Do ISP's collect and analyze traffic of users?
Matthew Petach
mpetach at netflight.com
Tue May 16 19:44:37 UTC 2023
On Tue, May 16, 2023 at 1:10 AM Jeroen Massar <jeroen at massar.ch> wrote:
>
>
> > On 16 May 2023, at 06:46, Matthew Petach <mpetach at netflight.com> wrote:
> > [..]
> > I admit, I'm perhaps a little behind on the latest netflow whiz-bangs,
> > but I've never seen a netflow record type that included HTTP cookies
> > or PCAP data before.
>
> Take your pick from the "latest" ~2009 IPFIX Information Elements:
>
> https://www.iana.org/assignments/ipfix/ipfix.xhtml
>
> One can stuff almost anything in there.
>
> Now if one should, and if one is allowed to.....
>
Wow.
Thank you, Jeroen, I was indeed a bit out of date.
Thank you for the pointer!
(For those in the same boat as I, here's the relevant portion that clearly
points out that yes, you can export the entire packet if you so desire):
313 ipHeaderPacketSection octetArray default current
This Information Element carries a series of n octets from the IP header of
a sampled packet, starting sectionOffset octets into the IP header.
However, if no sectionOffset field corresponding to this Information
Element is present, then a sectionOffset of zero applies, and the octets
MUST be from the start of the IP header.
With sufficient length, this element also reports octets from the IP
payload. However, full packet capture of arbitrary packet streams is
explicitly out of scope per the Security Considerations sections of [RFC5477
<https://www.iana.org/go/rfc5477>] and [RFC2804
<https://www.iana.org/go/rfc2804>].
Thanks!
Matt
(still learning after all these years. ^_^ )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230516/4039cfe8/attachment.html>
More information about the NANOG
mailing list