Breaking down HTTP traffic

  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi,

I'm wondering if there is a way to break down HTTP traffic? It's all good knowing that 20GB of HTTP data was downloaded but it would be useful to know what it actually was (YouTube, Google Video etc).

A certain Cisco product starting with M lets you view this information in it's dashboard, so I'm not sure if this isn't available with Aerohive or if I'm just looking in the wrong places.

Thanks for any help.
Photo of Gregor Blaj

Gregor Blaj

  • 10 Posts
  • 1 Reply Like

Posted 3 years ago

  • 1
Photo of Tony

Tony

  • 5 Posts
  • 0 Reply Likes
Gregor,

In the Dashboard tab of the HiveManager, you can place a variety of widgets to show any number of combinations of pieces of information. Such as "Top 10 Applications By Usage", "Top 20 Applications by Usage", "Top 20 Clients By Application Usage", and so on.

To edit the Dashboard screen and add/remove widgets, you will want to click the edit icon (looks like a pencil and paper).
Photo of Gregor Blaj

Gregor Blaj

  • 10 Posts
  • 1 Reply Like
Hi Tony,

I would like to be able to further break down HTTP (or any other service), something like below. But I'm not sure if this is possible at the moment? From reading the forums, users were asking to get more information on what their guest users are browsing and I don't think they were able to do so without a third party tool.

Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
As of HiveOS 6.2r1, Aerohive access points have over 1200 application signatures feeding into the deep packet inspection engine.  iTunes, YouTube, Google Video, Dailymotion, Vimeo, Spotify, SoundCloud, and last.fm are all there. There will still be some HTTP and SSL traffic that is not identified more specifically (since millions of web sites and services exist), but you can build custom signatures if you know some services you want to track.  


If you are only seeing generalized HTTP traffic and some other really basic stuff (IP, TCP, etc), then your application signatures probably have not been updated from stock.  If you are running 6.2r1, you should be using 4.0.4 signatures, for instance.  
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
To get more detail than this, you would want to do so using a firewall within a network, such as those available from Palo Alto.

These are not features that you would typically find at the access layer in a network.

The out-of-band nature of HiveManager, typically cloud hosted, would be very ill suited to receiving this amount of raw data.
Photo of Gregor Blaj

Gregor Blaj

  • 10 Posts
  • 1 Reply Like
Hi Andrew,

What you posted is what I'm looking for but my signature version is 4.0.0 with 6.2r1. Do I need a support contract to be able to download new signatures?

Thanks again.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
If you are using HiveManager Online (HMOL) you just need to select the APs and choose to update the signatures.




Otherwise, signatures can be downloaded via https://support.aerohive.com/secur/download_page if you are a current customer and have asked for an account.
(Edited)
Photo of Gregor Blaj

Gregor Blaj

  • 10 Posts
  • 1 Reply Like
Cool, it seems to have updated now and the application usage is reporting back correctly.

Thanks for the help everyone :)