AW: [Snort-devel] Build a packet from mysql

Poppi, Sandro Sandro.Poppi at ...1204...
Tue May 6 06:22:23 EDT 2003


Wouldn't it be much easier to also log in pcap format using log_tcpdump and
use the packets directly? These logs can be directly loaded into ethereal.

Just my $0.02

Sandro
> 
> Is it possible to rebuild a complete packet from the contents 
> logged to
> sql? I'm not satisfied with the decode made by ACID, so I 
> want to rebuild
> the packet and pass it through an network analyzer like ethereal.
> Is this possible and easily done?
> 
> A quick look at the database design tell me that the packet 
> is split into
> different pieces and placed in different tables.
> 
> /Elof
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list