Hi Daniel, I think the scope of this HTTP inspection, for Stathis and Chris, is libpcap only. Also, similarly to HTTP, Chris brought up he would like to do some inspection of DNS packets (he is not looking for resolving source/destination IP addresses into names which i fully agree with you is post-processing kind of activity).
Cheers, Paolo On Mon, Mar 24, 2014 at 03:02:08PM +0100, Daniel Gomez wrote: > > > > > Hi All, > > Correct me if I am wrong, but for example the sFlow from Brocade is not > even exporting this information. IPFIX may be? > > In any case, if the information is already on the packet, i.e. A oder PTR > field, why not include it? > > On the other hand, pmacct doing itself dns lookups would not have sense for > me. That is the work of a post-processing tool. > > Regards, > > Daniel Gomez > > > > > > Von: Chris Wilson <ch...@aptivate.org> > An: pmacct-discussion@pmacct.net > Datum: 24.03.2014 14:17 > Betreff: Re: [pmacct-discussion] HTTP traffic classification > Gesendet von: "pmacct-discussion" > <pmacct-discussion-boun...@pmacct.net> > > > > Hi Karl, > > On Mon, 24 Mar 2014, Karl O. Pinc wrote: > > On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote: > >> Concerning HTTP: I guess the thing to output would be hostname, since > >> you can have multiple HTTP requests to different URLs inside one TCP > >> Session.About DNS, what should be outputted? I guess the hostname for A > >> queries is good enough to start with. > > > > I'm not clear on where DNS would fit into this. Offhand, DNS lookups > > (and then reverse DNS lookups, etc.) should not be part of > > pmacct. There's just too much latency. People who want that > > sort of thing should work out how to do it outside of pmacct. > > I'd like to see the *content* of DNS requests and responses available to > be logged in data records by pmacct. It can be very helpful in identifying > which website someone was trying to access, when all we have is an IP > address. I accept that not everybody would want this, but I do. > > Cheers, Chris. > -- > Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838 > Citylife House, Sturton Street, Cambridge, CB1 2QF, UK > > Aptivate is a not-for-profit company registered in England and Wales > with company number 04980791. > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
