Dailydave mailing list archives

Re: halvar, record gigabit networking? IDS for forensics?

From: "Thomas Ptacek" <thomasptacek () gmail com>
Date: Fri, 17 Nov 2006 10:03:48 -0600

Did you read this code at all? I read the architecture document and
skimmed the code for less than 5 minutes, and the "time machine" isn't
what you said it is. Even its web page says it isn't. Thing thing
records the first N bytes of streams that match configured filters,
and it's just pcap code.

ObRestOfTheList: don't thread pcap code. If there was ever an
application domain that begged to be evented, it's packet capture and
analysis.

On 11/17/06, Gadi Evron <ge () linuxbox org> wrote:

http://www.packetstormsecurity.org/sniffers/tm-20061111-0.tar.gz

The timemachine can record the entire contents of a high-volume network
traffic stream in order to later "travel back in time" and inspect

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

halvar, record gigabit networking? IDS for forensics? Gadi Evron (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Thomas Ptacek (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? David J. Bianco (Nov 17)
  - Re: halvar, record gigabit networking? IDS for forensics? Bamm Visscher (Nov 19)
- Re: halvar, record gigabit networking? IDS for forensics? Nick Selby (Nov 17)
  - Re: halvar, record gigabit networking? IDS for forensics? Danny Quist (Nov 19)