Comment by ryao

Comment by ryao 8 days ago

2 replies

View on Hacker News

I meant it is difficult relative to fingerprinting TLS and HTTP. The information is not exported by the berkeley socket API unless you use raw sockets and implement your own userland TCP stack.

sneak 8 days ago

Couldn’t you just monitor the inbound traffic and associate the packets to the connections? Doing your own TCP seems silly.

Reply View 1 reply
  • gruez 8 days ago

    Yeah, some sort of packet mirroring setup (eg. in iptables or at the switch level) + packet capture tool should be enough. Then you just need to join the data from the packet capture program/machine with your load balancer, using src ip + port + time.

    Reply View 0 replies