Mike, I do have two support tickets open for this problem. Can you please confirm that you can do a reverse lookup on these addresses from the machine where you are viewing IM Flows, and I will open another ticket for you. Thanks!
-- Janice -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman Sent: Friday, September 19, 2008 1:37 PM To: 'InterMapper Discussion' Subject: RE: Spam:*******, RE: [IM-Talk] Net Flows Question That's nice BUT even then the PTR should resolve to the A name. So why didn't it? If you want the actual names to run a DNS lookup or DIG on I will provide it off line. -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Janice Losgar Sent: Friday, September 19, 2008 11:29 AM To: 'InterMapper Discussion' Subject: Spam:*******, RE: [IM-Talk] Net Flows Question Mike, IM Flows uses a DNS PTR query to identify the name for a given IP address. The NetFlow information exported by the router contains the source and destination IP addresses; it does not contain any information from the payload of the TCP packet itself. If you have a web server that serves multiple virtual hosts, e.g. one for a restaurant and one for a local newspaper, you will not be able to identify whether a flow went specifically to one web site or the other. All you can tell is that certain computers talked to a server on port 80. -- Janice -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman Sent: Friday, September 19, 2008 1:15 PM To: 'InterMapper Discussion' Subject: Spam:*******, RE: [IM-Talk] Net Flows Question Janice, Here the scenario: Network Admin opens his Browser and types: http://name.doman.net/file.zip He downloads the file. He is running IM-R and opens the Flows Window Under the Sessions Tab he sees his http session but ...the server is listed by IP address. The "name.domain.net" is a cname and the Webserver is doing http 1.1 host header lookup Why can't Flows report the name? Mike Lieberman Net Wright LLC -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Janice Losgar Sent: Friday, September 19, 2008 11:00 AM To: 'InterMapper Discussion' Subject: Spam:*******, RE: [IM-Talk] Net Flows Question Mike, Are you looking in the Flows window and seeing IP addresses that are not resolved? It's the client OS that does the resolving, not the server. Is the address resolvable from the client where you are viewing the Flows window? Regards, Janice Losgar Dartware, LLC -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman Sent: Friday, September 19, 2008 12:40 PM To: 'InterMapper Discussion' Subject: Spam:*******, [IM-Talk] Net Flows Question I am looking at the session log and note that when the remote server is was called by a CNAME that the name is not displayed, rather the IP address is listed. Since the CNAME was properly resolvable via public DNS why doesn't it display? ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
