Method to find the station IP when the contacted hostname (by the station) is known. For example, reported by a firewall. 


Product: Flowmon Collector

Version: Any

Platform: Any

Question/Problem Description:

How do we find the station IP when we know the hostname the station contacted?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  

Flowmon Probes and some other third-party flow sources can export hostnames to the flow data. Moreover, the probe can also export DNS queries to the flow data.

This information can be used in the Monitoring Center - Analysis to filter the flow data and find the station IP.

Sample filter can be:

hhost "google" or dns-qname "google"

hhost - filters the hostname

dns-qname - filters DNS query

In both cases, the filter search is also for a substring, matching, and other variations. 


