[Cialug] Traffic Analysis
L. V. Lammert
lvl at omnitec.net
Sat Jul 25 14:48:59 UTC 2020
> Is this traffic encrypted?
>
Most likely, ..
> If so, I wouldn't expect Zeek (or really many other tools) to be able to
> give you the visibility you are looking for. In an encrypted environment
> Zeek won't provide much better data than netflow would at least out of
> the box.
>
Exactly! In order to identify the specific IP/URL generating excessive
traffic if an issue arises; the base IP would would be sufficient for a
dedicated server, but a web server will have many sites on a single IP, so
the actual URL would be required for accurate identification.
Thanks!
More information about the Cialug
mailing list