hello!
i have the output from snort into mysql
database. Thus i have all packet information.. now i
want to get the (tcpdump type) trace file out of this
captured information. can anyboby help me out ...
stating how to write a tcpdump trace file i.e get the
file which is generated by #tcp
> > looking at snort.
>
> libnids is *perfect*, thank you :)
Does it handle lost segments well? I mean, when
you never get a segment, will NIDS understand that,
give up on the segment, and continue feeding the
user with the rest of the stream?
Similarly, does it track connections without
captu
On Sun, 12 Sep 2004, Guy Harris wrote:
> Shaun wrote:
>
> > Or get a DAG card? Not sure if they support FreeBSD though.
>
> http://www.endace.com/faq.htm#linux
>
> "Q: Do you support any other operating systems than Linux? Do you
> support BSD or Solaris?
>
> A: Linux is the primary platfor
libpcap has a lot of lint. In gencode.c, some patterns stand out:
1) Lots of unreachable break statements after return statements;
why not drop the break statements?
2) "Assignment of negative constant to unsigned type", usually
assignments of the type "off_linktype = -1;" where off_li
(blah blah blah the other brain fart was sending it from sonic.net again
blah blah blah duplicate message dissector blah blah blah)
Michael Richardson wrote:
You tell me.
We didn't do a 0.8.4 yet, but this sounds like significant enough to
warrant 0.9, but maybe I'm wrong.
Sorry, brain fart,
-BEGIN PGP SIGNED MESSAGE-
> "Guy" == Guy Harris <[EMAIL PROTECTED]> writes:
Guy> Michael Richardson wrote:
>> Okay, so can it get integrated into CVS HEAD, and I will arrange
>> to do a 3.9, 0.9.
Guy> HEAD, or HEAD and x.8 branch?
You tell me.
We didn't do a 0.
(blah blah blah another message sent from the wrong address blah blah
blah duplicate message detector blah blah blah)
Michael Richardson wrote:
Okay, so can it get integrated into CVS HEAD, and I will
arrange to do a 3.9, 0.9.
HEAD, or HEAD and x.8 branch?
-
This is the tcpdump-workers list.
Vi
-BEGIN PGP SIGNED MESSAGE-
> "David" == David Young <[EMAIL PROTECTED]> writes:
David> I have resolved all conflicts on libpcap-0.8.3. This was
David> easy except for lib/libpcap/gencode.c, which contained a lot
David> of NetBSD-private patches from thorpej, itojun, and o
> "Bruce" == Bruce M Simpson <[EMAIL PROTECTED]> writes:
>> >Looks good to me, at least for the top-of-tree (where we require
>> that >the platform support 64-bit integers, and where we define
>> u_int64_t to >be an unsigned 64-bit integer type).
Bruce> It would be nice if we
I don't have a clue what I can do about this... other than
putting lots of never-really-works RBL junk in. It was
sent from a valid From:
Received: from lox.sandelman.ottawa.on.ca (IDENT:[EMAIL PROTECTED] [205.150.200.178])
by noxmail.sandelman.ottawa.on.ca (8.11.6p3/8.11.6) with ESMTP id
Bruce M Simpson ([EMAIL PROTECTED]) wrote:
> On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus:
> > I've been trying to read some tcp payloads from a dump file
> > generated by tcpdump. Everything has been going smoothly until
> > I encounter tcp segment losses and tcp retransmis
On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus:
> I've been trying to read some tcp payloads from a dump file
> generated by tcpdump. Everything has been going smoothly until
> I encounter tcp segment losses and tcp retransmissions.
By 'read some tcp payloads' I assume you're
Hello,
I've been trying to read some tcp payloads from a dump file
generated by tcpdump. Everything has been going smoothly until
I encounter tcp segment losses and tcp retransmissions.
Now i'm no coding genius nor do I understand the ins and out of
tcp headers enough to be able to develop a sol
13 matches
Mail list logo
