Hi all,
I have an issue with data collected.
I set up Splunk to index "Splunk network monitoring" and I get data in from Google chrome as this:
AddressFamily=ipv6
AddressFamilyId=23
PacketType=connect
PacketTypeId=0
Direction=outbound
Protocol=TCP
ProtocolId=6
LocalAddress=::1
LocalPort=65343
RemoteHostName=50f9:1fe9:ad00:0:3800::
RemoteAddress=::1
RemotePort=9229
ProcessName="c:\program files (x86)\google\chrome\application\chrome.exe"
UserName="ffff.ffff"
UserSid=s-1-5-21.dddd.dddd.dddd.dddd
UserId=0-dddd
HeaderSizeBytes=0
IPsecProtected=0
TransportHeaderSizeBytes=0
I wonder, how do I find what or who or why is RemoteHostName=
and who/what/why 50f9:1fe9:ad00:0:3800::
I tried to google, to ping, or other type of means to search that IP to no avail.
Thank you,
Bogdan