Snort mailing list archives
Session statistics
From: "John Creegan" <jcreegan () questarweb com>
Date: Thu, 21 Aug 2003 08:57:59 -0500
After staying late last night to find out who on my network had been hit with SoBig, I decided I needed a little bit of network analysis capability. I found the offending PC rapidly once I started snort with session statistics in machine format. A few greps, slices and sorts later I had the beginnings of a network usage tool. I've searched the mail list archives and the snort website looking for the tool I need, and have not yet found it. Before I go off and create this tool, I'd like to know if there already is a tool which can take advantage of the session.log data to tell me: 1. Who the top talkers are 2. Where the hotspots on the network are. If not, I'm thinking about creating a table in the snort database and then writing a bit of Perl to populate the table with the session stats. I might then either write some php pages to add into ACID or write stored procedures or even more Perl to do a bit of analysis. Ultimately, I'd rather add the capability to ACID. Anyone know of a way I can do this with existing tools? This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Session statistics John Creegan (Aug 21)
- Re: Session statistics Erek Adams (Aug 21)
- Re: Session statistics Andrew R. Baker (Aug 22)
- Re: Session statistics Andreas Östling (Aug 22)
- Prevent ARP attack on NIDS sniffer. Sam Wun (Aug 24)
- Re: Prevent ARP attack on NIDS sniffer. Edin Dizdarevic (Aug 25)
- Re: Prevent ARP attack on NIDS sniffer. Erek Adams (Aug 25)
- Prevent ARP attack on NIDS sniffer. Sam Wun (Aug 24)
- Re: Session statistics Bamm Visscher (Aug 22)
- <Possible follow-ups>
- Re: Session statistics Richard Bejtlich (Aug 25)
- Re: Session statistics Erek Adams (Aug 21)