Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

HTTP/S proxy communication in Analysis

 

Information

 

Summary:

Details of HTTP/S communication in Analysis when flow data are exported by Flowmon Probe.

Environment:

Product: Flowmon OS

Version: Any

Platform: Any

Question/Problem Description:

Is it possible to see hostnames when the HTTP/S communication targets to proxy?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

1) HTTP proxy communication

  • HTTP Request URI field contains hostname and path. The content of this field is represented by a URL field in FOS.
  • HTTP Host field contains only the hostname and the content of this field is represented by a hostname field in FOS.
  • mceclip0.png

2) HTTPS proxy communication

  • HTTP CONNECT method is used.
  • HTTP Request URI field contains hostname only (usually in the form hostname:port). The content of this field is represented by a URL field in FOS.
  • HTTP Host field contains only the hostname (usually in the form hostname:port) and the content of this field is represented by a hostname field in FOS.
  • When the TLS handshake is initiated then also SNI is captured. SNI contains the server name and the content of this field is represented by a TLS server name field in FOS.
  • mceclip1.png
Workaround:  
Notes:  

Comments