Mike,

I do have two support tickets open for this problem. Can you please confirm
that you can do a reverse lookup on these addresses from the machine where
you are viewing IM Flows, and I will open another ticket for you. Thanks!

-- Janice 

-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman
Sent: Friday, September 19, 2008 1:37 PM
To: 'InterMapper Discussion'
Subject: RE: Spam:*******, RE: [IM-Talk] Net Flows Question

That's nice BUT even then the PTR should resolve to the A name. So why
didn't it?

If you want the actual names to run a DNS lookup or DIG on I will provide it
off line.

-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Janice Losgar
Sent: Friday, September 19, 2008 11:29 AM
To: 'InterMapper Discussion'
Subject: Spam:*******, RE: [IM-Talk] Net Flows Question

Mike,

IM Flows uses a DNS PTR query to identify the name for a given IP address.
The NetFlow information exported by the router contains the source and
destination IP addresses; it does not contain any information from the
payload of the TCP packet itself.

If you have a web server that serves multiple virtual hosts, e.g. one for a
restaurant and one for a local newspaper, you will not be able to identify
whether a flow went specifically to one web site or the other. All you can
tell is that certain computers talked to a server on port 80.


-- Janice 

-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman
Sent: Friday, September 19, 2008 1:15 PM
To: 'InterMapper Discussion'
Subject: Spam:*******, RE: [IM-Talk] Net Flows Question

Janice,

Here the scenario:
        Network Admin opens his Browser and types:
                http://name.doman.net/file.zip
        He downloads the file.
        He is running IM-R and opens the Flows Window
        Under the Sessions Tab he sees his http session but
                ...the server is listed by IP address.
                The "name.domain.net" is a cname and the
                Webserver is doing http 1.1 host header lookup

Why can't Flows report the name? 

Mike Lieberman
Net Wright LLC

-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Janice Losgar
Sent: Friday, September 19, 2008 11:00 AM
To: 'InterMapper Discussion'
Subject: Spam:*******, RE: [IM-Talk] Net Flows Question

Mike,

Are you looking in the Flows window and seeing IP addresses that are not
resolved? It's the client OS that does the resolving, not the server. Is the
address resolvable from the client where you are viewing the Flows window?

Regards,

Janice Losgar
Dartware, LLC

-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Lieberman
Sent: Friday, September 19, 2008 12:40 PM
To: 'InterMapper Discussion'
Subject: Spam:*******, [IM-Talk] Net Flows Question

I am looking at the session log and note that when the remote server is was
called by a CNAME that the name is not displayed, rather the IP address is
listed. Since the CNAME was properly resolvable via public DNS why doesn't
it display?

 

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

____________________________________________________________________
List archives: 
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]

Reply via email to