North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: analyse tcpdump output

  • From: William Waites
  • Date: Wed Nov 22 14:56:10 2006

Do people still use snort for this? snort -r filename, IIRC


Le mercredi 22 novembre 2006 à 16:34 +0100, Stefan Hegger a écrit :
> Hi,
> I wonder if someone knows a tool to use a tcpdump output for anomaly 
> dedection. It is sometimes really time consuming when looking for identical 
> patterns in the tcpdump output.
> It would be helpful to get  a diff between SYN and ACK's e.g. Or look for  a 
> pattern in a URL. Or just get some timediffs e.g. when an ACK is send but 
> client is waiting for data etc.
> We would like to decrease time to investigate the cause for an unusual network 
> behaviour.
> Best Stefan