North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: analyse tcpdump output
- From: Roland Dobbins
- Date: Wed Nov 22 15:52:12 2006
- Authentication-results: sj-dkim-3; header.From=rdobbins@cisco.com; dkim=pass (sig from cisco.com/sjdkim3002 verified; );
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=705; t=1164228173; x=1165092173;c=relaxed/simple; s=sjdkim3002;h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;d=cisco.com; i=rdobbins@cisco.com;z=From:=20Roland=20Dobbins=20<rdobbins@cisco.com>|Subject:=20Re=3A=20analyse=20tcpdump=20output|Sender:=20;bh=pA/KhZaYYr7rIs9ZojTT+FgGyHchXg8FcBPCdJSf2o8=;b=WZ/pJm5L1PLA5BaBNWz5Ukjq6LEkiTzVGxA6au6nheJnulNL8Cx83GaxGG3C52GgUOi2Gp3gpzLkvuLCUE3lhz7EfN9+6VaYgKstp53RabLGRKyk3zNZhw8B+3q9R6IQ;
On Nov 22, 2006, at 12:37 PM, Netfortius wrote:
I wonder if someone knows a tool to use a tcpdump output for anomaly
dedection. It is sometimes really time consuming when looking for
identical
patterns in the tcpdump output.
For this sort of thing, you can do it far more scalably with
NetFlow. There are several good commercial NetFlow-based anomaly-
detection systems (Arbor, Lancope, Narus, Q1, etc.) and even an open-
source project (currently fallow) called Panoptis.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
All battles are perpetual.
-- Milton Friedman
|
