Author |
|
SS
Joined: 22 Apr 2015 Posts: 3
|
Posted: Wed 22 Apr '15 7:56 Post subject: Help with deep packet inspection ? |
|
|
I would like to know is it possible to have deep packet inspection in apache before SSH on send and after SSH on receive.
I have tried using mod_dumpio but it doesn't have much information about the packets.
I want to see the detailed log using apache modules.
Could you please let me know is it possible without using Wireshark or TCP dumps.
|
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
|
Back to top |
|
SS
Joined: 22 Apr 2015 Posts: 3
|
Posted: Thu 23 Apr '15 1:51 Post subject: |
|
|
Thanks for your reply but I am looking deep packet inspection without using Wireshark. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Thu 23 Apr '15 10:53 Post subject: |
|
|
SS wrote: | Thanks for your reply but I am looking deep packet inspection without using Wireshark. |
Means what? You want to use a firewall? A transparent proxy? You need something to look into it.
What is your goal? |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Thu 23 Apr '15 11:17 Post subject: |
|
|
pcap rings in my head as a tool for capturing packets for inspection. Tools used for inspecting I can not think of.
This is info-security/research incident response type stuff and well beyond the scope of this forum. We have a few geniuses that visit from time to time and probably know about this stuff but for the most part you would probably be better off googling "deep packet inspection" and start following the results.
You mentioned mod_dumpio and I did see something about using this module just yesterday.
https://isc.sans.edu/forums/diary/Logging+Complete+Requests+in+Apache+22+and+24/19607/
It may not be anything beyond what you have tried but I guess you can decide. The site in the link is right up this alley.
However, I'm as confused as James with your question. |
|
Back to top |
|