[dsc] Filter DSC statistiks according to TLD / SLD

Jakob Dhondt jakob.dhondt at switch.ch
Tue Apr 3 14:35:45 UTC 2018

Hello everyone,

recently I have migrated our dsc processes to a new host and changed
some things along the way. One thing that I tried is filtering the
traffic from a pcap-file according to TLD / SLD so that we can share
part of the data where we act as secondary. I haven't found an easy way
though. One thing I could imagine is to use bpf_filter but I couldn't
find a way that does not involve knowing the exact byte values of the
packages. So the only thing I have come up with for now is filtering the
pcap beforehand, e.g. with tshark, and then feeding it to dsc. But I was
wondering if there is a better solution.

Kind regards,



Jakob Dhondt, Security Engineer, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 16 23
jakob.dhondt at switch.ch, www.switch.ch
Security-News: securityblog.switch.ch

More information about the dsc mailing list