analyse tcpdump output

Rodrick Brown rodrick.brown at gmail.com
Wed Nov 22 15:50:25 UTC 2006


On 11/22/06, Stefan Hegger <Stefan.Hegger at lycos-europe.com> wrote:
>
> Hi,
>
> I wonder if someone knows a tool to use a tcpdump output for anomaly
> dedection. It is sometimes really time consuming when looking for identical
> patterns in the tcpdump output.
>
> It would be helpful to get  a diff between SYN and ACK's e.g. Or look for  a
> pattern in a URL. Or just get some timediffs e.g. when an ACK is send but
> client is waiting for data etc.
>
> We would like to decrease time to investigate the cause for an unusual network
> behaviour.
>
> Best Stefan
> --
> Stefan Hegger
> Internet System Engineer
> Stefan.Hegger at lycos-europe.com
> Tel: +49 5241 8071 334
>
> Lycos Europe GmbH
> Carl-Bertelsmann Str. 29
> Postfach 315
> 33311 Gütersloh
>

http://www.wireshark.org

-- 
Rodrick R. Brown
http://groups.yahoo.com/group/wallstandtech



More information about the NANOG mailing list