How can I verify, when I parse a packet, whether the IP address for the packet is one from a specific DNS name that for has many IP's listed (i.e. this DNS name does a round robin type approach & is acting as the main company proxy server DNS name - however it hands off to one of many actual proxy servers in real time)
verifying whether IP address is associated with an overall DNS name?
- Thread starter callagga
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I may not understand your properly. How are you parsing the packet? The code in whatever program you're using to parse the packet must look it up in DNS. This could make the parser run extremely slowly.
Jeff
Jeff
Re parsing assume it is any parsing library, e.g. WinPCap for example. Some additional background re the question is below. So filtering on "host proxy.mycompany.com" itself doesn't work, so I'm asking about whether there is a way to tell for the packet captured (which might be proxy3.zzz.aaa.mycompany.com), whether this in fact is really proxy traffic .
ASSUMPTIONS
=========
First in terms of some assumptions for the sake of this example:
nslookup proxy.mycompany.com
Name: proxy.xxx..yyy.mycompany.com
Address: 10.10.1.10
Aliases: proxy.mycompany.com
nslookup 10.1.1.10
Name: proxy3.zzz.aaa.mycompany.com
Address: 10.10.1.10
WIRESHARK RESULTS FOR GIVEN CAPTURE FILTER
================================
a) "host proxy.mycompany.com" => Does not pickup the browser traffic I created that transits the proxy. Again my goal is to find a way to filter on this.
b) "host proxy3.zzz.aaa.mycompany.com" => Does pick up the traffic BUT of course I've had to manually type in the actual proxy server. I tested with the same browser straight after putting in the capture filter so the proxy I was handed back obviously didn't change in that small time (i.e. at other time I would be handed off to proxy5.zzz.aaa.mycompany.com say for example)
ASSUMPTIONS
=========
First in terms of some assumptions for the sake of this example:
nslookup proxy.mycompany.com
Name: proxy.xxx..yyy.mycompany.com
Address: 10.10.1.10
Aliases: proxy.mycompany.com
nslookup 10.1.1.10
Name: proxy3.zzz.aaa.mycompany.com
Address: 10.10.1.10
WIRESHARK RESULTS FOR GIVEN CAPTURE FILTER
================================
a) "host proxy.mycompany.com" => Does not pickup the browser traffic I created that transits the proxy. Again my goal is to find a way to filter on this.
b) "host proxy3.zzz.aaa.mycompany.com" => Does pick up the traffic BUT of course I've had to manually type in the actual proxy server. I tested with the same browser straight after putting in the capture filter so the proxy I was handed back obviously didn't change in that small time (i.e. at other time I would be handed off to proxy5.zzz.aaa.mycompany.com say for example)
nobaloney
NoBaloney Internet Svcs - In Memoriam †
You've managed to stump me. Perhaps someone else here will be able to respond, but I'm guessing that a support forum for the DirectAdmin webhosting software for linux and FreeBSD is probably not the best place to ask this kind of question.
Jeff
Jeff