|
Honeypots
mailing list archives
Re: pcap log analysis
From: "Joe Hickory" <J.Hickory () gmx net>
Date: Mon, 26 Jul 2004 13:55:13 +0200 (MEST)
thanks for all who have replied, i didn't found a good tool covering all i
wanted to know, so i went with them:
pcapmerge
tcpdump
tcpreplay
tcptrace
ipaudit
snort (acid)
and wrote some scripts around the commandline output,
so i can get the following infos about the file:
packet count udp, tcp, other
connection count: tcp, udp
top ten of most active connected ip addresses
top ten of most used destination ports for udp, tcp
top ten of most active network blocks, (due to dividing the net into
generally XXX/8 networks)
if anybody is interested in that, very rudimentary, script feel free to
contact me offlist.
joe
--
250 MB Mailbox, 100 FreeSMS/Monat, 1000 MB Online-Festplatte
Jetzt GMX TopMail kostenlos testen http://www.gmx.net/de/go/topmail
 By Date 
By Thread
Current thread:
|
Intro
