[Dailydave] halvar, record gigabit networking? IDS for forensics?
Thomas Ptacek
thomasptacek at gmail.com
Fri Nov 17 16:03:48 Local tim 2006
Did you read this code at all? I read the architecture document and
skimmed the code for less than 5 minutes, and the "time machine" isn't
what you said it is. Even its web page says it isn't. Thing thing
records the first N bytes of streams that match configured filters,
and it's just pcap code.
ObRestOfTheList: don't thread pcap code. If there was ever an
application domain that begged to be evented, it's packet capture and
analysis.
On 11/17/06, Gadi Evron <ge at linuxbox.org> wrote:
> http://www.packetstormsecurity.org/sniffers/tm-20061111-0.tar.gz
>
> The timemachine can record the entire contents of a high-volume network
> traffic stream in order to later "travel back in time" and inspect
More information about the Dailydave
mailing list