[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Network Connection Object TCP Extension
Do we really want to rebuild or capture the entire IP/TCP header in CybOX? Does that really make sense when there are other solutions that arguably do this much better? I think CybOX should capture the high level things that are important that meet the 80-90% use case and leave those other nitty-gritty things for another solution. I could see this network connection just having a hex encoded libpcap or libpcap-ng data blob if you really wanted to to capture the packet, datagram, or frame headers. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]