Hi,
I'm investigating network flows. And Packetbeat collect network traffic including forwarding.
I found some flow's destination is port 80 for http.
Otherwise, some flows source port is port 80.
I'm very sure the port 80 must be destination.
At this point, how does Packetbeat determine source and destination?
How can we solve this issue?
Thank you in advance,
jaypark81
It uses the first packet it sees as source. So if it has missed some packets from the beginning of the connection then it can get the source/destination wrong.
Understood.
Then, I worried about one Packetbeat daemon monitor many network interfaces.
( A packetbeat daemon monitors 5 network interface now.)
Is there recommendations to set up packetbeat?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.