North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: analyse tcpdump output
> -----Original Message----- > I wonder if someone knows a tool to use a tcpdump output for anomaly > dedection. It is sometimes really time consuming when looking > for identical > patterns in the tcpdump output. > > It would be helpful to get a diff between SYN and ACK's e.g. > Or look for a > pattern in a URL. Or just get some timediffs e.g. when an ACK > is send but > client is waiting for data etc. For anomaly detection there is Ourmon. It can be downloaded at: http://jerry.cat.pdx.edu/ourmon/download.html You can preview it running at Portland State University at: http://jerry.cat.pdx.edu/ourmon/ However, I believe this isn't as detailed or low-level as what you're looking for. In any case, it's a great tool for seeing unusual patterns or strange behavior on your network. Tony
|