[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Parsing tcpdump files

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: Parsing tcpdump files
From: "Joseph C. Bender" <jcbender_(_at_)_benderhome_(_dot_)_net>
Date: Sat, 1 Mar 2003 21:28:49 -0500

On Saturday 01 March 2003 08:30 pm, Steve Bernard wrote:
> Jack,
>
> I'm supporting several granted network engineering and security analysis
> research projects. Each project has specific data requirements and
> capabilities. To facilitate this I need to perform string parsing, data
> aggregation/sub-setting, statistical analysis, and reporting. They will
> each do much more on their own but, this is what is required at my end. I
> anticipate the capture files being around 1GB each.
>
	Well, I just had to do some looking at a 12 hour capture of some database 
server traffic.

I did the capture with Tcpdump, then did my initial sorting with tcpdump 
reading the file with filtering for each major grouping of info I needed.

Because I was looking for something, I then pulled each file into Ethereal to 
better see the captures, and display-filter the data in question.

However, it would seem that you'd want to write the ascii output of tcpdump to 
files, then using $PARSING_LANGUAGE_OF_CHOICE to generate your numbers, or 
pull the info into a RDBMS for using some major tool.

-- 
Joseph C. Bender
jcbender (at) benderhome dot net

Follow-Ups:
- Re: Parsing tcpdump files
  - From: Steve Bernard

Prev by Date: wsfontload and 80x25bf
Next by Date: Re: Sentinel_SSH VPN client and Certs
Previous by thread: wsfontload and 80x25bf
Next by thread: Re: Parsing tcpdump files
Index(es):
- Date
- Thread

Visit your host, monkey.org