Re: Classifying pcap data
- From: "Andy Peters" <andrewpeters2000@xxxxxxxxxxxxxx>
- Date: Thu, 3 Feb 2011 17:49:52 -0000
Howard,
Something I have done before is to write a php script that runs tshark over all the pcap files in a directory and then puts the results into a MySQL database (built on a LAMP system).
You can get TShark to just look at the protocols and generate stats and a protocol heirarchy, instead of looking at all the packet contents and you can get php to capture the output and database it with only a few lines of code.
Once the information is in a database it's easy to use SQL queries and a php based website to display stats and allow searching of the information.
Of course you don't have to use php and mysql but I have used them before and the concept works. I'm sure it is just as easy to use perl/python/ruby or some other scripting language to script the Tshark commands and parse the output. Equally any number of databases could be used based on your development environment and there are a number of options for displaying the output from a web front end (php/asp/cgi) to any good scripting language.
Hope this helps
Andy
-----Original Message----- From: Howard Howard
Sent: Monday, January 31, 2011 9:41 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Classifying pcap data
Hi List,
I am working on analyzing large amount of pcap files.
I am trying to classify the captured data to
- find out the ratio of used internet protocols at application layer
(e.g. filesharing / chat / ssh)
- find out what kind of http traffic was happening
I am not too curious about the details of every package but want to
know about the general usage.
To classify the web traffic I would like to correlate my pcaps with
maybe content filter blacklists.
Can you suggest me tools to perform such tasks? Can you point me to
any more ways to analyze large amount of traffic?
Many thanks in advance!
Howard
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
- Follow-Ups:
- Re: Classifying pcap data
- From: Brandon McGinty
- Re: Classifying pcap data
- References:
- Classifying pcap data
- From: Howard Howard
- Classifying pcap data
- Prev by Date: How to Collect stats about p2p network
- Next by Date: Re: Classifying pcap data
- Previous by thread: Re: Classifying pcap data
- Next by thread: Re: Classifying pcap data
- Index(es):
Relevant Pages
|
