Hi, I found out about iptraf a few months ago, and when looking for advice
noticed that your project develops on it.
So my question is: I am monitoring one machine on the LAN by setting
a filter for that station and running in background mode. I have name
resolution on too. I believe it would be helpful for this particular
project to have normal logging (a talking to b, so many bytes etc) as well as
details on dns results. So I would like to see
a) machine is looking up a.b.com
b) machine is talking to one of the addresses returned from the lookup
and contrastt this with situations where the target ip was not obtained from dns.
With rvnamed, I just learn that the machine was talking to amazonaws or akamai.
This idea might also include a change to name resolution: prefer dns results
from the monitored machine over reverse lookups..
Is something like this possible, does it exist in parts, or should I consider
a different tool instead?