Dailydave mailing list archives
Re: halvar, record gigabit networking? IDS for forensics?
From: "Thomas Ptacek" <thomasptacek () gmail com>
Date: Fri, 17 Nov 2006 10:03:48 -0600
Did you read this code at all? I read the architecture document and skimmed the code for less than 5 minutes, and the "time machine" isn't what you said it is. Even its web page says it isn't. Thing thing records the first N bytes of streams that match configured filters, and it's just pcap code. ObRestOfTheList: don't thread pcap code. If there was ever an application domain that begged to be evented, it's packet capture and analysis. On 11/17/06, Gadi Evron <ge () linuxbox org> wrote:
http://www.packetstormsecurity.org/sniffers/tm-20061111-0.tar.gz The timemachine can record the entire contents of a high-volume network traffic stream in order to later "travel back in time" and inspect
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- halvar, record gigabit networking? IDS for forensics? Gadi Evron (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Thomas Ptacek (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? David J. Bianco (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Bamm Visscher (Nov 19)
- Re: halvar, record gigabit networking? IDS for forensics? Nick Selby (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Danny Quist (Nov 19)