|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: analyse tcpdump output
Do people still use snort for this? snort -r filename, IIRC -w Le mercredi 22 novembre 2006 à 16:34 +0100, Stefan Hegger a écrit : > Hi, > > I wonder if someone knows a tool to use a tcpdump output for anomaly > dedection. It is sometimes really time consuming when looking for identical > patterns in the tcpdump output. > > It would be helpful to get a diff between SYN and ACK's e.g. Or look for a > pattern in a URL. Or just get some timediffs e.g. when an ACK is send but > client is waiting for data etc. > > We would like to decrease time to investigate the cause for an unusual network > behaviour. > > Best Stefan
|