Project

General

Profile

Actions

Feature #4406

open

unix socket: Get flow information by flow_id

Added by Eric Leblond over 1 year ago. Updated 4 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Effort:
low
Difficulty:
medium
Label:

Description

When a flow is long duration and is not yet dead, we can know it exists (via application layer logging) but we can't know anything about the volume of data exchanged. This is not helping to characterize the nature of the flow. For example, we can not differentiate a scp session and a ssh session (same example work on TLS tunnel).

A way to get information is to be able to query the unix socket to get the volumetry information from the flow.

Actions #1

Updated by Victor Julien over 1 year ago

It's unclear to me what your idea is here? Can you expand more?

Actions #2

Updated by Victor Julien 4 months ago

  • Subject changed from Get flow information by flow_id to unix socket: Get flow information by flow_id
  • Status changed from New to In Review
Actions

Also available in: Atom PDF