• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

semi real time packet analysis

Red Squirrel

Red Squirrel

No Lifer
What is a best way to record packets in a way I can pretty much see them in real time?

Right now I have this tcp dump loop that writes to file, but problem is, it's just a rotation between 10 files. I would like something that would write files by date, and 1 file per hour or something, so that the files are not in use requiring me to stop the process so I can look at it. Anyway to make tcp dump write to file by date? (and change automatically when the date/hour changes)
 
Pipe the output of tcpdump to cronolog. Cronolog takes a parameter string that defines the output file/directory format so you can specify it however you please and it will automatically take care of rotating the log files. I use that to store Apache logs just rsync them to the backup servers.
 
This isn't what you're asking for, using cronolog sounds like the best option...but have you checked out Wireshark? (formerly known as Ethereal) It's like tcpdump, but gives you a nice GUI and due to the color coded logs, you can train yourself to read the output easier.

You can get it for Linux and Windows, but due to device driver limitations with wireless networks, the Linux version will be slightly more feature-rich. If you want to download the windows version to check it out, you can get it at http://www.wireshark.org/
 
Yeah I actually use wireshark to look at the packet logs once I download them, but this is actually on an online server with no GUI. I just packet sniff everything so I can try to catch cheaters (it hosts a game VM) or people doing other malicious activities. Eventually I want to write a program that can read through the logs and analyze weird patterns, though that's a totally different project, and not sure if I'll actually do it, or how hard it would be.
 
Originally posted by: RedSquirrel
Yeah I actually use wireshark to look at the packet logs once I download them, but this is actually on an online server with no GUI. I just packet sniff everything so I can try to catch cheaters (it hosts a game VM) or people doing other malicious activities. Eventually I want to write a program that can read through the logs and analyze weird patterns, though that's a totally different project, and not sure if I'll actually do it, or how hard it would be.
Click to expand...
Look into setting up a snort box. It's open source and skills learned there can be used in the real world if you do systems administration as a profession. You can write rules that will notify you if they're violated or script actions... There are already a ton of rules setup for various applications that would be easy to deploy quickly. It makes it easy to run because of the large userbase and developmental work already done.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top