one protocol in the results?
- What do the buttons at the top of the result page do?
- What search patterns can I use?
See Also:
How do I get details if there is more than one protocol in the results?
If more than one protocol matches the pattern then the matches will be listed. Click on a row in the table to see details of that protocol.
What do the buttons at the top of the result page do?
Search results may contain one or more of the following buttons across the top of the page:
- Servers real-time chart of the top servers for the selected protocol (see Sentinel:Traffic>Top N).
- Clients real-time chart of the top clients of the protocol (see Sentinel:Traffic>Top N).
- Connections button to see a real-time chart of the top connection using the selected protocol (see Sentinel:Traffic>Top N).
- Circles circles view showing the top connections (see Sentinel:Traffic>Circles).
- Explore query historical traffic for information about selected protocol (see Sentinel:Report>Explore).
What search patterns can I use?
Protocol search strings have the pattern,
<PROTOCOL>:<port>
The following protocols are recognized:
- ETHERNET
- ICMP
- IEEE802
- IP
- IPX
- RTP
- TCP
- UDP
- XNS
As well as explicitly providing a protocol and port, patterns can be used to search for protocols, for example:
- ETHERNET:2048
- TCP:ssh
- TCP:*shell*
- shell
- *shell*
- 80
The * symbol in a pattern matches any sequence of zero or more characters, for example the pattern router* would match: "router", "routers", "router123" etc. The ? symbol matches any single character, for example the pattern router? would match: "routers", "router1", "router2", but not "router" or "router12".