nanog mailing list archives

Re: analyse tcpdump output

From: William Waites <ww () styx org>
Date: Wed, 22 Nov 2006 20:50:32 +0100


Do people still use snort for this? snort -r filename, IIRC

-w

Le mercredi 22 novembre 2006 à 16:34 +0100, Stefan Hegger a écrit :

Hi,

I wonder if someone knows a tool to use a tcpdump output for anomaly 
dedection. It is sometimes really time consuming when looking for identical 
patterns in the tcpdump output.

It would be helpful to get  a diff between SYN and ACK's e.g. Or look for  a 
pattern in a URL. Or just get some timediffs e.g. when an ACK is send but 
client is waiting for data etc.

We would like to decrease time to investigate the cause for an unusual network 
behaviour.

Best Stefan

Current thread:

analyse tcpdump output Stefan Hegger (Nov 22)
- Re: analyse tcpdump output Rodrick Brown (Nov 22)
- RE: analyse tcpdump output Brock, Anthony - NET (Nov 22)
- Re: analyse tcpdump output William Waites (Nov 22)
- Re: analyse tcpdump output Netfortius (Nov 22)
  - Re: analyse tcpdump output Roland Dobbins (Nov 22)
- Re: analyse tcpdump output David Nolan (Nov 24)
- Re: analyse tcpdump output Jason Chambers (Nov 25)
  - Re: analyse tcpdump output Jason Chambers (Nov 25)
    - Re: analyse tcpdump output Payam (Nov 27)