Monitoring traffic capture status and statistics on a Collector
The Traffic capture statistics page shows full information about the traffic captured by the Real User Collector:
- Traffic and TCP sessions
- SSL traffic and sessions
- Packet capture rate
- SYN/ACK ratio
Note
The Real User Analyzer displays graphs about data received from the Collectors to which it is connected, but the Analyzer component does not provide traffic statistics since traffic is captured only by the Collector.
To view traffic capture statistics
- To find out how the Real User Collector processes monitored traffic, in the Real User Collector, go to Administration > Device status, and then click Traffic capture statistics.
- If the Security user has enabled the Automatic page reload service on the Administration > Security settings > Services page, you can start or terminate the countdown for when data on the page refreshes by using the Start and Stop buttons.
- To force data flow statistics to refresh, click Reload now.
In addition to the captured traffic, the Collector Home page shows the excluded traffic. The traffic between a Real User Cloud Probe and a Collector is also captured, but it is categorized as excluded. Each Cloud Probe has a default traffic filter rule to discard that traffic.
Traffic section
The Traffic section of the Traffic capture statistics page shows summary information about traffic the Collector collected during the last minute. If a Collector receives data from multiple Cloud Probes, the traffic summary information is combined from all of the connected Cloud Probes.
General traffic information
| Label | Description |
|---|---|
| Traffic column | |
| Frames | Number of Ethernet frames the device received in the last minute |
| Screened traffic | Percentage of traffic removed because of IP-based traffic inclusion and exclusion policies |
| IP traffic | Percentage of unfiltered traffic that had IP packets |
| TCP traffic | Percentage of unfiltered traffic that had TCP packets |
| Encrypted traffic | Percentage of TCP traffic that used HTTPS |
| HTTP traffic | Percentage of TCP traffic that used HTTP |
| Last Akamai receipt | Date and time the device received the last combined Akamai Edge Logging receipt |
| TCP sessions column | |
| Total | Total number of TCP sessions observed in the last minute |
| Encrypted | Percentage of TCP sessions that were encrypted in the last minute |
| Reset | Percentage of sessions that were reset by the server or client |
SSL section
The SSL section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and about observed SSL sessions in the last minute.
SSL traffic information
| Label | Description |
|---|---|
| SSL traffic column | |
| SSL records | Total number of SSL records the device collected in the last minute |
| Handshakes | Percentage of SSL records whose type was handshake |
| Cipher negotiation | Percentage of SSL records whose type was change cipher spec |
| Alerts | Percentage of SSL records whose type was alert |
| Data transfer | Percentage of SSL records whose type was application data |
| SSL sessions column | |
| Total | Total number of SSL sessions observed in the last minute |
| New | Percentage of SSL sessions that were new and stored in cache |
| Restored | Percentage of SSL sessions that were restored from cache |
| Failed | Percentage of SSL sessions that produced an error while attempting to restore from cache |
Capture rate
The Capture rate section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and about observed SSL sessions during the last minute.
Capture rate traffic information
| Label | Description |
|---|---|
| Capture rate at the origin | Average rate of HTTP hits served from the origin, observed on the wire |
| Capture rate of Akamai cached objects | Average rate of HTTP hits cached by Akamai, observed on the wire |
| Total capture rate | Average rate of HTTP hits (both origin-served and Akamai-cached), observed in hits per second |
| Broken | Percentage of hits that could not be processed because of missing or malformed packets |
| Dropped | Percentage of hits that could not be processed because of limits to the amount of traffic the Collector can process. Dropped hits do not contribute to sampled traffic. |
| Processed | Percentage of hits the device successfully processed |
SYN/ACK ratio
The SYN/ACK ratio section of the Traffic capture statistics page shows summary information about the three-way handshake present in every TCP session.
SYN/ACK ratio traffic information
| Label | Description |
|---|---|
| Overall ratio | Percentage of requests that do not have the full three-way TCP handshake |
| SYN, no SYN-ACK | Percentage of requests with a SYN that were not followed by a SYN-ACK |
| SYN-ACK, no client ACK | Percentage of requests with a SYN-ACK that were not followed by an ACK |
Comments