analyse tcpdump output

Stefan Hegger Stefan.Hegger at lycos-europe.com
Wed Nov 22 15:34:13 UTC 2006


Hi,

I wonder if someone knows a tool to use a tcpdump output for anomaly 
dedection. It is sometimes really time consuming when looking for identical 
patterns in the tcpdump output.

It would be helpful to get  a diff between SYN and ACK's e.g. Or look for  a 
pattern in a URL. Or just get some timediffs e.g. when an ACK is send but 
client is waiting for data etc.

We would like to decrease time to investigate the cause for an unusual network 
behaviour.

Best Stefan 
-- 
Stefan Hegger
Internet System Engineer
Stefan.Hegger at lycos-europe.com
Tel: +49 5241 8071 334

Lycos Europe GmbH
Carl-Bertelsmann Str. 29
Postfach 315
33311 Gütersloh



More information about the NANOG mailing list