It is easier to recognize a cloud service by name, than by an IP address. The purpose of the CloudStats Plug-in is to display the host names of cloud services in OmniPeek.
This is demonstrated in the screenshot below for the peermap. The host names also appear in the nodes view, expert view, and any other feature in OmniPeek that displays nodes.
How does it work?
The CloudStats Plug-in extracts host names from HTTP GET packets and adds them to the nametable. OmniPeek does the rest.
See how it shows all the traffic going to and from WildPackets? But yet, WildPackets is not one node, it is the whole company, made up of many nodes. This trick is done by using the SubnetMap Plug-in, which is posted on MyPeek. Using the SubnetMap plug-in, I added an entry called WildPackets with a subnet of 10.4.0.0/16
In the name table, I added an entry called WildPackets with a subnet of 10.4.0.0/16.
Since the SubnetMap Plug-in works by filtering out packets that match the subnet, and inserting modified packets that have the IP changed to the subnet so that all packets of the same subnet appear as one node, I had to create this filter:
Version 1: conceived, developed, built, tested, and posted to MyPeek
- Savvius name update
- Rebuilt for OmniPeek 8.0. Added support for 64-bit OmniPeek.