sub shameless_plug {
A small group of folks here have been working on Shadow and matured it
into a pluggable architecture for analysis using whatever pcap-based tool
you want. One of the output options is historical trend graphs per
second/minute/hour via gnuplot.
The top two graphs at http://people.ists.dartmouth.edu/~gbakos/sapphire
were made by shadow with a tcpdump filter. Ngrep, tcpdump, and (a very
basic) tethereal plugins are already done & I hope to have one for p0f
ready when we release v1.8 in the next few weeks.
There will be a posting here when it goes out the door.
}
On Wed, 29 Jan 2003 08:13:48 -0800
"Keplinger, Michael A" <[EMAIL PROTECTED]> wrote:
> Does anyone have any or know of any tools (possible perl scripts, etc.) for
>anaylzing and trending tcpdump output? I have been developing something myself, but
>I wanted to see if anyone had something that they were currently using.
>
> We get an enormous amount of traffic throughout our enterprise and we are using
>Shadow for more of a reactive role rather than a proactive role. I would like to
>either develop or find some scripts or otherwise to organize and trend this data, as
>well as compare it against the output of other IDS tools that we use so we can be a
>little more proactive about the tool.
>
> Any ideas?
>
> =====================================
> Michael Keplinger
> Information Assurance
> Security Systems Engineer
> [EMAIL PROTECTED]
>
> "Some dumb quote"
>
>
--
George Bakos
Institute for Security Technology Studies
Dartmouth College
[EMAIL PROTECTED]
voice 603-646-0665
fax 603-646-0666
Key fingerprint = D646 8F91 F795 27EC FF8B 8C95 B102 9EB2 081E CB85
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
