The content you are looking for has been archived. View related content below.
The ip.src and ip.dst meta are extracted from IP headers of the packet and represent Source and Destination IP addresses.
The Original IP (populated into orig_ip) meta is extracted from headers on the application layer. This could be for example HTTP header X-Forwarded-for attached by proxy to identify client IP (this is extracted by parser available from CMS Live). Another example is X-Originating-IP header entry extracted by MAIL parser from email headers.
The alias.ip meta is extracted from DNS response when resolving a name to IP address. E.g: if you request DNS name for www.example.com and the DNS server responds with X.X.X.X, this IP address is then recorded as alias.ip meta.