Categories
Archives
- October 2012
- September 2012
- May 2012
- April 2012
- March 2012
- November 2011
- October 2011
- September 2011
- July 2011
- May 2011
- April 2011
- March 2011
- February 2011
- October 2010
- August 2010
- May 2010
- March 2010
- February 2010
- November 2009
- September 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- December 2008
- October 2008
- September 2008
- July 2008
- June 2008
What does event column mean?
Question
“I have logged NetStat acitivity for a couple of days. I am analyzing the log now. I cannot find a definition of what can be recorded in the Event Column. What exactly does changed mean? What exactly does new mean? What exactly does removed mean?”
Answer
Event Columns means a log record status, for example:
1) You click on file in your browser and the browser opens a TCP connection to download file.
2) At this moment NetStat Agent (NA) found that your browser opened a new connection, so because it is a new connection, NA sets a record status as “New”.
3) But when your browser downloaded a file, it closes the opened connection and at this moment NA writes to log file that connection is closed and sets a record status as “Removed”.
A record status “Changed” means that connection state (see column “Status” in NetStat window) is changed, for example:
1) Let assume you run Skype and connected to Skype server.
2) In this case NA will find a TCP connection with status - “ESTABLISHED”.
3) Then you decide to close Skype (disconnect).
4) It means that your PC (Skype application) will send a FIN packet (a TCP signal to close connection) to a remote host (Skype server).
5) For your PC it means a changing connection status from ESTABLISHED to FIN_WAIT1.
6) So when NetStat Agent detects connection status changes it writes to log file what connection is changed and sets a record status as “Changed” to event column.
- March 4th, 2010
- 0 Comments