logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Hardware & Networking View previous topic :: View next topic
Reply to topic   Topic: Help with deep packet inspection ?
Author
SS



Joined: 22 Apr 2015
Posts: 3

PostPosted: Wed 22 Apr '15 7:56    Post subject: Help with deep packet inspection ? Reply with quote

I would like to know is it possible to have deep packet inspection in apache before SSH on send and after SSH on receive.

I have tried using mod_dumpio but it doesn't have much information about the packets.

I want to see the detailed log using apache modules.

Could you please let me know is it possible without using Wireshark or TCP dumps.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Wed 22 Apr '15 14:49    Post subject: Reply with quote

You mean SSL instead of SSH?

if yes please read http://support.citrix.com/article/CTX116557
Back to top
SS



Joined: 22 Apr 2015
Posts: 3

PostPosted: Thu 23 Apr '15 1:51    Post subject: Reply with quote

Thanks for your reply but I am looking deep packet inspection without using Wireshark.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Thu 23 Apr '15 10:53    Post subject: Reply with quote

SS wrote:
Thanks for your reply but I am looking deep packet inspection without using Wireshark.


Means what? You want to use a firewall? A transparent proxy? You need something to look into it.

What is your goal?
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Thu 23 Apr '15 11:17    Post subject: Reply with quote

pcap rings in my head as a tool for capturing packets for inspection. Tools used for inspecting I can not think of.

This is info-security/research incident response type stuff and well beyond the scope of this forum. We have a few geniuses that visit from time to time and probably know about this stuff but for the most part you would probably be better off googling "deep packet inspection" and start following the results.

You mentioned mod_dumpio and I did see something about using this module just yesterday.
https://isc.sans.edu/forums/diary/Logging+Complete+Requests+in+Apache+22+and+24/19607/
It may not be anything beyond what you have tried but I guess you can decide. The site in the link is right up this alley.

However, I'm as confused as James with your question.
Back to top


Reply to topic   Topic: Help with deep packet inspection ? View previous topic :: View next topic
Post new topic   Forum Index -> Hardware & Networking