[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] "empty" xplico pcaps...
From:       Doug Burks <doug.burks () gmail ! com>
Date:       2013-06-28 12:39:06
Message-ID: CAK8kjrAFgqSv3M8fXbKW71GK8crTz71rOSTMC+2Bn1FGrF_ZQA () mail ! gmail ! com
[Download RAW message or body]

What exactly are you trying to accomplish with Xplico?

It seems like you're trying to use Xplico to *start* your
investigations.  I see Xplico best fitting in at the end of the
investigative workflow, meaning that you start with
Snorby/Squert/Sguil/ELSA to find interesting alerts/logs from
Snort/Suricata/Bro and then pull the pcap for analysis with
Wireshark/NetworkMiner/Xplico.

Doug

On Fri, Jun 28, 2013 at 4:14 AM, Antonio <antonio.laraq@gmail.com> wrote:
> Im using a Vm in a 35 pc lan with por mirroring , xplico pcap upload to analyze is \
> so sloooow, And live capture is more funny, any other app like xplico maybe???... \
> THANKS for reply, ;)))) 
> --
> You received this message because you are subscribed to the Google Groups \
> "security-onion" group. To unsubscribe from this group and stop receiving emails \
> from it, send an email to security-onion+unsubscribe@googlegroups.com. To post to \
> this group, send email to security-onion@googlegroups.com. Visit this group at \
> http://groups.google.com/group/security-onion. For more options, visit \
> https://groups.google.com/groups/opt_out. 
> 



-- 
Doug Burks
http://securityonion.blogspot.com

-- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.


[prev in list] [next in list] [prev in thread] [next in thread]