docs: add names reference

ethack · Aug 30, 2023 · 073fcba · 073fcba
1 parent 2c4d97a
commit 073fcba
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 2 deletions.
diff --git a/docs/_sidebar.md b/docs/_sidebar.md
@@ -11,6 +11,7 @@
 - [Cheatsheets](cheatsheets/)
 
 - [Reference](reference/)
+  - [IP ⟷ Hostname](reference/names.md)
   - [`chop`](reference/chop.md)
   - [`conn-summary`](reference/conn-summary.md)
   - [`filter`](reference/filter.md)

diff --git a/docs/about/docs.md b/docs/about/docs.md
@@ -1,7 +1,7 @@
 
 This documentation uses the [Diátaxis](https://diataxis.fr/) framework for structure. It is mainly broken out into these sections:
 - [Tutorials](tutorials/) - This is the best place to start as a new user. You can follow the instructions and learn as you go.
-- [Cheatsheets](cheatsheets/) - This section replaces "How To" and is meant for experienced users who are looking for instructions on a specific task.
+- [Cheatsheets](cheatsheets/) - This section replaces "how-to guides" and is meant for experienced users who are looking for instructions on a specific task.
 - [Reference](reference/) - This is where you can see what tools make up THT or learn more about a particular tool.
 - [Explanation](explanation/) - This is where you will find deeper explanations of trickier topics.
 

diff --git a/docs/development.md b/docs/development.md
@@ -59,4 +59,8 @@ https://github.com/fzankl/docsify-plugin-flexible-alerts
 
 ### LaTeX
 
-https://oeis.org/wiki/List_of_LaTeX_mathematical_symbols
+https://oeis.org/wiki/List_of_LaTeX_mathematical_symbols
+
+### Emoji
+
+https://docsify.js.org/#/emoji?id=emoji
diff --git a/docs/reference/names.md b/docs/reference/names.md
@@ -0,0 +1,12 @@
+
+The following Zeek logs and fields can be used to associate an IP address with a hostname.
+
+| Log        | Domain or Hostname                                    | IP Address                     |
+| ---------- | ----------------------------------------------------- | ------------------------------ |
+| `dns`      | `query`                                               | `answers`                      |
+| `http`     | `host`                                                | `id.resp_h`                    |
+| `ssl`      | `server_name`                                         | `id.resp_h`                    |
+| `dhcp`     | `host_name`, `domain`, `client_fqdn`                  | `assigned_addr`, `client_addr` |
+| `kerberos` | `client`                                              | `id.orig_h`                    |
+| `ntlm`     | `hostname`                                            | `id.orig_h`                    |
+| `ntlm`     | `server_dns_computer_name`, `server_nb_computer_name` | `id.resp_h`                    |