I have a 2830n, and am trying to set up Smartmonitor. I have set up the port mirroring, and installed Smartmonitor 2.4.2 onto the PC (well a VM actually), and all “seems” to be working ok as I can “see” traffic being logged. However I have noticed a couple of things.

HTTPS traffic doesn’t seem to be logged / recorded. I understand that the “data” within the HTTPS session would not be recorded (such as a Google search), but Smartmonitor doesn’t even seem to recorded any visits to HTTPS sites. I can however see the DNS request for the site, but not that a user a visited it.

It doesn’t seem to log HTTP requests coming from my iPhone / iPad (using safari). They are connected to another access point (i.e not the wireless on the 2830n), and again, I can see the DNS request, but nothing is recorded under HTTP.

It doesn’t seem to be logging all e-mail. If I click on the IP address of the mail server I can see some e-mails that have been sent, but some are missing. Also the same for incoming e-mail, I can click on the “e-mail” category, and can see some incoming mail, but again, not all. I suppose the mirror port / VM could be “dropping” packets, but it’s only a home network, so only a few e-mails going out / coming in per hour, also wouldn’t expect the network to over utilised.

Also, I notice only the “top” level “web address” is recorded (i.e www.bbc.co.uk), is there a way to see the full URL that been visited (i.e http://www.bbc.co.uk/weather/2635167).

Any thoughts on the above.
Thanks.

Little update. Draytek support advised to upgrade to the latest version (2.4.3), however I was getting the same issues.

I ran wireshark on the machine, and that seemed to show that it was receiving all the packets. And in doing so I noticed that an email that came in was "encrypted", further investigation showed that the e-mail was being received with TLS. I turned this off (temporally) for the receiving connector, and it seems that most (but not quite all) the received email was being logged. Draytek support then conformed that HTTPS and TLS email traffic would not specifically show up / be logged, and would just be classed under "other" traffic.

Still have the issue where iPad / iPhone HTTP browsing doesn't seem to be logged, wireshark confirmed that the traffic was making it to the machine, and a laptop connected to the same access point logged ok. DNS requests from the iPad / iPhone show up, so with Smartmonitor only seeming to log the top level web address visited then having the DNS lookup for the web site is effetely the same thing.

Ian.