sometime in the last 6 weeks I started a thread on classification errors. I have been doing some further investigation and found thane was wrong and needed to be corrected. I have searched all my activities and not been able to find the initial post to correct the error.
Where has the post gone?
Streaming video is classified as infrastructure
NTP is classified as thunderVPN
A http access to an Apple site is classified as manual proxy surfing on IPv6
Some iMAPs traffic is unclassified.
Thank you for contacting the Sophos Community.
For issues related to Classification Errors, you would need to do a pcap capture, take a screenshot of the Log Viewer Application Filter so we…
Another one, NTP not being classified.
For issues related to Classification Errors, you would need to do a pcap capture, take a screenshot of the Log Viewer Application Filter so we can submit this to labs for them to analyze.
Kerberos on Mac is classified as Torrent Clients P2P.I don't want to submit pcap of Kerberos authentication.Will Sophos be able to reproduce these issues?If Sophos can't, the same problem will be repeated.
the thunderVPN is being investigated in another long running thread.
removed all unwanted results.
Where is the pcap output file stored?
You need to capture the pcap capture.
that is not PCAP but tcpdump, how does that relate to using the PCAP in logviewer? PCAP in logviewer reports that it is capturing data, but never displays the data.
So the command is the below, basically, it is a tcpdump save as pcap capture which then Labs uses the stream of data to analyze it.
# tcpdump -ni any host x.x.x.x and host x.x.x.x -b -w /tmp/application.pcap -s0
The x.x.x.x would be the IP of the computer doing the request and the Public IP of the Destination.
Thank you, I understand that, but that wan't the answer to the question about PCAP in logviewer.
I will try the tcpdump commands again and send you the files.
I sent you two files in a PM.