I have written a small patch over the weekend that enables the base user to download or save the payload displayed by base (in hex code and in ascii code).
The pure payload in its binary form can be downloaded.
This is useful for further investigating the packets, because not everything can be
handled by "Follow tcpstream" in ethereal or by tcpflow or nstreams.
The patch consists of
I have done some first testing on a linux platform with snort-2.4.0, base-1.1.3 and with mysql encoding both in hex mode and in base64 mode.