Firewall Wizards mailing list archives
[OT] tcpdump parsing
From: Damian Gerow <damian () sentex net>
Date: Wed, 8 Oct 2003 14:20:18 -0400
First off, apologies for the off-topic post. But I have no idea where to turn for tcpdump help, and I figured most of the folks here have used it at least moderately, if not extensively. I've been spending the past week or so trying to track down what seems to be a trojan that has been affecting our customers, that seems to come and go. To give myself a little more to work with, I've nabbed 550MB worth of network traffic from one of their links, spanning a couple of days. The problem is, I can't open this up in ethereal. The file is just too large. I've tried trimming the fat down (POP3 sessions, web browsing sessions, ICMP echo request/reply, certain gaming sites, etc.), but I'm still sitting here with 500MB of traffic. Is there a way to take a tcpdump binary file, and pull a date range from it? The tcpdump man page leads me to believe no, and a fair bit of Google searching has provided no leads. I'd also be willing to try various other GUIs that understand tcpdump output (so long as they run on X). Yes, I'm fully aware that I can do this all on the commandline, but I find the GUI a bit easier to work with in this case. Any pointers or suggestions are very welcomed at this point. It's frustrating to be sitting with the culprit on disk, but not be able to find out who or what the culprit /is/. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Devdas Bhagat (Oct 08)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Paul Robertson (Oct 11)
- Spamming, 'hidden' mail server Damian Gerow (Oct 08)
- Re: Spamming, 'hidden' mail server Jeff Bollinger (Oct 15)
- Re: Spamming, 'hidden' mail server Damian Gerow (Oct 17)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 11)
- Re: [OT] tcpdump parsing hermit921 (Oct 13)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)
- Re: [OT] tcpdump parsing Devdas Bhagat (Oct 08)
- Re: [OT] tcpdump parsing Damian Gerow (Oct 08)