Solved

tcpdump-file analysing -> html output

Posted on 2003-11-03
15
471 Views
Last Modified: 2010-03-18
Hi all,

I'm looking for a tool that can passively analyse the traffic collected in a tcpdump file. The tool should give me at least informations about line utilisation, protocol usage (% tcp, %udp, and so on), bytes summary (how many bytes per dest-port IN and OUT) in graphs or formatted plain text.

Answers like "search on freshmeat, sourceforge" or similars are NOT accepted. Nstreams or tcpstat doesn't provide the informations I need.

Smudo
0
Comment
Question by:Smudo
  • 4
  • 3
  • 2
  • +4
15 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9670853
It sounds like the tool you want is ntop (http://www.ntop.org/. It will generate those statistics and more.
0
 
LVL 1

Author Comment

by:Smudo
ID: 9671087
Nope, sorry, I tryed ntop a few weeks ago. It provides many informations, but it's not scalable. I'm now creating tcpdump output files with snort and would like to analyse these files with a command line utility and also creating reports with it.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 9671577
If you're using snort and need something that scales that much, I suggest dropping your snort info into mysql instead of into tcpdump logs. You can then report on them to your hearts content.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9671995
I'm not sure I understand what you mean by "it's not scalable". Could you elaborate?
0
 
LVL 1

Author Comment

by:Smudo
ID: 9674160
@chris_calabrese: Jup, I'm already logging some of the traffic to a MySQL-DB for IDS purposes. I use it with Acid. Unfortunately, I'm too stupid, so I don't know how to execute SQL strings on a webpage and fill the information into correct fields... That's why I'm looking for a little tool, that could do the job for me.

@jlevie: With "not scalable" I mean, I cannot format the output of ntop by myself. I really don't need the whole functionality of ntop, just a few of them. The more important thing is, that I cannot archive ntop reports on a daily base automatically to review them in future.
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9676121
0
 
LVL 1

Author Comment

by:Smudo
ID: 9676867
@paullamhkg: Sorry, I'm not looking for a firewall. I'm just looking for a little program that analyzes the traffic I captured in a tcpdump-file (or in a MySQL-db) and gives me an output with informaion of bandwidth used, protocol usage and byte summary (broke down to ports if possible).
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 12

Expert Comment

by:paullamhkg
ID: 9677189
what about the iptraf?

IPTraf is console-based network statistics utility for Linux. It a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

http://www.zpdee.net/~joecat/iptraf.html
0
 
LVL 1

Author Comment

by:Smudo
ID: 9677261
Iptraf looks good, but there's neither a way to open tcpdump files for analysing purposes nor a possibility of an acsii output of a statistic summary into a file...
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9677317
How abt Snort http://www.snort.org/

Snort is able to analyse IP traffic and provides very strong logging.
It relies on rules scripts, that is you can monitor what you want to. Even more, the snort site provides you with a rules database.

Also have a look here to see this can give you some idea http://www.tldp.org/linuxfocus/English/January2001/article180.shtml#lfindex0
0
 
LVL 5

Expert Comment

by:brabard
ID: 9702785
I can't understand the problem . Every tool have some pross&cons , and if you don't realy like the most popular ones , you can write down something really usefull in your situation .
I believe all your needed information can be sorted from some basic bash script using iptables , tcpdump , etc. and reported to mrtg , mysql , text , etc .

0
 

Expert Comment

by:sarahbassram
ID: 9761659
How can I read tcpdump files (tdump.dat) files provided by my instructor and prepare intrusion dectection reports on the data int he tcpdum files?

I there any way that I can convert these tdump files into mysql and use ACID or something?

s
0
 
LVL 5

Expert Comment

by:brabard
ID: 10102191
Hi , sarahbassram ,
I found this old question , did you solve your problem ?
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14070764
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now