Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: analyse tcpdump output

  • From: William Waites
  • Date: Wed Nov 22 14:56:10 2006 
Do people still use snort for this? snort -r filename, IIRC

-w

Le mercredi 22 novembre 2006 à 16:34 +0100, Stefan Hegger a écrit :
> Hi,
> 
> I wonder if someone knows a tool to use a tcpdump output for anomaly 
> dedection. It is sometimes really time consuming when looking for identical 
> patterns in the tcpdump output.
> 
> It would be helpful to get  a diff between SYN and ACK's e.g. Or look for  a 
> pattern in a URL. Or just get some timediffs e.g. when an ACK is send but 
> client is waiting for data etc.
> 
> We would like to decrease time to investigate the cause for an unusual network 
> behaviour.
> 
> Best Stefan


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.