Solved

tcpdump-file analysing -> html output

Posted on 2003-11-03
15
510 Views
Last Modified: 2010-03-18
Hi all,

I'm looking for a tool that can passively analyse the traffic collected in a tcpdump file. The tool should give me at least informations about line utilisation, protocol usage (% tcp, %udp, and so on), bytes summary (how many bytes per dest-port IN and OUT) in graphs or formatted plain text.

Answers like "search on freshmeat, sourceforge" or similars are NOT accepted. Nstreams or tcpstat doesn't provide the informations I need.

Smudo
0
Comment
Question by:Smudo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +4
15 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9670853
It sounds like the tool you want is ntop (http://www.ntop.org/. It will generate those statistics and more.
0
 
LVL 1

Author Comment

by:Smudo
ID: 9671087
Nope, sorry, I tryed ntop a few weeks ago. It provides many informations, but it's not scalable. I'm now creating tcpdump output files with snort and would like to analyse these files with a command line utility and also creating reports with it.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 9671577
If you're using snort and need something that scales that much, I suggest dropping your snort info into mysql instead of into tcpdump logs. You can then report on them to your hearts content.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 40

Expert Comment

by:jlevie
ID: 9671995
I'm not sure I understand what you mean by "it's not scalable". Could you elaborate?
0
 
LVL 1

Author Comment

by:Smudo
ID: 9674160
@chris_calabrese: Jup, I'm already logging some of the traffic to a MySQL-DB for IDS purposes. I use it with Acid. Unfortunately, I'm too stupid, so I don't know how to execute SQL strings on a webpage and fill the information into correct fields... That's why I'm looking for a little tool, that could do the job for me.

@jlevie: With "not scalable" I mean, I cannot format the output of ntop by myself. I really don't need the whole functionality of ntop, just a few of them. The more important thing is, that I cannot archive ntop reports on a daily base automatically to review them in future.
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9676121
0
 
LVL 1

Author Comment

by:Smudo
ID: 9676867
@paullamhkg: Sorry, I'm not looking for a firewall. I'm just looking for a little program that analyzes the traffic I captured in a tcpdump-file (or in a MySQL-db) and gives me an output with informaion of bandwidth used, protocol usage and byte summary (broke down to ports if possible).
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9677189
what about the iptraf?

IPTraf is console-based network statistics utility for Linux. It a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

http://www.zpdee.net/~joecat/iptraf.html
0
 
LVL 1

Author Comment

by:Smudo
ID: 9677261
Iptraf looks good, but there's neither a way to open tcpdump files for analysing purposes nor a possibility of an acsii output of a statistic summary into a file...
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9677317
How abt Snort http://www.snort.org/

Snort is able to analyse IP traffic and provides very strong logging.
It relies on rules scripts, that is you can monitor what you want to. Even more, the snort site provides you with a rules database.

Also have a look here to see this can give you some idea http://www.tldp.org/linuxfocus/English/January2001/article180.shtml#lfindex0
0
 
LVL 5

Expert Comment

by:brabard
ID: 9702785
I can't understand the problem . Every tool have some pross&cons , and if you don't realy like the most popular ones , you can write down something really usefull in your situation .
I believe all your needed information can be sorted from some basic bash script using iptables , tcpdump , etc. and reported to mrtg , mysql , text , etc .

0
 

Expert Comment

by:sarahbassram
ID: 9761659
How can I read tcpdump files (tdump.dat) files provided by my instructor and prepare intrusion dectection reports on the data int he tcpdum files?

I there any way that I can convert these tdump files into mysql and use ACID or something?

s
0
 
LVL 5

Expert Comment

by:brabard
ID: 10102191
Hi , sarahbassram ,
I found this old question , did you solve your problem ?
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 14070764
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question