Ivan .([EMAIL PROTECTED])@Thu, Dec 06, 2007 at 06:35:42PM +1100:
> Hi,
>
> Does anyone have any ideas for flow information extraction from a rather
> large pcap file, 6 gigs?
>
> I am after the standard stuff, source, destination, service.
softflowd (http://www.mindrot.org/projects/softflowd/) w
Hi Richard,
Thanks for the info, the argus command line works a treat, with a little
massaging with sed I have something workable.
The tshark command does not work with such a large pcap file, it just errors
with 'could not be opened: value too large for defined data type"
thanks
Ivan
On Dec 9,
lol I R cant code computer programs to parse simple formats so i beg on
mailing lists to make old cissps feel elite lolololol
On Dec 6, 2007 1:35 AM, Ivan . <[EMAIL PROTECTED]> wrote:
> Ethereal/wireshark is a no go, as it won't process the file due to size,
> tcpflow is OK, but a little untidy.
Ivan wrote:
> Does anyone have any ideas for flow information extraction from a rather
> large pcap file, 6 gigs?
>
> I am after the standard stuff, source, destination, service.
>
> Ethereal/wireshark is a no go, as it won't process the file due to size,
> tcpflow is OK, but a little untidy.
>
>
You could try with this simple Perl program.
It will print the source and destination IPv4 addresses, and the source
and destination TCP ports.
It should be able the analyze a 6GB file, but in case it fails, look
at editcap (shipped with Ethereal/Wireshark). editcap will help you
to split a la
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
yeah, we get this problem in win32 all the time - notepad drops
it's knickers everytime it sees a large file and the OS almost
locks up waiting for a response.
To solve the problem I pre-process the file with scripts written in
VBScript. You can easil
If you're OK with an intermediate step, you'll find a few tools out
there (eg switch's YAF) that read pcap and spit out the flow data in
netflow format. Then a second utility (eg flow-tools) can turn that
into whatever format you'd like...
John
On Thu, Dec 06, 2007 at 06:35:42PM +1100, Ivan . wr
Hi,
Does anyone have any ideas for flow information extraction from a rather
large pcap file, 6 gigs?
I am after the standard stuff, source, destination, service.
Ethereal/wireshark is a no go, as it won't process the file due to size,
tcpflow is OK, but a little untidy.
any suggestions are app