We set out to build pcapr as "packets meet web 2.0". Historically packets have been relegated to tools written to be more command-line oriented and we wanted to change that. Packets carry a wealth of information and nothing better than web 2.0 (which to me is a way of interacting and visualizing things in the browser) to bring out the best in these little pesky beasts. Pcapr is somewhat unique in that it bridges a wide array of folks with very different expertise (jquery, javascript, couchdb, network/packet/security geeks, forensics, operators and firewall/ips vendors). For the most part people only see and interact with the application and are agnostic to the fact that it's couchdb.
OTOH, the fact that we use couch is what enables us to very rapidly iterate and deliver such sexy applications (I might be biased!) without having to worry about schema and joins and such nastiness. We are mostly using the map/reduce capabilities of couch. As I mention it in my JS3 blog, that fact that pcapr is a three-tiered javascript app means there's less data translation and less layers and that means fast iteration with less things breaking. For the record, "beam" has been running with 0.4% memory utilization for the past 3 months. All view updates and document format changes have all been on the fly without bringing anything down. Super cool. K. On Mon, Aug 24, 2009 at 1:25 PM, Chris Anderson<[email protected]> wrote: > On Sun, Aug 23, 2009 at 3:00 PM, kowsik<[email protected]> wrote: >> 15.0 GBytes, 26.3 million packets, contextual search and instant >> access to packets, not to mention HN/Twitter-style one-liners attached >> to packets and searches for a community oriented forensics >> application. >> >> http://bit.ly/12I62D for the blog and >> http://www.pcapr.net/forensics for the app >> >> Still no sql. :-) > > This is really cool - thanks for sharing. > > I'm not so in depth with the network security community - are people > who understand this stuff getting into it? Are you taking advantage of > the ability to publish data via CouchDB replication? > > Cheers, > Chris > >> >> K. >> --- >> http://labs.mudynamics.com >> http://twitter.com/pcapr >> > > > > -- > Chris Anderson > http://jchrisa.net > http://couch.io >
