Project

General

Profile

Actions

Feature #4751

closed

dns/eve: add 'HTTPS' type logging

Added by Victor Julien over 1 year ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:
Beginner, Rust

Description

{"timestamp":"2021-10-12T10:17:37.702061+0200","flow_id":865976079988333,"pcap_cnt":1,"event_type":"dns","src_ip":"192.168.0.47","src_port":61954,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4220,"rrname":"46-105-202-126.any.cdn.anycast.me","rrtype":"65","tx_id":0}}

rrtype: 65 instead of HTTPS


Files

dns-in-rec.pcap (133 Bytes) dns-in-rec.pcap Victor Julien, 10/12/2021 08:24 AM
Screenshot from 2021-10-12 10-25-04.png (78.8 KB) Screenshot from 2021-10-12 10-25-04.png Victor Julien, 10/12/2021 08:25 AM
Actions #1

Updated by Victor Julien over 1 year ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien over 1 year ago

  • Subject changed from dns: add 'HTTPS' type logging to dns/eve: add 'HTTPS' type logging
  • Label Beginner added
Actions #3

Updated by Victor Julien over 1 year ago

  • Label Rust added
Actions #4

Updated by Haleema Khan 4 months ago

  • Assignee set to Haleema Khan
Actions #5

Updated by Haleema Khan 4 months ago

After looking into the code specifically the DNS event type code parts and after reading all DNS record types, I have understood that it is returning rrtype:65 mainly because a DNS record type does not exist for the value: 65 so when matching the rrtype it never finds a match and the rrtype 65 gets returned as is after a toString() conversion.
If that's the case then first a DNS record type for this needs to be defined and then I can move forward with matching it in code.
Asking here just to make sure I am going in the right direction.

Actions #6

Updated by Haleema Khan 4 months ago

  • Status changed from New to In Review
Actions #7

Updated by Shivani Bhardwaj 4 months ago

  • Target version set to 7.0.0-beta1
Actions #8

Updated by Haleema Khan 3 months ago

Actions #9

Updated by Victor Julien 3 months ago

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Actions #10

Updated by Haleema Khan 3 months ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF