On 16 May 2023, at 06:46, Matthew Petach <mpetach@netflight.com> wrote: [..] I admit, I'm perhaps a little behind on the latest netflow whiz-bangs, but I've never seen a netflow record type that included HTTP cookies or PCAP data before.
Take your pick from the "latest" ~2009 IPFIX Information Elements: https://www.iana.org/assignments/ipfix/ipfix.xhtml One can stuff almost anything in there. Now if one should, and if one is allowed to..... There is a reason why the marketing companies that control the general Internet moved the browser to HTTPS and are trying to move to using their VPNs/CDNs: cannot modify the data to alter or remove the Ad in-flight, and cannot easily see anymore what people are even contacting: visibility for the ad network and not the ISP (which is mostly a good thing, but not so much operationally ;) ) Greets, Jeroen