analyse tcpdump output
vitroth+ at cmu.edu
Fri Nov 24 23:06:50 UTC 2006
--On November 22, 2006 4:34:13 PM +0100 Stefan Hegger
<Stefan.Hegger at lycos-europe.com> wrote:
> I wonder if someone knows a tool to use a tcpdump output for anomaly
> dedection. It is sometimes really time consuming when looking for
> identical patterns in the tcpdump output.
Check out Argus, <http://www.qosient.com/argus/>. (I recommend still using
version 2, version 3 is not quite production quality yet...)
Argus is a stream analyzer, instead of a packet analyzer. You can search
argus data by tcp flags, by regular expression on the data (if you enable
stream data logging, which is optional), or several other options. See the
argus site for more information.
More information about the NANOG