nanog mailing list archives
Re: analyse tcpdump output
From: David Nolan <vitroth+ () cmu edu>
Date: Fri, 24 Nov 2006 18:06:50 -0500
--On November 22, 2006 4:34:13 PM +0100 Stefan Hegger <Stefan.Hegger () lycos-europe com> wrote:
Hi, I wonder if someone knows a tool to use a tcpdump output for anomaly dedection. It is sometimes really time consuming when looking for identical patterns in the tcpdump output.
Check out Argus, <http://www.qosient.com/argus/>. (I recommend still using version 2, version 3 is not quite production quality yet...)
Argus is a stream analyzer, instead of a packet analyzer. You can search argus data by tcp flags, by regular expression on the data (if you enable stream data logging, which is optional), or several other options. See the argus site for more information.
-David
Current thread:
- analyse tcpdump output Stefan Hegger (Nov 22)
- Re: analyse tcpdump output Rodrick Brown (Nov 22)
- RE: analyse tcpdump output Brock, Anthony - NET (Nov 22)
- Re: analyse tcpdump output William Waites (Nov 22)
- Re: analyse tcpdump output Netfortius (Nov 22)
- Re: analyse tcpdump output Roland Dobbins (Nov 22)
- Re: analyse tcpdump output David Nolan (Nov 24)
- Re: analyse tcpdump output Jason Chambers (Nov 25)
- Re: analyse tcpdump output Jason Chambers (Nov 25)
- Re: analyse tcpdump output Payam (Nov 27)
- Re: analyse tcpdump output Jason Chambers (Nov 25)