Date: Thu, 27 Jun 2002 10:52:14 -0400 From: Ethan Blanton <eblanton@cs.ohiou.edu> Subject: Re: tcptrace-bugs technical question Message-ID: <20020627145214.GA9944@paco.paco.myip.org>
Gabriel Raviv spake unto us the following wisdom:
> I have tried out tcptrace and was wondering if the output could be changed.
> Specifically, we want a way to monitor traffic for virtual domains where the
> domains do not have there own IP address.
>
> So the output for a tcp stream would include the following
> date/time---total stream size (not just data, but inclusive of
> headers)---bytes in---bytes out---ip of server---virtual host
> name---protocol (http,smtp,pop,ftp)
Can you clarify this? By "virtual host", I assume you mean that you
have N domains on M IP addresses, where M < N.
If that assumption is correct, what you want is not possible at the
TCP level; application protocols such as HTTP are aware of the virtual
hosting, however, and tcptrace might be extensible to support such
peeking. I'm not sure such infrastructure is currently in place,
though, and it may be better implemented as a companion program or
something to reduce tcptrace bloat.
That said, if you can clarify what you want we might be able to give a
more concrete answer. (I don't understand, for instance, how you can
tell the virtual host of a POP or FTP connection).
Ethan
--
Now if I wasn't such a weenie do ya think you'd still love me,
Pretendin' I'm an airplane on the living room floor?
-- The Offspring, "I Choose"
This archive was generated by hypermail 2b30 : 06/27/02 EDT