| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071206074819.GA19724@jkfw.thrashyour.com> Date: Wed, 5 Dec 2007 23:48:20 -0800 From: John Kinsella <jlk@...ashyour.com> To: "Ivan ." <ivanhec@...il.com> Cc: FD <full-disclosure@...ts.grok.org.uk> Subject: Re: pcap flow extraction If you're OK with an intermediate step, you'll find a few tools out there (eg switch's YAF) that read pcap and spit out the flow data in netflow format. Then a second utility (eg flow-tools) can turn that into whatever format you'd like... John On Thu, Dec 06, 2007 at 06:35:42PM +1100, Ivan . wrote: > Hi, > > Does anyone have any ideas for flow information extraction from a rather > large pcap file, 6 gigs? > > I am after the standard stuff, source, destination, service. > > Ethereal/wireshark is a no go, as it won't process the file due to size, > tcpflow is OK, but a little untidy. > > any suggestions are appreciated, preferably open source and also has anyone > used "tcpdstat" for something like this? > > > thanks > Ivan > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists