Monitoring traffic capture status and statistics on a Collector


The Traffic capture statistics page shows full information about the traffic captured by the Real User Collector:

Note

The Real User Analyzer displays graphs about data received from the Collectors to which it is connected, but the Analyzer component does not provide traffic statistics since traffic is captured only by the Collector.

To view traffic capture statistics

  1. To find out how the Real User Collector processes monitored traffic, in the Real User Collector, go to Administration > Device status, and then click Traffic capture statistics.
  2. If the Security user has enabled the Automatic page reload service on the Administration > Security settings > Services page, you can start or terminate the countdown for when data on the page refreshes by using the Start and Stop buttons.
  3. To force data flow statistics to refresh, click Reload now.

In addition to the captured traffic, the Collector Home page shows the excluded traffic. The traffic between a Real User Cloud Probe and a Collector is also captured, but it is categorized as excluded. Each Cloud Probe has a default traffic filter rule to discard that traffic.

Traffic section

The Traffic section of the Traffic capture statistics page shows summary information about traffic the Collector collected during the last minute. If a Collector receives data from multiple Cloud Probes, the traffic summary information is combined from all of the connected Cloud Probes.

General traffic information

Label

Description

Traffic column

Frames

Number of Ethernet frames the device received in the last minute

Screened traffic

Percentage of traffic removed because of IP-based traffic inclusion and exclusion policies

IP traffic

Percentage of unfiltered traffic that had IP packets

TCP traffic

Percentage of unfiltered traffic that had TCP packets

Encrypted traffic

Percentage of TCP traffic that used HTTPS

HTTP traffic

Percentage of TCP traffic that used HTTP

Last Akamai receipt

Date and time the device received the last combined Akamai Edge Logging receipt

TCP sessions column

Total

Total number of TCP sessions observed in the last minute

Encrypted

Percentage of TCP sessions that were encrypted in the last minute

Reset

Percentage of sessions that were reset by the server or client

SSL section

The SSL section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and about observed SSL sessions in the last minute.

SSL traffic information

Label

Description

SSL traffic column

SSL records

Total number of SSL records the device collected in the last minute

Handshakes

Percentage of SSL records whose type was handshake

Cipher negotiation

Percentage of SSL records whose type was change cipher spec

Alerts

Percentage of SSL records whose type was alert

Data transfer

Percentage of SSL records whose type was application data

SSL sessions column

Total

Total number of SSL sessions observed in the last minute

New

Percentage of SSL sessions that were new and stored in cache

Restored

Percentage of SSL sessions that were restored from cache

Failed

Percentage of SSL sessions that produced an error while attempting to restore from cache

Capture rate

The Capture rate section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and about observed SSL sessions during the last minute.

Capture rate traffic information

Label

Description

Capture rate at the origin

Average rate of HTTP hits served from the origin, observed on the wire

Capture rate of Akamai cached objects

Average rate of HTTP hits cached by Akamai, observed on the wire

Total capture rate

Average rate of HTTP hits (both origin-served and Akamai-cached), observed in hits per second

Broken

Percentage of hits that could not be processed because of missing or malformed packets

Dropped

Percentage of hits that could not be processed because of limits to the amount of traffic the Collector can process. Dropped hits do not contribute to sampled traffic.

Processed

Percentage of hits the device successfully processed

SYN/ACK ratio

The SYN/ACK ratio section of the Traffic capture statistics page shows summary information about the three-way handshake present in every TCP session.

SYN/ACK ratio traffic information

Label

Description

Overall ratio

Percentage of requests that do not have the full three-way TCP handshake

SYN, no SYN-ACK

Percentage of requests with a SYN that were not followed by a SYN-ACK

SYN-ACK, no client ACK

Percentage of requests with a SYN-ACK that were not followed by an ACK

Related topics

Validating-traffic-capture-on-a-CollectorSizing Real User Collector instances

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*