22 Nov
2006
22 Nov
'06
3:42 p.m.
On Nov 22, 2006, at 12:37 PM, Netfortius wrote:
I wonder if someone knows a tool to use a tcpdump output for anomaly dedection. It is sometimes really time consuming when looking for identical patterns in the tcpdump output.
For this sort of thing, you can do it far more scalably with NetFlow. There are several good commercial NetFlow-based anomaly- detection systems (Arbor, Lancope, Narus, Q1, etc.) and even an open- source project (currently fallow) called Panoptis. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice All battles are perpetual. -- Milton Friedman