Re: mysql to pcap?

["David J. Bianco" <david () vorant com>]

This might be a more complicated solution than you're looking for,
but check out Sguil (www.sguil.net).  It captures PCAP in addition to
snort alerts (and network session logs as well), so when you're
examining an event, you can easily reference the PCAP data for the
entire network session, not just the single packet which caused the
alert.  If you're ready to start looking at PCAP, you might as well
go whole hog with it.

        David


Tim Maletic wrote:
> I'm viewing snort events through a third-party tool that is fetching
> the data from the mysql database snort is logging to.  I want to be
> able to select a particular event in the third-party tool and view it
> in wireshark, so that I can subject the payload to wireshark's
> protocol parsers.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users