|
EtherealRe: [Ethereal-dev] Acid for tethereal (complete) |
|
||
|
|
EtherealRe: [Ethereal-dev] Acid for tethereal (complete) |
|
||
If you can bzgrep for the packets, couldn't you also supply a read filter to tethereal? (command line option -R) I'd also ask, what kind of database and what kind of searching? I am not familiar with Snort/Acid (and somehow don't think a web search for "snort acid" would give me the desired results) It seems that the protocolinfo tap (combined with a read filter) would add extra (useful?) information to your bz2 files. (-z proto,colinfo,<filter>,<field>) Formal dumping of packet information to a database (SQL?) is on the todo list for ethereal. At the moment, a very basic form could be made with a tap listener that writes per-packet information to a file other than standard out. If you wanted to write such a tap, tap-protocolinfo.c would be a good starting point... Jaime Fournier wrote: > > Everyone, > I am looking to record packets, and > store certain ones in a db in realtime somewhat like > Snort/Acid. Acid being the interface to the database. > Actually I guess I am looking to see if anyone else > does packet logging with ethereal/tethereal, and then > stores it in some format that can be searched etc. > Otherwise I will keep my hourly bz2 rollup of the > collinfo stuff, and just bzgrep it. > > Thanks in advance. > > Jaime Fournier > > ===== > Jaime Fournier > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > _______________________________________________ > Ethereal-dev mailing list > Ethereal-dev@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-dev
Powered by MHonArc 2.6.10