TCPDump analysis utilities out there?

TCPDump analysis utilities out there?

Post by Robert Hulm » Sat, 07 Oct 2000 04:00:00



Hi,

I'm trying out tcpdump on my FreeBSD system and its great, I can use -w to
log the packets to a file, but... The output I get could be more useful -
what I'm looking for is a utility that will reconstruct this log into
something more useful. Reconstructing packets, etc... there have to be a
whole load of these utilities out there but I'm having difficulty finding
one (never mind a good one).

The server is BSD, but my workstation runs NT - so something that runs on NT
that can analyze the log would be a bonus although I can use a unix
workstation if there are only X compatible tools out there.

Cheers

 
 
 

TCPDump analysis utilities out there?

Post by John W. Baxte » Sat, 07 Oct 2000 04:00:00




> Hi,

> I'm trying out tcpdump on my FreeBSD system and its great, I can use -w
> to
> log the packets to a file, but... The output I get could be more useful -
> what I'm looking for is a utility that will reconstruct this log into
> something more useful. Reconstructing packets, etc... there have to be a
> whole load of these utilities out there but I'm having difficulty finding
> one (never mind a good one).

> The server is BSD, but my workstation runs NT - so something that runs on
> NT
> that can analyze the log would be a bonus although I can use a unix
> workstation if there are only X compatible tools out there.

> Cheers

Consider ethereal.  This program comes in an X-windows version and a
command line version.  It can either read files written by tcpdump, or
it can do the capture itself.  It uses the same filters on the capture
side as tcpdump does (or essentially the same); on the display side it
has a quite useful collection of filters.  The display can burrow as
deep into the innards and payload of a packet as you're likely to need.

The rpm I have says this is by
M. Henri Gomez
http://ethereal.zing.org

  --John

--


 
 
 

TCPDump analysis utilities out there?

Post by pe.. » Sat, 07 Oct 2000 04:00:00



> Hi,
> I'm trying out tcpdump on my FreeBSD system and its great, I can use -w to
> log the packets to a file, but... The output I get could be more useful -
> what I'm looking for is a utility that will reconstruct this log into
> something more useful. Reconstructing packets, etc... there have to be a
> whole load of these utilities out there but I'm having difficulty finding
> one (never mind a good one).

install tcpshow, it's in the ports collection. tcpshow will (together with
tcpdump) show packets in decoded "userfriendly" format. Cost zero ...

Quote:> The server is BSD, but my workstation runs NT - so something that runs on NT
> that can analyze the log would be a bonus although I can use a unix
> workstation if there are only X compatible tools out there.

it's easier to convert your workstation to freebsd too (and install vmware
so you could boot NT if you are in good mode).

Quote:> Cheers

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam"and "invalid"  and it works.
 
 
 

TCPDump analysis utilities out there?

Post by Todd O'Boy » Sat, 07 Oct 2000 04:00:00



>I'm trying out tcpdump on my FreeBSD system and its great, I can use -w to
>log the packets to a file, but... The output I get could be more useful -
>what I'm looking for is a utility that will reconstruct this log into
>something more useful. Reconstructing packets, etc... there have to be a
>whole load of these utilities out there but I'm having difficulty finding
>one (never mind a good one).

ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/tcpshow/

TCPShow should do some of what you're looking for.

-Todd

 
 
 

TCPDump analysis utilities out there?

Post by àì? » Fri, 03 Nov 2000 09:58:44




Quote:>Hi,

>I'm trying out tcpdump on my FreeBSD system and its great, I can use -w to
>log the packets to a file, but... The output I get could be more useful -
>what I'm looking for is a utility that will reconstruct this log into
>something more useful. Reconstructing packets, etc... there have to be a
>whole load of these utilities out there but I'm having difficulty finding
>one (never mind a good one).

>The server is BSD, but my workstation runs NT - so something that runs on NT
>that can analyze the log would be a bonus although I can use a unix
>workstation if there are only X compatible tools out there.

>Cheers

Generate a raw packet data log file
# tcpdump -w logfile_name

Translate the logfile to ascii text
# tcpdump -r logfile_name

I hope this helpful....

 
 
 

TCPDump analysis utilities out there?

Post by pe.. » Fri, 03 Nov 2000 21:49:48





>>Hi,

>>I'm trying out tcpdump on my FreeBSD system and its great, I can use -w to
>>log the packets to a file, but... The output I get could be more useful -
>>what I'm looking for is a utility that will reconstruct this log into
>>something more useful. Reconstructing packets, etc... there have to be a
>>whole load of these utilities out there but I'm having difficulty finding
>>one (never mind a good one).

Install tcpshow (its in the ports) and read the manpage

Quote:

>>The server is BSD, but my workstation runs NT - so something that runs on NT
>>that can analyze the log would be a bonus although I can use a unix
>>workstation if there are only X compatible tools out there.

>>Cheers

> Generate a raw packet data log file
> # tcpdump -w logfile_name
> Translate the logfile to ascii text
> # tcpdump -r logfile_name
> I hope this helpful....

--
-- quote of the week (thanks per ?stman) ---
Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the universe trying to produce
bigger and better idiots. So far, the universe is winning.
-- Rick Cook, Mission Manager, NASA Mars Pathfinder Project
=========================================================================
Peter H?kanson               Phone     +46707328191       Fax +4631223190

"Safe by design"             Address    Bror Nilssons gata 16  Lundbystrand
                                        S-417 55  Gothenburg   Sweden        
 
 
 

1. tcpdump analysis prg?

I just installed tcpdump-3.0 from the binaries at sunsite on my linux box.

Now I wonder whether someone has already written some tools to do
analysis and statistics from the tcpdump output.
Something that can run parallel in realtime would be nice,
but I'd also be  happy with something that reads from a filedump.

cheers

--
Mathias Koerber                                       Tel: +65 / 778 00 66 x 29
SW International Systems Pte Ltd                           Fax: +65 / 777 94 01

S'pore 0511   <A HREF=http://www.swi.com.sg/public/personal/mathias.html>MK</A>
May your Tongue stick to the Roof of your Mouth
with the Force of a Thousand Caramels   - ??

2. Setting up X-windows

3. Linux/tcpdump/NIC cards (traffic analysis)

4. where can i get a 3270 emulator?

5. tcpdump --> Ascii text file for further analysis and graphing.

6. is ncurses thread safe?

7. Dump analysis utilities

8. PPP problems with DIALBACK connection, Linux/Xyplex.

9. Timing analysis with the prof utility

10. Announce: Frag and Cost Analysis Utilities available - free

11. tcpdump utility on Solaris 2.3 or 2.4?

12. Need tcpdump-like utility for PPP interface.

13. apache's TCPmon/tcpdump-like utility ...