Re: tcpdump logfile viewer

["Joel R. Helgeson" <joel () helgeson com>]

I have written a perl script that churns through tcpdump files and generates reports on the data.
When I do a security audit, one thing I do is a 24 hour packet capture, where I plug my Linux box into the core switch 
and mirror all traffic on the core to my linux box where I run:

tcpdump -n -q >capture.file

Then I run

dumpscan.pl capture.file

I gather 24 hours of data, which sometimes is several hundred gigs of data, then I run it through my perl script which 
generates my reports.  I take these raw traffic reports and plug them into excel where I generate these charts and 
graphs. (See Attached)

I also tossed these files up to my site - http://www.appiant.net/audit so anyone can download them.  

If you use it, and you like it, drop me a note.

Joel
  ----- Original Message ----- 
  From: Aaron Gray 
  To: Full Disclosure 
  Sent: Sunday, June 18, 2006 5:01 PM
  Subject: [Full-disclosure] tcpdump logfile viewer


  Are there any viewers for tcpdump log files ?

  1)
      a) On Linux
      b) on Windows
      c) as an HTML server
  2)
      a) text dump file
      b) binary dump file

  Aaron



------------------------------------------------------------------------------


  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/

Attachment: dumpscan.txt
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/