Windows: S-TAP statistics

The S-TAP statistics are sent by the S-TAP to the sniffer are stored on the collector. You can see the statistics in the predefined S-TAP Statistics report.

You can create alerts based on results.

The guard_tap.ini parameter STAP_STATISTIC specifies the interval at which the S-TAP sends statistics to the sniffer. Valid values are:
  • Positive integer: for hours
  • Negative integer: minutes
  • 0: do not send
The default is -5. This is also the minimum.
S-TAP counters:
  • Total dropped packets: Packets dropped due to insufficient buffer space in the S-TAP service.
  • Total dropped bytes: Bytes dropped due to insufficient buffer space in the S-TAP service.
  • Collector count
  • Collector names: Comma-separated list of all the collectors that are assigned to the S-TAP
  • Collector total dropped packets: Comma-separated list of the packets that are dropped due to insufficient buffer space in the S-TAP, cataloged by collector.
  • Collector total dropped bytes: Comma-separated list of the bytes that are dropped due to insufficient buffer space in the S-TAP, cataloged by collector.
NMP counters:
  • Software TAP Host
  • Tap name (driver name)
  • Tap version
  • Timestamp
  • Total packets: Total packets that pass through the driver
  • Total bytes: Total bytes that pass through the driver
  • Total dropped packets: Total packets that are dropped due to insufficient buffer space in the driver.
  • Total dropped bytes: Total bytes that are dropped due to insufficient buffer space in the driver.
  • Total ignored packets: Total packets that are ignored due to Ignore commands from the appliance or priority queue transitions.
  • Total ignored bytes: Total bytes that are ignored due to Ignore commands from the appliance or priority queue transitions.
  • Total ignored reply packets: Total packets of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
  • Total ignored reply bytes: Total bytes of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
WFP counters:
  • Software TAP Host
  • Tap name (driver name)
  • Tap version
  • Timestamp
  • Total packets: Total packets that pass through the driver
  • Total bytes: Total bytes that pass through the driver
  • Total dropped packets: Total packets that are dropped due to insufficient buffer space in the driver.
  • Total dropped bytes: Total bytes that are dropped due to insufficient buffer space in the driver.
  • Total ignored packets: Total packets that are ignored due to Ignore commands from the appliance or priority queue transitions.
  • Total ignored bytes: Total bytes that are ignored due to Ignore commands from the appliance or priority queue transitions.
  • Total ignored reply packets: Totals of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
  • Total ignored reply bytes: Totals of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.