On Nov 22, 2006, at 12:37 PM, Netfortius wrote:
I wonder if someone knows a tool to use a tcpdump output for anomaly
dedection. It is sometimes really time consuming when looking for
identical
patterns in the tcpdump output.
For this sort of thing, you can do it far more scalably with
NetFlow. There are several good commercial NetFlow-based anomaly-
detection systems (Arbor, Lancope, Narus, Q1, etc.) and even an open-
source project (currently fallow) called Panoptis.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@xxxxxxxxx> // 408.527.6376 voice
All battles are perpetual.
-- Milton Friedman