AW: [Snort-devel] Build a packet from mysql

Poppi, Sandro Sandro.Poppi at ...1204...
Tue May 6 06:22:23 EDT 2003

Wouldn't it be much easier to also log in pcap format using log_tcpdump and
use the packets directly? These logs can be directly loaded into ethereal.

Just my $0.02

> Is it possible to rebuild a complete packet from the contents 
> logged to
> sql? I'm not satisfied with the decode made by ACID, so I 
> want to rebuild
> the packet and pass it through an network analyzer like ethereal.
> Is this possible and easily done?
> A quick look at the database design tell me that the packet 
> is split into
> different pieces and placed in different tables.
> /Elof
> -------------------------------------------------------
> This email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at

More information about the Snort-devel mailing list