[93473] in North American Network Operators' Group
analyse tcpdump output
daemon@ATHENA.MIT.EDU (Stefan Hegger)
Wed Nov 22 10:36:26 2006
From: Stefan Hegger <Stefan.Hegger@lycos-europe.com>
To: NANOG <nanog@merit.edu>
Date: Wed, 22 Nov 2006 16:34:13 +0100
Errors-To: owner-nanog@merit.edu
Hi,
I wonder if someone knows a tool to use a tcpdump output for anomaly=20
dedection. It is sometimes really time consuming when looking for identical=
=20
patterns in the tcpdump output.
It would be helpful to get a diff between SYN and ACK's e.g. Or look for =
a=20
pattern in a URL. Or just get some timediffs e.g. when an ACK is send but=20
client is waiting for data etc.
We would like to decrease time to investigate the cause for an unusual netw=
ork=20
behaviour.
Best Stefan=20
=2D-=20
Stefan Hegger
Internet System Engineer
Stefan.Hegger@lycos-europe.com
Tel: +49 5241 8071 334
Lycos Europe GmbH
Carl-Bertelsmann Str. 29
Postfach 315
33311 G=FCtersloh
