tcpdump mailing list archives
FW: Data Analysis tools
From: "Joe Elliott" <joe () inetd com>
Date: Wed, 29 Jan 2003 10:48:14 -0800
Hello Michael, Our commercial product XQoS will analyze tcpdump data from live feeds (taps/SPANs) or from files and produce detailed reports about: 1) bandwidth usage recorded at 10 sec intervals 2) top talkers (searchable to find endpoints and protocols) 3) top connections with protocol. 4) all protocols used and by which IP's and time. XQoS will create detailed searchable tables and graphs in a SSL-WEB report and make a permanent record of every transaction for around 1 year on a busy corporate T3. You can view traffic in real-time with our JAVA tool and easily understand all traffic flows on your network to assist in capacity planning and network security. Our ContExt extention will reconstruct the actual documents contained in the tcpdump packet data (if the snaplen is set to max MTU for recordings). This will display images (GIF/JPG/PNG), MP3, MS Office docs (WORD,EXCEL,PPT etc), ZIP|tar.gz, PS. DVI etc etc and show them in a graphical report. You can easily see where/when they were transmitted and view the actual document thro a secure web report. In addition you can automatical search documents for specific content and raise alerts via email etc to track movement of IP in an organization. ContExt is a highly effective internal security tool used by government agencies and fortune 100 companies. There is more detailed info at http://www.inetd.com It a commercial device including hardware and not open source, so I dont know if that is what your looking for. Joe. -----Original Message----- From: owner-tcpdump-workers () sandelman ottawa on ca [mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of Keplinger, Michael A Sent: Wednesday, January 29, 2003 8:14 AM To: Tcpdump-Workers (E-mail) Subject: [tcpdump-workers] Data Analysis tools Does anyone have any or know of any tools (possible perl scripts, etc.) for anaylzing and trending tcpdump output? I have been developing something myself, but I wanted to see if anyone had something that they were currently using. We get an enormous amount of traffic throughout our enterprise and we are using Shadow for more of a reactive role rather than a proactive role. I would like to either develop or find some scripts or otherwise to organize and trend this data, as well as compare it against the output of other IDS tools that we use so we can be a little more proactive about the tool. Any ideas? ===================================== Michael Keplinger Information Assurance Security Systems Engineer michael.keplinger () nmci-isf com "Some dumb quote"
Current thread:
- Data Analysis tools Keplinger, Michael A (Jan 29)
- Re: Data Analysis tools Thomas Kessler (Jan 29)
- Re: Data Analysis tools George Bakos (Jan 30)
- <Possible follow-ups>
- FW: Data Analysis tools Joe Elliott (Jan 29)