Security Basics mailing list archives
Re: Classifying pcap data
From: "Andy Peters" <andrewpeters2000 () googlemail com>
Date: Thu, 3 Feb 2011 17:49:52 -0000
Howard,Something I have done before is to write a php script that runs tshark over all the pcap files in a directory and then puts the results into a MySQL database (built on a LAMP system).
You can get TShark to just look at the protocols and generate stats and a protocol heirarchy, instead of looking at all the packet contents and you can get php to capture the output and database it with only a few lines of code.
Once the information is in a database it's easy to use SQL queries and a php based website to display stats and allow searching of the information.
Of course you don't have to use php and mysql but I have used them before and the concept works. I'm sure it is just as easy to use perl/python/ruby or some other scripting language to script the Tshark commands and parse the output. Equally any number of databases could be used based on your development environment and there are a number of options for displaying the output from a web front end (php/asp/cgi) to any good scripting language.
Hope this helps Andy-----Original Message----- From: Howard Howard
Sent: Monday, January 31, 2011 9:41 PM To: security-basics () securityfocus com Subject: Classifying pcap data Hi List, I am working on analyzing large amount of pcap files. I am trying to classify the captured data to - find out the ratio of used internet protocols at application layer (e.g. filesharing / chat / ssh) - find out what kind of http traffic was happening I am not too curious about the details of every package but want to know about the general usage. To classify the web traffic I would like to correlate my pcaps with maybe content filter blacklists. Can you suggest me tools to perform such tasks? Can you point me to any more ways to analyze large amount of traffic? Many thanks in advance! Howard ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital CertificateIn this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Classifying pcap data Howard Howard (Feb 03)
- Re: Classifying pcap data Todd Hughes (Feb 03)
- Re: Classifying pcap data Jeff Stebelton (Feb 03)
- Re: Classifying pcap data Andy Peters (Feb 03)
- Re: Classifying pcap data Brandon McGinty (Feb 03)
- Re: Classifying pcap data David Schekaiban (Feb 03)
- Re: Classifying pcap data Todd Hughes (Feb 03)