Full Disclosure mailing list archives
Re: pcap flow extraction
From: John Kinsella <jlk () thrashyour com>
Date: Wed, 5 Dec 2007 23:48:20 -0800
If you're OK with an intermediate step, you'll find a few tools out there (eg switch's YAF) that read pcap and spit out the flow data in netflow format. Then a second utility (eg flow-tools) can turn that into whatever format you'd like... John On Thu, Dec 06, 2007 at 06:35:42PM +1100, Ivan . wrote:
Hi, Does anyone have any ideas for flow information extraction from a rather large pcap file, 6 gigs? I am after the standard stuff, source, destination, service. Ethereal/wireshark is a no go, as it won't process the file due to size, tcpflow is OK, but a little untidy. any suggestions are appreciated, preferably open source and also has anyone used "tcpdstat" for something like this? thanks Ivan
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- pcap flow extraction Ivan . (Dec 05)
- Re: pcap flow extraction John Kinsella (Dec 06)
- Re: pcap flow extraction, Net::Frame is your friend GomoR (Dec 06)
- Re: pcap flow extraction reepex (Dec 08)
- Re: pcap flow extraction Bill Weiss (Dec 09)
- <Possible follow-ups>
- Re: pcap flow extraction SilentRunner (Dec 06)
- Re: pcap flow extraction Richard Bejtlich (Dec 08)
- Re: pcap flow extraction Ivan . (Dec 09)