About extends a new protocol


(jerome) #1

I am extending a new packetbeat, just wondering that the beat can bind and listen a port, if it can get the inbound and outbound byte via the port. i.e.: while listening to a HTTP port like 80, can we get the HTTP request and HTML code in the beat?


(Tudor Golubenco) #2

Not sure I understand, do you want to add a new protocol in Packetbeat that is based on HTTP?

Or do you want to actually accept TCP connections in Packetbeat? In the latter case, it's better to create a new beat for that.

More details about what you're trying to accomplish would be helpful.


(jerome) #3

Actually, we are going to audit the data flow in our data platform, e.g.: we gotta monitor how many bytes send to client side by a SQL request(maybe not a SQL query but a FTP request). Like:

SQL query "select * from XXX" returns 500Bytes data. FTP request "dump.zip" returns 100M bytes.


(Tudor Golubenco) #4

Ok, I think the SQL part should be possible already with Packetbeat for mysql & postgresql. An FTP protocol would be interesting to add to PB.


(jerome) #5

I didn't really go thru the code of mysql etc.. I tested the HTTP protocol, the beat can only capture the inbound request, not the outbound response.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.