tcpdump mailing list archives
Re: using a database to store packets
From: Daniel Lawson <daniel () wand net nz>
Date: Mon, 29 Nov 2004 08:33:32 +1300
The problem with libpcap format is that I can't read the file in realtime, nor delete packets.
What do you mean by 'delete packets'. Are you wanting to actually remove packets off the wire, or just from an offline storage of your capture?
eg, option 1:You want to use ethereal as a sort of NIDS/firewall system, which will pick out "unwanted" traffic and remove it completely off the wire.
option 2: You want to filter out specific traffic before storing a capture to disk.To me, option 2 is fairly trivial, and I wouldn't have thought needed a database backend. So I assume you're gunning for option 1. However, by the time you've read the packet, it's already continued on it's merry way off into the rest of the network, so you won't have a chance to remove it from the wire.
-- Daniel Lawson WAND Group, Computer Science DepartmentUniversity of Waikato email: daniel () wand net nz phone: +64 7 838 4136
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- <Possible follow-ups>
- Re: using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- Re: using a database to store packets Daniel Lawson (Nov 28)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)
- Re: using a database to store packets Aaron Turner (Nov 29)
- Re: using a database to store packets Daniel Lawson (Nov 29)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)