[93481] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: analyse tcpdump output

daemon@ATHENA.MIT.EDU (David Nolan)
Fri Nov 24 18:10:38 2006

Date: Fri, 24 Nov 2006 18:06:50 -0500
From: David Nolan <vitroth+@cmu.edu>
To: NANOG <nanog@merit.edu>
In-Reply-To: <200611221634.13338.Stefan.Hegger@lycos-europe.com>
Errors-To: owner-nanog@merit.edu

--On November 22, 2006 4:34:13 PM +0100 Stefan Hegger 
<Stefan.Hegger@lycos-europe.com> wrote:

>
> Hi,
>
> I wonder if someone knows a tool to use a tcpdump output for anomaly
> dedection. It is sometimes really time consuming when looking for
> identical  patterns in the tcpdump output.
>

Check out Argus, <http://www.qosient.com/argus/>.  (I recommend still using 
version 2, version 3 is not quite production quality yet...)

Argus is a stream analyzer, instead of a packet analyzer.  You can search 
argus data by tcp flags, by regular expression on the data (if you enable 
stream data logging, which is optional), or several other options.  See the 
argus site for more information.

-David


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[93481] in North American Network Operators' Group

Re: analyse tcpdump output

daemon@ATHENA.MIT.EDU (David Nolan)Fri Nov 24 18:10:38 2006

daemon@ATHENA.MIT.EDU (David Nolan)
Fri Nov 24 18:10:38 2006