Sniffer output analyzer

Sniffer output analyzer

Post by Jura » Thu, 22 Nov 2001 04:23:10



Hi,
I would like to be able to create some reports from tcpdump/snoop result
output file. After I'm finished snooping packets I need to generate some
reports about it: For example:

top users/senders/receivers
protocol distribuition (TCP/UDP, ICMP ...)
appliaction protocol distribution (HTTP, FTP, DNS ...)
etc

I don't need some fancy stuff like Network Associate sniffer. I just wan't
to know at some moments who are the top users who generate the largest
traffic to/from Internet. They all go via proxy machine (on Solaris) and
that is where I need to run sniffer and sniffer analyzer.
I know I have proxy logs and I use them but they are generated on weekly
basis and they are useless at the exact moment I need to find top users.

thanx,
Jura

 
 
 

Sniffer output analyzer

Post by Joe Blogg » Sat, 24 Nov 2001 07:51:37


Combination of using ethereal (bundled with solaris 8) and a few perl/awk
scripts ought to suffice.


Quote:> Hi,
> I would like to be able to create some reports from tcpdump/snoop result
> output file. After I'm finished snooping packets I need to generate some
> reports about it: For example:

> top users/senders/receivers
> protocol distribuition (TCP/UDP, ICMP ...)
> appliaction protocol distribution (HTTP, FTP, DNS ...)
> etc

> I don't need some fancy stuff like Network Associate sniffer. I just wan't
> to know at some moments who are the top users who generate the largest
> traffic to/from Internet. They all go via proxy machine (on Solaris) and
> that is where I need to run sniffer and sniffer analyzer.
> I know I have proxy logs and I use them but they are generated on weekly
> basis and they are useless at the exact moment I need to find top users.

> thanx,
> Jura


 
 
 

Sniffer output analyzer

Post by Lyle Merda » Wed, 28 Nov 2001 07:01:25


I also recall a couple of programs called etherman and interman that may
give the visual satisfaction men desire... I don't recall on where top
find them though.

Lyle Merdan

 
 
 

Sniffer output analyzer

Post by OL » Sat, 01 Dec 2001 21:29:28



> Hi,
> I would like to be able to create some reports from tcpdump/snoop result
> output file. After I'm finished snooping packets I need to generate some
> reports about it: For example:

> top users/senders/receivers
> protocol distribuition (TCP/UDP, ICMP ...)
> appliaction protocol distribution (HTTP, FTP, DNS ...)
> etc

> I don't need some fancy stuff like Network Associate sniffer. I just wan't
> to know at some moments who are the top users who generate the largest
> traffic to/from Internet. They all go via proxy machine (on Solaris) and
> that is where I need to run sniffer and sniffer analyzer.
> I know I have proxy logs and I use them but they are generated on weekly
> basis and they are useless at the exact moment I need to find top users.

> thanx,
> Jura

Hi,
Try anasil 2.2 Prepares in-depth network traffic analysis, you can see
who generate most bandwitch, nice visualization may help.
http://lfnetworks.com
Regards,
OLO