Q: What is a technique to calculate the length of IP packet in TrafMeter ?

A: Every IP packet has a field in the header named "Total length". It contains the number of bytes in the entire packet, including the header. TrafMeter uses only value obtained in this field to calculate the length of IP packet.

Q: I have created a filter with the rule from "Any address" to "Any address" with mirrored flag is enabled. The "sent bytes" cell displays a number is very closely to captured traffic but the "received bytes" cell is zero. Incoming traffic isn't counted. What's wrong ?

A: You can't split the traffic (sent & received) in the rule "from Any to Any". Imagine that you stay at a side of a two-way road and you see a car traffic. What cars are incoming and what cars are outgoing? You can't answer because you need to get a reference point. Let's decide, the cars to the city "A" are inbound traffic and the cars to the city "B" are outgoing traffic.

Q: I have a connection to Internet via DSL modem plugged into an Ethernet hub and want to monitor traffic between my PC and Internet. My PC has the IP address 192.168.1.2 and DSL modem has the IP address 192.168.1.1. I have created a TrafMeter filter with a rule "192.168.1.2 as source address" and "192.168.1.1 as destination address". I begin capture traffic but all counters are zero. What's wrong ?

A: You measure the traffic between your PC and your DSL modem. This is your mistake. Packets transmitted from your PC to Internet don't have the IP address of your DSL modem as destination. First, fill a Local Address Table (LAT) with all addresses of your network (e.g., from 192.168.1.1 to 192.168.1.255). Second, create the filter with the rule "192.168.1.2 as source address" and "IP addresses of WAN as destination address".

Q: How to measure FTP traffic ?

A: This is a good introduction of FTP protocol obtained from www.deerfield.com. FTP is an acronym that stands for "File Transfer Protocol". FTP is used for transferring files over the Internet. There are 2 types of FTP connections, Active FTP and Passive FTP. The rules that you will require to count FTP are dependant on which mode of FTP you are using. The default behavior for most browsers is to use Passive FTP, while for most FTP Client programs (i.e. CuteFTP, Internet Neighborhood, WS-FTP) it is Active.
 
FTP consists of 2 unique connections between the client machine and the FTP server. One is called the "control" connection. This handles the user connecting to and logging into the FTP server. Once the user is logged in, the "data" connection is established to permit the listing of files in a directory, and allow for files to be uploaded or downloaded.
 
The "control" connection is the same for both Passive and Active FTP. The client makes the initial TCP connection from their temporary range of ports (i.e. any available port higher than 1023) to the serverÆs port 21 and says "Hi! I want to connect with you. Here is my user name and password". What happens next depends on whether Active or Passive mode is being used.
 
In Active mode, when the client says "Hi!" and logs in, they also tell the server a port number (again, somewhere in the temporary range) to use to connect back to them on to make the data connection. The FTP server logs the user in and then connects back to them from the serverÆs port 20 to the port that was given to open the data connection.
 
In Passive mode, after the client says "Hi!" and logs in, the FTP server logs them in, then tells the client what port to connect to the server on to make the data connection (this will be a port in the temporary range, 1024+). The client receives that information, then connects back from a temporary port to the FTP server on the port they were instructed to use, to open the data connection.
 
The major difference between Active and Passive mode FTP is which side is opening the data connection. In Active mode, the client machine needs to accept a data connection originating from the FTP server. In Passive mode, the client machine is always the one originating the connection.
 
Active Mode Example:
[1] Control Connection: Client port 1026 -> Server port 21
[2] Data Connection: Client port 1027 <- Server port 20
 
Passive Mode Example:
[1] Control Connection: Client port 1026 -> Server port 21
[2] Data Connection: Client port 1027 -> Server port 2065
 
We hope, that this information will help to create rules to count FTP traffic.