Re: [pmacct-discussion] HTTP traffic classification

2014-03-24 Thread Stathis Gkotsis
:56:32 + From: pa...@pmacct.net To: pmacct-discussion@pmacct.net Subject: Re: [pmacct-discussion] HTTP traffic classification Dears, First off, interesting discussion. Under the assumption we speak libpcap and not NetFlow/IPFIX, I confirm, as it was already clear from Slava and Chris

Re: [pmacct-discussion] HTTP traffic classification

2014-03-24 Thread Karl O. Pinc
On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote: Hi all, Concerning HTTP: I guess the thing to output would be hostname, since you can have multiple HTTP requests to different URLs inside one TCP Session.About DNS, what should be outputted? I guess the hostname for A queries is good enough

Re: [pmacct-discussion] HTTP traffic classification

2014-03-24 Thread Chris Wilson
Hi Karl, On Mon, 24 Mar 2014, Karl O. Pinc wrote: On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote: Concerning HTTP: I guess the thing to output would be hostname, since you can have multiple HTTP requests to different URLs inside one TCP Session.About DNS, what should be outputted? I guess

Re: [pmacct-discussion] HTTP traffic classification

2014-03-24 Thread Karl O. Pinc
On 03/24/2014 08:14:25 AM, Chris Wilson wrote: I'd like to see the *content* of DNS requests and responses available to be logged in data records by pmacct. It can be very helpful in identifying which website someone was trying to access, when all we have is an IP address. I accept that

Re: [pmacct-discussion] HTTP traffic classification

2014-03-23 Thread Paolo Lucente
Dears, First off, interesting discussion. Under the assumption we speak libpcap and not NetFlow/IPFIX, I confirm, as it was already clear from Slava and Chris emails, that there is nothing built-in to do this in pmacct. I see two possible avenues for this: a) go the classification way, ie. most

[pmacct-discussion] HTTP traffic classification

2014-03-22 Thread Stathis Gkotsis
Hi all, First, I would like to thank you for the great product, pmacct has proven very useful to me, which brings me to my question :)I see that it is possible to enable traffic classification, which is about detecting L7 protocol. I am particularly interested in HTTP and also outputting the

Re: [pmacct-discussion] HTTP traffic classification

2014-03-22 Thread Viacheslav Dubrovskyi
22.03.2014 21:20, Stathis Gkotsis пишет: Hi all, First, I would like to thank you for the great product, pmacct has proven very useful to me, which brings me to my question :) I see that it is possible to enable traffic classification, which is about detecting L7 protocol. I am particularly

Re: [pmacct-discussion] HTTP traffic classification

2014-03-22 Thread Chris Wilson
Hi all, On Sat, 22 Mar 2014, Viacheslav Dubrovskyi wrote: 22.03.2014 21:20, Stathis Gkotsis пишет: First, I would like to thank you for the great product, pmacct has proven very useful to me, which brings me to my question :) I see that it is possible to enable traffic classification, which