Hello,
Can anyone recommend a free tool to analyze a few hundred GB of PCAP traffic? One of the functions I am looking for is to be able to summarize all the types of traffic, X number of HTTP connections, X number of FTP, mail, IRC etc.
I have breifly looked at pyflag, but have not yet thrown the data at it. I have also looked at Etherape, but don't know the limitations on reading large number of PCAP files.
Thanks
Did you try Wiresharrk ?
http//
jpgauvin,
Thanks for the post. Unfortunately Wireshark is not good at analyzing 300GB+ of PCAP data.
Thanks
it depends on what you are looking for in the pcap files.
if you need a dissector, check xplico out.
or you can check out blueye sniffer, i dunno if it can analyze traffic logs or if it works only live.
A CLI program that comes with Wireshark called Tshark may help, although I haven't tried it on that much data… make sure you're using the latest version that doesn't have a known vulnerability.
300GB? If YOU find an application that chews through that 300GB please tell US )
Me thinks you're gonna have to segment it into smaller chunks.
Cheers!
farmerdude
Get SMART!
there used to be a cli utility called ngrep that would grep through network traffic. you can also unhook the machine from the network and have fun with tcpreplay, which will turn pcap files back into network traffic.
there used to be a cli utility called ngrep
Not being actively developed but it is still available on sourceforge
Paul
Hi,
do you know deft?
http//
regards
k.w.
I saw a demo of Netwitness. And I think it's freeware, or at least has a freeware version. Haven't played with it yet myself.
http//