Re: Data Analysis tools

[George Bakos <gbakos () ists dartmouth edu>]

sub shameless_plug {

A small group of folks here have been working on Shadow and matured it
into a pluggable architecture for analysis using whatever pcap-based tool
you want. One of the output options is historical trend graphs per
second/minute/hour via gnuplot.

The top two graphs at http://people.ists.dartmouth.edu/~gbakos/sapphire
were made by shadow with a tcpdump filter. Ngrep, tcpdump, and (a very
basic) tethereal plugins are already done & I hope to have one for p0f
ready when we release v1.8 in the next few weeks.

There will be a posting here when it goes out the door.
}

On Wed, 29 Jan 2003 08:13:48 -0800
"Keplinger, Michael A" <michael.keplinger () nmci-isf com> wrote:

> Does anyone have any or know of any tools (possible perl scripts, etc.) for anaylzing and trending tcpdump output?  I 
> have been developing something myself, but I wanted to see if anyone had something that they were currently using.
>  
> We get an enormous amount of traffic throughout our enterprise and we are using Shadow for more of a reactive role 
> rather than a proactive role.  I would like to either develop or find some scripts or otherwise to organize and trend 
> this data, as well as compare it against the output of other IDS tools that we use so we can be a little more 
> proactive about the tool.
>  
> Any ideas?
>  
> =====================================
> Michael Keplinger
> Information Assurance
> Security Systems Engineer
> michael.keplinger () nmci-isf com
>  
> "Some dumb quote"
>  


-- 
George Bakos
Institute for Security Technology Studies
Dartmouth College
gbakos () ists dartmouth edu
voice   603-646-0665
fax     603-646-0666
Key fingerprint = D646 8F91 F795 27EC FF8B  8C95 B102 9EB2 081E CB85
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe