• Knowledge Base
• Support Ticket
• Updates and Upgrades
• Forums
• CEO's Blog

Home > support > Knowledge Base > Questions > What does the OTHER channel mean in PRTG Traffic Grapher

login

What does the OTHER channel mean in PRTG Traffic Grapher

When using Netflow collector and packet sniffing sensors with PRTG Traffic Grapher you will notice that there is one line (called "channel") with the name "Other". This "Other" channel sums up the traffic of network packets that can not be allocated to one of the existing filter channel settings. 

Depending on the kind of traffic inside your network the amount shown in the "Other" channel can be quite extensive.

In order to be able to discern (or filter out) what is going on in the "Other" channel it is necessary to find out what traffic is going through your network. Then, you either have to define new channels so that the data flow not yet accounted is accounted for correctly or new filter rules to filter out the unwanted traffic (but this will change your totals, too).

To do this you should turn on the "Raw Data" logging feature under the "Channels" tab of the sensor settings. Choose "Only Other Channel" from the dropdown - this way you will make certain to only log the data that is being used to populate the "Other" channel.

A soon as this feature is turned on you will find a file in the currently active PRTG monitoring directory that contains information similar to that below:

****************** 25.04.2006 12:22:46 Start Logging
time,flowstart,flowend,protocol,sourceip,sourceport,sourcemac,destinationip,destinationport,destinationmac,size,sourceinterface,destinationinterface
25.04.2006 12:22:47,25.04.2006 12:22:47,25.04.2006 12:22:47,17,10.0.0.202,4796,00-11-43-A0-64-99,10.0.0.222,161,00-C0-9F-26-B1-31,83,-1,-1
25.04.2006 12:22:47,25.04.2006 12:22:47,25.04.2006 12:22:47,17,10.0.0.234,161,00-C0-9F-26-B1-31,10.0.0.202,4796,00-11-43-A0-64-99,87,-1,-1
25.04.2006 12:22:47,25.04.2006 12:22:47,25.04.2006 12:22:47,17,10.0.0.202,137,00-11-43-A0-64-99,64.233.183.104,137,00-02-16-48-A8-E1,92,-1,-1
25.04.2006 12:22:47,25.04.2006 12:22:47,25.04.2006 12:22:47,17,192.168.37.1,137,00-11-43-A0-64-99,64.233.183.104,137,00-02-16-48-A8-E1,92,-1,-1

The information provided includes the date / time stamp, the flow start date / time stamp, the flow end date / time stamp, the protocol used (if defined), the source IP address, the source port, the source MAC, the destination IP address, the destination port, the destination MAC, the size of the packet, the source interface, and the destination interface (in that order). Note that not all columns may be populated depending on the sensor type.

Review the log and try to find rules to classify your traffic.

Defining a New Channel:

PRTG Traffic Grapher comes with various, common channels configured by default. These include FTP, HTTP, HTTPS, ICMP, among others. However, it can be useful, in order to discern traffic recognized using the process above, to define further channels, thus allowing you to allocate them names, making it easier to discern the actual traffic being monitored.

In order to add a new channel, you merely need to click on the ?Add? button under the "Channels" tab when editing the respective sensor. Then, you need to select to add a filter - this process will first allow you to enter a name for the filter and then enter the respective parameters for the filter operation in the information box to the right side of the list of channels. A sample for such a channel filtering parameter using protocol 17, ports 4796 and 161, as provided by the logged data shown above would be:

Protocol[17] DestinationPort[4796]
Protocol[17] SourcePort[4796]
Protocol[17] DestinationPort[161]
Protocol[17] SourcePort[161]

As each line is a ruleset in itself, this definition is telling PRTG to include all information flowing from or to the combination of protocol 17 and port 4796, as well as all data flowing from or to protocol 17 and port 161 as parameters for the channel.

Defining a filter:

Once again, using the information found above, you can notice that there is data flowing through the source IP address "10.0.0.202". In order to filter out the data passing from this IP address to the range 10.0.0.203 -10.0.0.208, all you would need to do is to define the filtering information in an exclude ruleset as follows:

-SourceIP[10.0.0.202] DestinationIP[10.0.0.203/208]

In this example, the "-" sign works as a logical NOT, as such defining that information passing from the source IP to the destination IP range is to be excluded from monitoring.

The same holds true when defining a simple ruleset telling PRTG to include all data within a wildcard range as regards the destination IP address range 10.0.0.*:

DestinationIP[10.0.0.*]

You will notice the lack of a preceding "-", which tells PRTG that this range is to be included and not excluded.

Syntax definitions:

Beyond these two examples, when defining filter or channel parameters, the same holds true for any information found in the logged raw data, such as protocol, port, or MAC address.

The actual syntax that needs to be used is explained under the "Filter" and "Channel" tabs when clicking the "Help" button.

• © 1998-2008 Paessler AG

• Contact
• Sitemap
• Privacy Policy

• Home
• Products
  • PRTG Product Overview
  • PRTG Network Monitor
  • PRTG Traffic Grapher
  • SNMP Helper
  • Webserver Stress Tool
  • Freeware Network Tools
• Downloads
  • PRTG Network Monitor
  • PRTG Traffic Grapher
  • SNMP Helper
  • Webserver Stress Tool
  • Freeware Network Tools
• Shop
  • PRTG Network Monitor
  • PRTG Traffic Grapher
  • SNMP Helper Pro
  • Webserver Stress Tool
  • Add Ons
  • How To Order (FAQs)
• support
  • Knowledge Base
  • Support Ticket
  • Updates and Upgrades
  • Forums
  • CEO's Blog
• Company
  • Contact
  • Partners
  • Press
  • Case Studies
  • Newsletter

• EN
• DE
• ES
• FR
• IT

Buy now