[prev in list] [next in list] [prev in thread] [next in thread] 

List:       iptraf-ng
Subject:    forward dns lookup
From:       hamann.w () t-online ! de
Date:       2013-03-04 5:16:58
Message-ID: 51342E4A.mailx1W61KOAF4 () amadeus3 ! local
[Download RAW message or body]

Hi,

I am currently trying to use iptraf logging in order to discover unwanted
network traffic on one machine
Now, the reverse lookup means that I get
bigsite.com - reverse matches the site (and is meaningful)
somehost.com - this could be goodsite.com or badsite.com hosted in the same
datacenter
1.2.3.4 - no reverse possible
Without extra research it is not possible to detect whether an ip address is
near (in the same /24) as another one previously resolved

So I would like to ask
a) is it possible to log 1.2.3.4 (somehost.net)
b) since iptraf looks at the interface anyway, would it be possible to
capture dns traffic and use that instead of reverse lookup (or in addition)
i.e. if machine has asked for badsite.com, show that name along with the ip
address?

Regards
Wolfgang Hamann
[prev in list] [next in list] [prev in thread] [next in thread]