[Snort-devel] Build a packet from mysql

Martin Olsson elof at ...969...
Tue May 6 05:54:04 EDT 2003


Is it possible to rebuild a complete packet from the contents logged to
sql? I'm not satisfied with the decode made by ACID, so I want to rebuild
the packet and pass it through an network analyzer like ethereal.
Is this possible and easily done?

A quick look at the database design tell me that the packet is split into
different pieces and placed in different tables.

/Elof





More information about the Snort-devel mailing list