Hi all,
Concerning HTTP: I guess the thing to output would be hostname, since you can
have multiple HTTP requests to different URLs inside one TCP Session.About DNS,
what should be outputted? I guess the hostname for A queries is good enough to
start with.
BR,Stathis
Date: Sun, 23 Mar 2014
On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote:
Hi all,
Concerning HTTP: I guess the thing to output would be hostname, since
you can have multiple HTTP requests to different URLs inside one TCP
Session.About DNS, what should be outputted? I guess the hostname for
A queries is good enough
Hi Karl,
On Mon, 24 Mar 2014, Karl O. Pinc wrote:
On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote:
Concerning HTTP: I guess the thing to output would be hostname, since
you can have multiple HTTP requests to different URLs inside one TCP
Session.About DNS, what should be outputted? I guess
Hi All,
Correct me if I am wrong, but for example the sFlow from Brocade is not
even exporting this information. IPFIX may be?
In any case, if the information is already on the packet, i.e. A oder PTR
field, why not include it?
On the other hand, pmacct doing itself dns lookups would not
Hi Daniel,
I think the scope of this HTTP inspection, for Stathis and Chris, is
libpcap only. Also, similarly to HTTP, Chris brought up he would like
to do some inspection of DNS packets (he is not looking for resolving
source/destination IP addresses into names which i fully agree with
you is
On 03/24/2014 08:14:25 AM, Chris Wilson wrote:
I'd like to see the *content* of DNS requests and responses available
to
be logged in data records by pmacct. It can be very helpful in
identifying
which website someone was trying to access, when all we have is an IP
address. I accept that