From owner-freebsd-questions Wed Jul 26 23:56:44 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by hub.freebsd.org (Postfix) with ESMTP id D3D8637B9B2 for ; Wed, 26 Jul 2000 23:56:40 -0700 (PDT) (envelope-from jcwells@nwlink.com) Received: from utah (jcwells@utah.nwlink.com [209.20.130.41]) by smtp.nwlink.com (8.9.3/8.9.3) with SMTP id XAA08076; Wed, 26 Jul 2000 23:56:31 -0700 (PDT) Date: Thu, 27 Jul 2000 00:08:36 -0700 (PDT) From: "Jason C. Wells" X-Sender: jcwells@utah To: Noor Dawod Cc: freebsd-questions@FreeBSD.ORG Subject: Re: one IP, multiple hosts. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 27 Jul 2000, Noor Dawod wrote: > Suppose you have one IP, 192.168.10.80, which is the IP of many hosted > domains (and their respective hosts) on a certain web server. Using Apache's > NameVirtualHost and VirtualHost directives, I can direct the flow of packets > being sent to the same IP to different hosts. > > My question is: using tcpdump, trafshow, snort, or any other program I don't > know about, how can I know which host is being accessed when the only > information I got is: IP address, and port number (80 for web) ? I am going to answer a completely different question than you asked. :) You could set different log files in each of your directives. Your log analyzer would then tell you which virtual host received what traffic. It's just an idea and may utterly not suit what you are trying to accomplish. I don't think those networked tools will help you unless you can make them spit out resolved names instead of IP addresses. I am not much of a networking guy. Be warned. Thank you, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message