Hello Michael,
Our commercial product
XQoS will analyze tcpdump data from live feeds (taps/SPANs) or from files
and produce detailed reports about:
1) bandwidth usage recorded at 10 sec
intervals
2) top talkers (searchable to find endpoints
and protocols)
3) top connections with
protocol.
4) all protocols used and by which IP's and
time.
XQoS will create detailed searchable tables
and graphs in a SSL-WEB report and make a permanent record of every transaction
for around 1 year on a busy corporate T3. You can view traffic in real-time with
our JAVA tool and easily understand all traffic flows on your network to assist
in capacity planning and network security.
Our ContExt extention will reconstruct the
actual documents contained in the tcpdump packet data (if the snaplen is set to
max MTU for recordings). This will display images (GIF/JPG/PNG), MP3, MS Office
docs (WORD,EXCEL,PPT etc), ZIP|tar.gz, PS. DVI etc etc and show them in a
graphical report. You can easily see where/when they were transmitted and view
the actual document thro a secure web report. In addition you can
automatical search documents for specific content and raise alerts via email etc
to track movement of IP in an organization. ContExt is a highly effective
internal security tool used by government agencies and fortune 100
companies.
There is more detailed info at http://www.inetd.com
It a commercial device including hardware
and not open source, so I dont know if that is what your looking
for.
Joe.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keplinger, Michael A
Sent: Wednesday, January 29, 2003 8:14 AM
To: Tcpdump-Workers (E-mail)
Subject: [tcpdump-workers] Data Analysis toolsDoes anyone have any or know of any tools (possible perl scripts, etc.) for anaylzing and trending tcpdump output? I have been developing something myself, but I wanted to see if anyone had something that they were currently using.We get an enormous amount of traffic throughout our enterprise and we are using Shadow for more of a reactive role rather than a proactive role. I would like to either develop or find some scripts or otherwise to organize and trend this data, as well as compare it against the output of other IDS tools that we use so we can be a little more proactive about the tool.Any ideas?=====================================Michael KeplingerInformation AssuranceSecurity Systems Engineer"Some dumb quote"
