====== Host info ====== Clicking on any of the host icons on the [[Network status page]] opens an information page about that host. ===== Status ===== When a Host info page is being opened, an ARP and a PING request are sent from Internet Gate to that host. The results of those requests are displayed in the Status box. **Ping** : Result of the PING request sent to the host. The Internet Gate sends a PING request to the host's IP address and waits up to one second for the answer. If the host answers OK that PING request then it is online. :!: There are several kind of network equipment that are configured to not to answer PING requests – a host not answering to PING might still be online! **ARP** : Result of the ARP request sent to the host. The Internet Gate sends an ARP request to the host's IP address and waits up to one second for the answer. All types of network equipment do answer to ARP requests with their MAC address if they are online – it is a mandatory Ethernet rule. However, as ARP requests do not travel through gateways, it can only be used to determine online status for hosts on the same subnet as Internet Gate. Remote hosts behind gateways never answer to ARP requests, as the ARP request is stopped by the gateway and never reaches the host. ===== SIP Users ===== A list of all SIP user names registered to that host – registered either on the built-in SIP server of Internet Gate, or registered through it to a remote SIP server. ===== Flows ===== A list of all [[firewall:flows]] open to this host. Effectively a list of all hosts this host is connected to. Due to the dynamic nature of flows, the list shows all hosts this host have been connected to during the past few minutes. (Flows remain in use up to roughly 1 minute after they were closed or roughly 5 minutes after the last byte transferred through them (timeout).) If several flows are opened to the same host and port they are summarized into one entry line in the Flows list.\\ The **#** column shows the number of flows opened to the same host and port. For example for a simple web page 2 flows are opened for the web page itself (2 flows as the data flows bi-directionally), and 2 additional flows for each picture on it (as pictures are loaded separately by most web browsers). The **bytes** column shows the number of bytes transferred through those flows since they become opened, regardless of data transfer direction and how long ago the flows became opened. However, most web-related flows are open only for a few seconds (while the page is loading – new web pages open new flows). The **Protocol** field indicates the data transmission protocol used within the flows. The **To IP:port** field shows the host and port the flows are opened to – the host this host is connected to. Port is only indicated for protocols actually using port numbers, such as tcp and udp. ==== Example ==== Say the Flows field of the Host info page of a host have a line: | 8 8637 tcp 213.136.58.98 : 80'http' | As the flow connects to port 80, it is most probably an HTTP web access. There are several ways to find out what server is at 213.136.58.98: - Open a web browser on your PC and enter 213.136.58.98 into its Address field. The main page of the web server at that address becomes opened. However many web servers do not support IP-address-only access – they demand a URL to be supplied. - Open a command prompt on your PC and enter nslookup 213.136.58.98 for a reverse lookup of that IP address. If your operator's DNS server supports reverse lookups it will answer with the corresponding URL. However most DNS servers do not support reverse lookups. - Go to http://www.ripe.net/db/whois/whois.html , enter 213.136.58.98 into its Search for field and click Search. Ripe.net maintains a database over IP address owners. Sometimes the returned information is useful – sometimes it is not. - If it is a local IP address on LAN, go back to the Network status page to see which host it is. As you can see there are several ways to find out that 213.136.58.98 indeed is this same server you are accessing right now. However none of the methods are universal – different methods suit different servers. And regardless of the method used, you can only find out which server that host has accessed, but not which page on that server.