Hello.
I’m trying to mark and queue traffic. I want to catch gtalk with Layer7.
I have used original regexp=^<stream:stream to=“gmail.com” and it didn’t work.
Then I changed it to regexp=^<stream:stream to=“gmail.com”, after export I can see
regexp=“^<stream:stream to="gmail.com"” with the special marks. It didn’t work also.
I have tried even regexp=“^<stream:stream to="gmail.com"” and regexp=“^<stream:stream to="gmail\.com"”
By ports - it is impossibile. Gtalk uses different port every time, I tried to catch it by
dst address, src address, but it often connect with different addresses, sometimes
without using gtalk server.
How I can catch and mark gtalk traffic? Is it possibile?
Thx.