North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: analyse tcpdump output

  • From: David Nolan
  • Date: Fri Nov 24 18:16:16 2006

--On November 22, 2006 4:34:13 PM +0100 Stefan Hegger <[email protected]> wrote:


I wonder if someone knows a tool to use a tcpdump output for anomaly
dedection. It is sometimes really time consuming when looking for
identical  patterns in the tcpdump output.

Check out Argus, <>. (I recommend still using version 2, version 3 is not quite production quality yet...)

Argus is a stream analyzer, instead of a packet analyzer. You can search argus data by tcp flags, by regular expression on the data (if you enable stream data logging, which is optional), or several other options. See the argus site for more information.