Daniel Lawson wrote:
> >>option 2:
> >>You want to filter out specific traffic before storing a capture to disk.
> >
> >option 2 is closer to what I want, but it's not what I want.
> >I want to remove specific traffic WHILE storing a capture to disk.
>
> Ok, that makes more sense then. I also gues
option 2:
You want to filter out specific traffic before storing a capture to disk.
option 2 is closer to what I want, but it's not what I want.
I want to remove specific traffic WHILE storing a capture to disk.
Ok, that makes more sense then. I also guess you don't know ahead of
time wha
Uh, I'm sure this is obvious, but why not just use a bpf filter to
restrict what packets get written? At least my experiances with SQL
databases is that the insert speed is not going to be fast enough with
anything but the lightest loaded network.
--
Aaron Turner http://synfin.net/
They that c
Daniel Lawson wrote:
> >The problem with libpcap format is that I can't read the file in
> >realtime, nor delete packets.
>
> What do you mean by 'delete packets'. Are you wanting to actually remove
> packets off the wire, or just from an offline storage of your capture?
I want to remove packets f
The problem with libpcap format is that I can't read the file in
realtime, nor delete packets.
What do you mean by 'delete packets'. Are you wanting to actually remove
packets off the wire, or just from an offline storage of your capture?
eg, option 1:
You want to use ethereal as a sort of NI
Ed Maste wrote:
Your program wouldn't be processing old captured data. You have tcpdump
output libpcap format data to stdout, in realtime.
Note that there's currently no option in tcpdump to cause the standard
output to be flushed at the end of a packet (or a batch of packets) when
capturing wit
> > It's possible, but tcpdump itself can't do it. You could, for example,
> > write your own program to do so, reading a capture file from the
> > standard input (use libpcap, and open the file named "-" with
> > "pcap_open_offline()", to read from the standard input), and pipe
> > tcpdump's
Guy Harris wrote:
> MAURICIOMANENTS wrote:
> >I'd like to store packets in a database format so I can see packets
> >using ethereal (with the needed changes to support database reading)
>
> If you're talking about reading it using Ethereal, what you'll have to
> store is raw packet data, not some
MAURICIOMANENTS wrote:
I'd like to store packets in a database format so I can see packets
using ethereal (with the needed changes to support database reading)
If you're talking about reading it using Ethereal, what you'll have to
store is raw packet data, not something like a database record with
I'd like to store packets in a database format so I can see packets
using ethereal (with the needed changes to support database reading)
or remove not needed packets while capturing.
Does anyone know if it's possible to store packets using tcpdump on a
database (either SQL, Berkeley DB, or whateve
10 matches
Mail list logo
