Layer 4 Traffic Monitor Page
The Layer 4 Traffic Monitor report page displays information about malware ports and malware sites that the Layer 4 Traffic Monitors on your Web Security appliances have detected during the specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
To view the Web Sites report page, select Web from the Product drop-down and choose Monitoring > Web Sites from the Reports drop-down. For more information, see Using the Interactive Report Pages.
The Layer 4 Traffic Monitor listens to network traffic that comes in over all ports on each Web Security appliance and matches domain names and IP addresses against entries in its own database tables to determine whether to allow incoming and outgoing traffic.
You can use data in this report to determine whether to block a port or a site, or to investigate why a particular client IP address is connecting unusually frequently to a malware site (for example, this could be because the computer associated with that IP address is infected with malware that is trying to connect to a central command and control server.)
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
Choose the time range for your report. For more information, see the Choosing a Time Range for Reports. |
|
Top Client IPs: Malware Connections Detected |
You can view the top IP addresses of computers in your organization that most frequently connect to malware sites, in graphical format. To customize the view of the chart, click This chart is the same as the “Layer 4 Traffic Monitor: Malware Connections Detected” chart on the Client Malware Risk Report. |
|
Top Malware Sites: Malware Connections Detected |
You can view the top malware domains detected by the Layer 4 Traffic Monitor, in graphical format. To customize the view of the chart, click |
|
Client Source IPs |
You can use the this interactive table to view the IP addresses of computers in your organization that frequently connect to malware sites. To include only data for a particular port, enter a port number into the box at the bottom of the table and click Filter by Client IP. You can use this feature to help determine which ports are used by malware that “calls home” to malware sites. To view details such as the port and destination domain of each connection, click an entry in the table. For example, if one particular client IP address has a high number of Malware Connections Blocked, click the number in that column to view a list of each blocked connection. The list is displayed as search results in the Layer 4 Traffic Monitor tab of the Web Tracking Search page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. This chart is the same as the “Layer 4 Traffic Monitor: Malware Connections Detected” chart on the Client Malware Risk Report. |
|
Malware Ports |
You can use the this interactive table to view the ports on which the Layer 4 Traffic Monitor has most frequently detected malware. To view details, click an entry in the table. For example, click the number of Total Malware Connections Detected to view details of each connection on that port. The list is displayed as search results in the Layer 4 Traffic Monitor tab on the Web Tracking Search page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. |
|
Malware Sites Detected |
You can use the this interactive table to view the domains on which the Layer 4 Traffic Monitor most frequently detects malware. To include only data for a particular port, enter a port number into the box at the bottom of the table and click Filter by Port. You can use this feature to help determine whether to block a site or a port. To view details, click an entry in the table. For example, click the number of Malware Connections Blocked to view the list of each blocked connection for a particular site. The list is displayed as search results in the Layer 4 Traffic Monitor tab on the Web Tracking Search page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. |
on the chart. For more information, see Tip | To customize your view of this report, see Working with Web Security Reports. |