FW: Data Analysis tools

["Joe Elliott" <joe () inetd com>]

Hello Michael,
    Our commercial product XQoS will analyze tcpdump data from live feeds
(taps/SPANs) or from files and produce detailed reports about:

1) bandwidth usage recorded at 10 sec intervals
2) top talkers (searchable to find endpoints and protocols)
3) top connections with protocol.
4) all protocols used and by which IP's and time.

XQoS will create detailed searchable tables and graphs in a SSL-WEB report
and make a permanent record of every transaction for around 1 year on a busy
corporate T3. You can view traffic in real-time with our JAVA tool and
easily understand all traffic flows on your network to assist in capacity
planning and network security.

Our ContExt extention will reconstruct the actual documents contained in the
tcpdump packet data (if the snaplen is set to max MTU for recordings). This
will display images (GIF/JPG/PNG), MP3, MS Office docs (WORD,EXCEL,PPT etc),
ZIP|tar.gz, PS. DVI etc etc and show them in a graphical report. You can
easily see where/when they were transmitted and view the actual document
thro a secure web report. In addition you can automatical search documents
for specific content and raise alerts via email etc to track movement of IP
in an organization. ContExt is a highly effective internal security tool
used by government agencies and fortune 100 companies.

There is more detailed info at http://www.inetd.com

It a commercial device including hardware and not open source, so I dont
know if that is what your looking for.

Joe.
  -----Original Message-----
  From: owner-tcpdump-workers () sandelman ottawa on ca
[mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of Keplinger,
Michael A
  Sent: Wednesday, January 29, 2003 8:14 AM
  To: Tcpdump-Workers (E-mail)
  Subject: [tcpdump-workers] Data Analysis tools


  Does anyone have any or know of any tools (possible perl scripts, etc.)
for anaylzing and trending tcpdump output?  I have been developing something
myself, but I wanted to see if anyone had something that they were currently
using.

  We get an enormous amount of traffic throughout our enterprise and we are
using Shadow for more of a reactive role rather than a proactive role.  I
would like to either develop or find some scripts or otherwise to organize
and trend this data, as well as compare it against the output of other IDS
tools that we use so we can be a little more proactive about the tool.

  Any ideas?

  =====================================
  Michael Keplinger
  Information Assurance
  Security Systems Engineer
  michael.keplinger () nmci-isf com

  "Some dumb quote"