Re: Classifying pcap data

[Brandon McGinty <brandon.mcginty () gmail com>]

For python, there's the pylibpcap library,
pylibpcap.sourceforge.net
It would be easy enough to use that and open a live stream or pap file,
and import that into a sqlite database.
Be glad to help further if you wish.

Brandon McGinty


On 2/3/2011 12:49 PM, Andy Peters wrote:
> Howard,
>
> Something I have done before is to write a php script that runs tshark
> over all the pcap files in a directory and then puts the results into a
> MySQL database (built on a LAMP system).
>
> You can get TShark to just look at the protocols and generate stats and
> a protocol heirarchy, instead of looking at all the packet contents and
> you can get php to capture the output and database it with only a few
> lines of code.
>
> Once the information is in a database it's easy to use SQL queries and a
> php based website to display stats and allow searching of the information.
>
> Of course you don't have to use php and mysql but I have used them
> before and the concept works. I'm sure it is just as easy to use
> perl/python/ruby or some other scripting language to script the Tshark
> commands and parse the output. Equally any number of databases could be
> used based on your development environment and there are a number of
> options for displaying the output from a web front end (php/asp/cgi) to
> any good scripting language.
>
> Hope this helps
>
> Andy
>
> -----Original Message----- From: Howard Howard
> Sent: Monday, January 31, 2011 9:41 PM
> To: security-basics () securityfocus com
> Subject: Classifying pcap data
>
> Hi List,
>
> I am working on analyzing large amount of pcap files.
>
> I am trying to classify the captured data to
> - find out the ratio of used internet protocols at application layer
> (e.g. filesharing / chat / ssh)
> - find out what kind of http traffic was happening
>
> I am not too curious about the details of every package but want to
> know about the general usage.
>
> To classify the web traffic I would like to correlate my pcaps with
> maybe content filter blacklists.
>
> Can you suggest me tools to perform such tasks? Can you point me to
> any more ways to analyze large amount of traffic?
>
> Many thanks in advance!
>
> Howard
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out
> how to test, purchase, install and use a thawte Digital Certificate on
> your Apache web server. Throughout, best practices for set-up are
> highlighted to help you ensure efficient ongoing management of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------