Hi *, I have a Packet Sniffing sensor running for monitoring traffic volumes on http port 80. Now I would like to differentiate within this based on the DNS host names. So for example something like: show me the traffic volumes for all websites that have the word "google" and "mcirosoft" in the DNS name. Is that possible? And how (assuming that it is)?

Best regards, Will Moonen

Article Comments

Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.

Hello,

I'm afraid this would only be possible with a Custom Packet Sniffer sensors, with then the hostnames (goole & microsoft) resolved into IPs.

best regards.


Nov, 2012 - Permalink

I'm using the custom version - sorry for the confusion. I would expect something in the channel definitions.

Examples of current channel definitions:

  1. 1000:BitTorrent ((Protocol[TCP] OR Protocol[UDP]) AND (SourcePort[6363] OR DestinationPort[6363] OR SourcePort[8063] OR DestinationPort[8063]))
  1. 1010:Filesharing ((Protocol[TCP] OR Protocol[UDP]) AND (DestinationPort[137-139] OR DestinationPort[445] OR SourcePort[137-139] OR SourcePort[445]))

Based on this, I would expect something like this:

  1. 1020:Microsoft SourceIP[*microsoft*] AND DestinationPort[80]
  1. 1030:Google SourceIP[*google*] AND DestinationPort[80]

Is this correct? Any suggestions?


Nov, 2012 - Permalink

Only full dns-names are supported. With dns-names, wildcards cannot be used.


Nov, 2012 - Permalink