Re: [Sguil-users] Sguil vs packet captures, not live traffic
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Sguil vs packet captures, not live traffic
|
From: Guy B. <se...@wh...> - 2013-01-17 22:23:14
|
You are correct. The timestamps will be the timestamps of the replay time, not the original time. Guy ________________________________ From: Richard Bejtlich <tao...@gm...> To: sgu...@li... Sent: Thursday, January 17, 2013 9:53:55 AM Subject: Re: [Sguil-users] Sguil vs packet captures, not live traffic My concern with tools like Tcpreplay is that you lose the original timestamps. Sincerely, Richard On Thu, Jan 17, 2013 at 9:25 AM, Voth, Brad (GE Corporate) <Bra...@ge...> wrote: > not the most efficient way, but probably the quickest to set up would be tcpreplay. beyond that I think there would be a lot of tinkering required. > > Sent from my iPhone > > On Jan 17, 2013, at 9:10, "Richard Bejtlich" <tao...@gm...> wrote: > >> I was wondering if anyone had recommendations for ways to run Sguil >> (and its various components) against a packet capture, rather than >> solely on a live interface? >> >> Many of the individual Sguil components (Snort or Suricata, SANCP, >> etc.) work against a packet capture. However, it's not apparent how to >> get all of the components to work against a packet capture such that >> the results appear in the console as one might like to see. >> >> Any advice? >> >> Thank you, >> >> Richard >> > ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712 _______________________________________________ Sguil-users mailing list Sgu...@li... https://lists.sourceforge.net/lists/listinfo/sguil-users |
