Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Searching for station IP based on the contacted hostname

 

Information

 

Summary:

Method to find the station IP when the contacted hostname (by the station) is known. For example, reported by a firewall. 

Environment:

Product: Flowmon Collector

Version: Any

Platform: Any

Question/Problem Description:

How do we find the station IP when we know the hostname the station contacted?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

Flowmon Probes and some other third-party flow sources can export hostnames to the flow data. Moreover, the probe can also export DNS queries to the flow data.

This information can be used in the Monitoring Center - Analysis to filter the flow data and find the station IP.

Sample filter can be:

hhost "google" or dns-qname "google"

hhost - filters the hostname

dns-qname - filters DNS query

In both cases, the filter search is also for a substring, matching google.com, and other variations. 

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments