On Nov 22, 2006, at 12:37 PM, Netfortius wrote:
I wonder if someone knows a tool to use a tcpdump output for anomaly
dedection. It is sometimes really time consuming when looking for
identical
patterns in the tcpdump output.
For this sort of thing, you can do it far more scalably with
NetFlow. There are several good commercial NetFlow-based anomaly-
detection systems (Arbor, Lancope, Narus, Q1, etc.) and even an open-
source project (currently fallow) called Panoptis.
-----------------------------------------------------------------------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
All battles are perpetual.
-- Milton Friedman
