[93474] in North American Network Operators' Group
Re: analyse tcpdump output
daemon@ATHENA.MIT.EDU (Rodrick Brown)
Wed Nov 22 10:52:04 2006
Date: Wed, 22 Nov 2006 10:50:25 -0500
From: "Rodrick Brown" <rodrick.brown@gmail.com>
To: "Stefan Hegger" <Stefan.Hegger@lycos-europe.com>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <200611221634.13338.Stefan.Hegger@lycos-europe.com>
Errors-To: owner-nanog@merit.edu
On 11/22/06, Stefan Hegger <Stefan.Hegger@lycos-europe.com> wrote:
>
> Hi,
>
> I wonder if someone knows a tool to use a tcpdump output for anomaly
> dedection. It is sometimes really time consuming when looking for identic=
al
> patterns in the tcpdump output.
>
> It would be helpful to get a diff between SYN and ACK's e.g. Or look for=
a
> pattern in a URL. Or just get some timediffs e.g. when an ACK is send but
> client is waiting for data etc.
>
> We would like to decrease time to investigate the cause for an unusual ne=
twork
> behaviour.
>
> Best Stefan
> --
> Stefan Hegger
> Internet System Engineer
> Stefan.Hegger@lycos-europe.com
> Tel: +49 5241 8071 334
>
> Lycos Europe GmbH
> Carl-Bertelsmann Str. 29
> Postfach 315
> 33311 G=FCtersloh
>
http://www.wireshark.org
--=20
Rodrick R. Brown
http://groups.yahoo.com/group/wallstandtech
