Totals and what is included into "any" rule

Started by John C

John C

Totals and what is included into "any" rule   27 July 2016, 05:55

hi,

i've noticed something which seems odd. i have a rule setup which tracks tcp-udp (selected from list). i also have one which tracks any, again from the list. i would expect that tcp-udp is a subset of any and therefore the totals for tcp-udp <= any. again that's an assumption. if that is correct the totals are wrong. yesterday had tcp-udp 126/42/168 while any was 71/12/84.

are my assumptions wrong?

john c
SoftPerfect Support forum - Andrew avatar image

Re: Totals and what is included into "any" rule   27 July 2016, 11:21

It works a little differently.

When a packet arrives, the rules are matched in descending order of the rules list, from the top to the bottom. The first matching rule applies and no remaining rules are checked.

As a result, granted the TCP/UDP rule is listed first, it would capture TCPv4 and UDPv4, while the Any rule would capture anything other than that. If you swap the rules and place Any first followed by TCP/UDP, then the latter will not capture anything because Any matches anything, including TCP/UDP.
John C

Re: Totals and what is included into "any" rule   27 July 2016, 21:03

hi andrew,

thanks for the explanation.
one fup. are there any protocols which would be tracked by any which wouldn't be captured by one of the other protocol choices?
i'm trying to see where our verizon data budget is being spent (i.e. on which apps).

thanks,
john c
SoftPerfect Support forum - Andrew avatar image

Re: Totals and what is included into "any" rule   27 July 2016, 21:33

I can think of ARP and some other non-IP protocols that may run in your network, but most likely that's a negligible amount.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 ********  ********   *******   **      **  ******** 
 **    **  **        **     **  **  **  **  **       
     **    **        **     **  **  **  **  **       
    **     ******     ********  **  **  **  ******   
   **      **               **  **  **  **  **       
   **      **        **     **  **  **  **  **       
   **      ********   *******    ***  ***   ******** 

Message: