Honeypots mailing list archives

Re: pcap log analysis

From: "Joe Hickory" <J.Hickory () gmx net>
Date: Mon, 26 Jul 2004 13:55:13 +0200 (MEST)

thanks for all who have replied, i didn't found a good tool covering all i 
wanted to know, so i went with them: 
pcapmerge 
tcpdump 
tcpreplay 
tcptrace 
ipaudit 
snort (acid) 
 
and wrote some scripts around the commandline output, 
so i can get the following infos about the file: 
packet count udp, tcp, other 
connection count: tcp, udp 
top ten of most active connected ip addresses 
top ten of most used destination ports for udp, tcp 
top ten of most active network blocks, (due to dividing the net into 
generally XXX/8 networks) 
 
if anybody is interested in that, very rudimentary, script feel free to 
contact me offlist. 
 
joe 

-- 
250 MB Mailbox, 100 FreeSMS/Monat, 1000 MB Online-Festplatte
Jetzt GMX TopMail kostenlos testen http://www.gmx.net/de/go/topmail

Current thread:

pcap log analysis Joe Hickory (Jul 19)
- Re: pcap log analysis Elliott C. Bäck (Jul 19)
- Re: pcap log analysis Kyle Maxwell (Jul 19)
- Re: pcap log analysis Graeme Connell (Jul 19)
- Re: pcap log analysis Christian Kreibich (Jul 19)
- <Possible follow-ups>
- Re: pcap log analysis Joe Hickory (Jul 26)
- Re: pcap log analysis Joe Hickory (Jul 28)
  - Re: pcap log analysis Edward Balas (Jul 28)
- Re: pcap log analysis Joe Hickory (Jul 29)