-
Website
http://danielmiessler.com/ -
Original page
http://danielmiessler.com/blog/capturing-traffic-once-and-making-that-traffic-available-to-multiple-tools -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
I think you may want John Lennon rather than Elton John for your Imagine reference...
We already have tcpdump and the .pcap file format for much of what you want in this post - except for the last section which sounds like you've taken your .pcap data, parsed it and dumped the results into a database. Not too hard to do - but could certainly be interesting.
Lots of data crosses most networks; how much of fit can we really keep? Hard drives are getting cheaper - but not that cheap!
Yeah, that was a good post on Richard's blog - it's a concept that everyone wants, but the implementation may get slightly tricky.
Just on Richard Bejtlich's stuff - I feel the need to point out that perhaps you're overlooking the power of session data. In fact that's one of the big things I learnt after reading one of his books. I used to think of network capture mainly in terms of full-content capture; now I think that session data alone, is highly underrated.
@Adrian: I can't believe I had Elton John. FAIL
I think OmniPeek is a good example of what you are describing. It supports a plugin API, and there are lots of plugins available from the WildPackets website. WildPackets also provides tools to load packets into a database. From there, lots of other applications can use the data.