Project

General

Profile

Actions

Feature #4406

closed

unix socket: Get flow information by flow_id

Added by Eric Leblond over 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
low
Difficulty:
medium
Label:

Description

When a flow is long duration and is not yet dead, we can know it exists (via application layer logging) but we can't know anything about the volume of data exchanged. This is not helping to characterize the nature of the flow. For example, we can not differentiate a scp session and a ssh session (same example work on TLS tunnel).

A way to get information is to be able to query the unix socket to get the volumetry information from the flow.

Actions #1

Updated by Victor Julien over 3 years ago

It's unclear to me what your idea is here? Can you expand more?

Actions #2

Updated by Victor Julien over 2 years ago

  • Subject changed from Get flow information by flow_id to unix socket: Get flow information by flow_id
  • Status changed from New to In Review
Actions #3

Updated by Victor Julien about 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF