Traffic capture status and statistics
Traffic is captured only by the Collector component. There is no traffic capture switch or statistics on the Analyzer component. However, Real User Analyzers display graphs about data received from Real User Collectors to which they are connected.
There are some cases when you might want to disable traffic capture. For example, if you need to change your traffic inclusion and exclusion policies, you can disable traffic capture until you configure the component properly. When you disable traffic capture, no traffic is processed through the network interface.
To disable traffic capture
- In the Real User Collector, go to Administration > Security settings, and then click Services.
- In the Data collection section, click Disable for Traffic capture.
Real User Collector stops collecting traffic data.
To view traffic capture statistics
To find out how the Real User Collector processes the monitored traffic, in the Real User Collector, go to Administration > Device status, and then click Traffic capture statistics.
The Traffic capture statistics page shows full information about:
- Traffic and TCP sessions
- SSL traffic and sessions
- Packet capture rate
- SYN/ACK ratio
If the Security user has enabled the Automatic page reload service on the Administration > Security settings > Services page, you can start or terminate the countdown for when data on the page refreshes by using the Start | Stop buttons.
To force data flow statistics to refresh, click Reload now.
Traffic section
The Traffic section of the Traffic capture statistics page shows summary information about traffic that the Real user Collector collected during the last minute.
General Information about Your Traffic
Label | Description |
|---|---|
Traffic column | |
Frames | The number of Ethernet frames the device received in the last minute |
Screened traffic | The percentage of traffic removed because of IP-based traffic inclusion/exclusion policies |
IP traffic | The percentage of unfiltered traffic that had IP packets |
TCP traffic | The percentage of unfiltered traffic that had TCP packets |
Encrypted traffic | The percentage of TCP traffic that used HTTPS |
HTTP traffic | The percentage of TCP traffic that used HTTP |
Last Akamai receipt | Date and time the device received the last combined Akamai Edge Logging receipt |
TCP sessions column | |
Total | The total number of TCP sessions observed in the last minute |
Encrypted | The percentage of TCP sessions that were encrypted in the last minute |
Reset | The percentage of sessions that were reset by the server or client |
SSL section
The SSL section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and observed SSL sessions in the last minute.
Information about Your SSL Traffic
Label | Description |
|---|---|
SSL traffic column | |
SSL records | The total number of SSL records the device collected in the last minute |
Handshakes | The percentage of SSL records whose type was handshake |
Cipher negotiation | The percentage of SSL records whose type was change cipher spec |
Alerts | The percentage of SSL records whose type was alert |
Data transfer | The percentage of SSL records whose type was application data |
SSL sessions column | |
Total | The total number of SSL sessions observed in the last minute |
New | The percentage of SSL sessions that were new and stored in cache |
Restored | The percentage of SSL sessions that were restored from cache |
Failed | The percentage of SSL sessions that produced an error while attempting to restore from cache |
Capture rate
The Capture rate section of the Traffic capture statistics page shows summary information about SSL traffic the Collector collected and observed SSL sessions during the last minute.
Information about the Capture Rate
Label | Description |
|---|---|
Capture rate at the origin | Average rate of HTTP hits served from the origin observed on the wire |
Capture rate of Akamai cached objects | Average rate of HTTP hits cached by Akamai observed on the wire |
Total capture rate | The average rate of HTTP hits (both origin-served and Akamai-cached) observed in hits per second |
Broken | The percentage of hits that could not be processed because of missing or malformed packets |
Dropped | The percentage of hits that could not be processed because of limits to the amount of traffic the Collector can process. Dropped hits do not contribute to sampled traffic |
Processed | The percentage of hits the device successfully processed |
SYN/ACK ratio
The SYN/ACK ratio section of the Traffic capture statistics page shows summary information about the SYN / ACK ratio.
A SYN attack (also known as a SYN flood) is a type of denial-of-service attack where an attacker sends a one SYN request after another to a system.
Information about the SYN/ACK ratio
Label | Description |
|---|---|
Overall ratio | The percentage of requests that appear to be SYN attacks. |
SYN, no SYN-ACK | The percentage of requests with a SYN that were not followed by a SYN-ACK |
SYN-ACK, no client ACK | The percentage of requests with a SYN-ACK that were not followed by and ACK |