Re: using a database to store packets

[Aaron Turner <aturner () pobox com>]

Uh, I'm sure this is obvious, but why not just use a bpf filter to
restrict what packets get written?  At least my experiances with SQL
databases is that the insert speed is not going to be fast enough with
anything but the lightest loaded network.

-- 
Aaron Turner <aturner at pobox.com|synfin.net>  http://synfin.net/
They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety. -- Benjamin Franklin
All emails are PGP signed; a lack of a signature indicates a forgery.

On Mon, Nov 29, 2004 at 04:46:01PM +0000, MAURICIOMANENTS wrote:
> Daniel Lawson wrote:
> > > The problem with libpcap format is that I can't read the file in
> > > realtime, nor delete packets.
> >
> > What do you mean by 'delete packets'. Are you wanting to actually remove
> > packets off the wire, or just from an offline storage of your capture?
>
> I want to remove packets from the capture in progress that's on the hard
> drive.
>
> > option 2:
> >
> > You want to filter out specific traffic before storing a capture to disk.
>
> option 2 is closer to what I want, but it's not what I want.
> I want to remove specific traffic WHILE storing a capture to disk.

Attachment: signature.asc
Description: Digital signature