Large PCAP Analysis.

[xavi.garcia at gmail.com (Xavi Garcia)]

Hi, guys.

Sorry for this off-topic, but I am just starting in the field and learning
by myself, so I may be wrong in many cases. Please be patient :)


Have you ever used Argus to analyze large  pcap files?

There is a very interesting (and old) article from Richard Bejtlich in
INSECURE N? 4.

http://www.net-security.org/dl/insecure/INSECURE-Mag-4.pdf

"Structured Traffic Analysis"

I think we should look deeper  into the pcap files once we have the full
picture and we know what we are looking for.

Regards from Munich :) ,

Xavier Garcia


2010/1/11 Adrian Crenshaw <irongeek at irongeek.com>

> This guy has written a tool to split pcap files into smaller chunks:
>
> http://archives.devshed.com/forums/networking-100/splitpcap-py-split-up-pcap-files-2gigt-1603326.html
>
> I've not tested it however.
>
> Adrian
>
> On Mon, Jan 11, 2010 at 1:21 PM, Marc-Andre Meloche <
> marcandremeloche at gmail.com> wrote:
>
> > Hi Folks, i was wondering, did you ever have to analyze large pcap files.
> >
> > I got a 7GB pcap file i have to analyze and it seems Wireshark has some
> > issues...
> >
> > Do you think Xplico could do the job?
> >
> >
> > --
> > Marc-Andre Meloche.
> >
> > PGP Fingerprint
> > 9991 7A60 C38B 7E5E E2B1
> > 374B 718C 4141 E96D 164C
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100111/bdc30225/attachment.htm