North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: analyse tcpdump output
- From: Rodrick Brown
- Date: Wed Nov 22 10:55:41 2006
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Bj4qPd5z2qsVVy/nsxTVQCUkCxn+ZCoV6vjiuHvEidtRrF5x7JYE/XQbwZsKOzVA1ZOkXKBK4XdlfeOD0fOQX4XPfckk8ictfqDXfayP+tCl76bek3TeMhj6M0zIjBAatl0gN63A2Qdvmg2NkvzbeLZMAycJkgjOPn73UB4QE5M=
On 11/22/06, Stefan Hegger <Stefan.Hegger@lycos-europe.com> wrote:
Hi,
I wonder if someone knows a tool to use a tcpdump output for anomaly
dedection. It is sometimes really time consuming when looking for identical
patterns in the tcpdump output.
It would be helpful to get a diff between SYN and ACK's e.g. Or look for a
pattern in a URL. Or just get some timediffs e.g. when an ACK is send but
client is waiting for data etc.
We would like to decrease time to investigate the cause for an unusual network
behaviour.
Best Stefan
--
Stefan Hegger
Internet System Engineer
Stefan.Hegger@lycos-europe.com
Tel: +49 5241 8071 334
Lycos Europe GmbH
Carl-Bertelsmann Str. 29
Postfach 315
33311 Gütersloh
http://www.wireshark.org
--
Rodrick R. Brown
http://groups.yahoo.com/group/wallstandtech
| 
