tcpdump mailing list archives
Re: using a database to store packets
From: Daniel Lawson <daniel () wand net nz>
Date: Tue, 30 Nov 2004 10:14:50 +1300
option 2: You want to filter out specific traffic before storing a capture to disk.option 2 is closer to what I want, but it's not what I want. I want to remove specific traffic WHILE storing a capture to disk.
Ok, that makes more sense then. I also guess you don't know ahead of time what traffic you wish to exclude?
ie, you wish to dynamically, as the capture is running, specify filters that will limit which traffic is being written to disk?
If you do know ahead of time some rules that you will apply to the traffic to determine what you are going to keep or discard, it's fairly trivial to write a program that uses libpcap directly, and set up your own BPF filters within it.
-- Daniel Lawson WAND Group, Computer Science DepartmentUniversity of Waikato email: daniel () wand net nz phone: +64 7 838 4136
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- <Possible follow-ups>
- Re: using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- Re: using a database to store packets Daniel Lawson (Nov 28)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)
- Re: using a database to store packets Aaron Turner (Nov 29)
- Re: using a database to store packets Daniel Lawson (Nov 29)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)