[93479] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: analyse tcpdump output

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Nov 22 15:47:36 2006

In-Reply-To: <200611221437.00777.netfortius@gmail.com>
Cc: Network Fortius <netfortius@gmail.com>
From: Roland Dobbins <rdobbins@cisco.com>
Date: Wed, 22 Nov 2006 12:42:52 -0800
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu



On Nov 22, 2006, at 12:37 PM, Netfortius wrote:

>> I wonder if someone knows a tool to use a tcpdump output for anomaly
>> dedection. It is sometimes really time consuming when looking for  
>> identical
>> patterns in the tcpdump output.

For this sort of thing, you can do it far more scalably with  
NetFlow.  There are several good commercial NetFlow-based anomaly- 
detection systems (Arbor, Lancope, Narus, Q1, etc.) and even an open- 
source project (currently fallow) called Panoptis.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice

		All battles are perpetual.

     		   -- Milton Friedman


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[93479] in North American Network Operators' Group

Re: analyse tcpdump output

daemon@ATHENA.MIT.EDU (Roland Dobbins)Wed Nov 22 15:47:36 2006

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Nov 22 15:47:36 2006