DISQUS

Website
http://dmiessler.com/
Original page
http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools
Subscribe
All Comments
Community
Top Commenters
- ax0n
  5 comments · 1 points
- Maxo
  12 comments · 2 points
- Michael Blume
  5 comments · 1 points
- cooperati
  179 comments · 2 points
- dapxin
  39 comments · 1 points
Popular Threads

Adrian Bool · 1 year ago

I think you may want John Lennon rather than Elton John for your Imagine reference...

We already have tcpdump and the .pcap file format for much of what you want in this post - except for the last section which sounds like you've taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do - but could certainly be interesting.

Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper - but not that cheap!
ghost16825 · 1 year ago

Yeah, that was a good post on Richard's blog - it's a concept that everyone wants, but the implementation may get slightly tricky.

Just on Richard Bejtlich's stuff - I feel the need to point out that perhaps you're overlooking the power of session data. In fact that's one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.
Daniel Miessler · 1 year ago

@Adrian: I can't believe I had Elton John. FAIL
Spacepacket · 1 year ago

I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.