Comments on: Capturing Traffic Once and Making That Traffic Available to Multiple Tools http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools grep understanding Tue, 15 May 2012 12:09:13 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Spacepacket http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-142916 Spacepacket Wed, 07 May 2008 13:56:11 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-142916 <p>I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.</p> I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.

]]> By: Spacepacket http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-251088 Spacepacket Wed, 07 May 2008 13:56:00 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-251088 <p>I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.</p> I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.

]]> By: Daniel Miessler http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-128840 Daniel Miessler Fri, 14 Mar 2008 13:56:10 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-128840 <p>@Adrian: I can't believe I had Elton John. FAIL</p> @Adrian: I can’t believe I had Elton John. FAIL

]]> By: Daniel Miessler http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-251087 Daniel Miessler Fri, 14 Mar 2008 13:56:00 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-251087 <p>@Adrian: I can't believe I had Elton John. FAIL</p> @Adrian: I can’t believe I had Elton John. FAIL

]]> By: ghost16825 http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-128827 ghost16825 Fri, 14 Mar 2008 11:51:17 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-128827 <p>Yeah, that was a good post on Richard's blog - it's a concept that everyone wants, but the implementation may get slightly tricky.</p> <p>Just on Richard Bejtlich's stuff - I feel the need to point out that perhaps you're overlooking the power of session data. In fact that's one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.</p> Yeah, that was a good post on Richard’s blog – it’s a concept that everyone wants, but the implementation may get slightly tricky.

Just on Richard Bejtlich’s stuff – I feel the need to point out that perhaps you’re overlooking the power of session data. In fact that’s one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.

]]> By: ghost16825 http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-251086 ghost16825 Fri, 14 Mar 2008 11:51:00 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-251086 <p>Yeah, that was a good post on Richard's blog - it's a concept that everyone wants, but the implementation may get slightly tricky.</p> <p>Just on Richard Bejtlich's stuff - I feel the need to point out that perhaps you're overlooking the power of session data. In fact that's one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.</p> Yeah, that was a good post on Richard’s blog – it’s a concept that everyone wants, but the implementation may get slightly tricky.

Just on Richard Bejtlich’s stuff – I feel the need to point out that perhaps you’re overlooking the power of session data. In fact that’s one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.

]]> By: Adrian Bool http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-128769 Adrian Bool Fri, 14 Mar 2008 04:39:25 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-128769 <p>I think you may want John Lennon rather than Elton John for your Imagine reference...</p> <p>We already have tcpdump and the .pcap file format for much of what you want in this post - except for the last section which sounds like you've taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do - but could certainly be interesting.</p> <p>Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper - but not that cheap!</p> I think you may want John Lennon rather than Elton John for your Imagine reference…

We already have tcpdump and the .pcap file format for much of what you want in this post – except for the last section which sounds like you’ve taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do – but could certainly be interesting.

Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper – but not that cheap!

]]> By: Adrian Bool http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools/comment-page-1#comment-251085 Adrian Bool Fri, 14 Mar 2008 04:39:00 +0000 http://dmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools#comment-251085 <p>I think you may want John Lennon rather than Elton John for your Imagine reference...</p> <p>We already have tcpdump and the .pcap file format for much of what you want in this post - except for the last section which sounds like you've taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do - but could certainly be interesting.</p> <p>Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper - but not that cheap!</p> I think you may want John Lennon rather than Elton John for your Imagine reference…

We already have tcpdump and the .pcap file format for much of what you want in this post – except for the last section which sounds like you’ve taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do – but could certainly be interesting.

Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper – but not that cheap!

]]>