Replies: 4 comments 10 replies
-
Hi @roopeshsn, that's an interesting question. Sniffnet defines a network host as a tuple made of the following values:
The country and the autonomous system name are retrieved performing lookups against MMDB databases, while the domain name is extracted from the fully qualified domain name. For incoming connections, the source IP address is subject to rDNS lookup; for outgoing connections, the destination IP address is subject to rDNS lookup. I use the dns-lookup crate for this purpose. Each new connection that has an IP address not already looked up is sent to a separate thread to wait for the reverse resolution. Let me know if everything's clear and if you need further clarifications. |
Beta Was this translation helpful? Give feedback.
-
I have a doubt about packets and bytes calculations. In the image attached, as you can see for the src and dst IP (64.207.204.129 -> 10.233.83.218), the packet count is 5798 and the bytes are 116.2 KB. I believe using pcap lib, one packet is captured at a time. Whether 5798 is an aggregated count value? (I mean counting previous captured packets for the same src and dst IP.) |
Beta Was this translation helpful? Give feedback.
-
So if a packet comes again with those 5 parameters, then you'll increment the packet count and aggregate bytes field so that no duplicates will be in the table, right? |
Beta Was this translation helpful? Give feedback.
-
The graph is plotted with time against bytes/packets right? As you mentioned about the aggregation part previously, those values will not be plotted because they are accumulated data. The graph will be plotted with time against bytes/packets captured at that second. Am I right? or correct me if I am wrong. |
Beta Was this translation helpful? Give feedback.
-
What are hosts and how is host information gathered? Whether reverse DNS lookup is being used? If yes, should I use the destination IP address in a packet for reverse DNS lookup, and what other tools or libraries are required for the process?
Beta Was this translation helpful? Give feedback.
All reactions