Re: [Sguil-users] Sguil vs packet captures, not live traffic
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Sguil vs packet captures, not live traffic
|
From: Richard B. <tao...@gm...> - 2013-01-17 14:54:01
|
My concern with tools like Tcpreplay is that you lose the original timestamps. Sincerely, Richard On Thu, Jan 17, 2013 at 9:25 AM, Voth, Brad (GE Corporate) <Bra...@ge...> wrote: > not the most efficient way, but probably the quickest to set up would be tcpreplay. beyond that I think there would be a lot of tinkering required. > > Sent from my iPhone > > On Jan 17, 2013, at 9:10, "Richard Bejtlich" <tao...@gm...> wrote: > >> I was wondering if anyone had recommendations for ways to run Sguil >> (and its various components) against a packet capture, rather than >> solely on a live interface? >> >> Many of the individual Sguil components (Snort or Suricata, SANCP, >> etc.) work against a packet capture. However, it's not apparent how to >> get all of the components to work against a packet capture such that >> the results appear in the console as one might like to see. >> >> Any advice? >> >> Thank you, >> >> Richard >> > |
