[unisog] HTTP Session Reconstruction and Monitoring

Isaac Perez suscripcions at tsolucio.com
Tue Nov 14 17:14:17 GMT 2006

Sorry, I think I misunderstand your necessity, and the other software
will not do what you need.
But you try a combination of tcpreplay and ntop in a isolated computer,
maybe that will work for you.

El lun, 13-11-2006 a las 08:55 -0600, Harris, Michael C. escribió:
>  along these same lines,  we are seeking an open source Linux based
> application that will take the tcpdump files from snort/acid/shadow and
> do summary management reporting.  Looking for statistics of sites
> visited as well as bandwidth summary per destination (summary of flows)
> and summary of non http and https traffic on ports 80 and 443.  several
> commercial appliances and bandwidth control packages have some
> management reporting but I don't need another appliance in line if I can
> just reprocess the history tcpdump files lagging real time for daily,
> weekly and monthly reporting.
> Thanks
> Mike
> Ps I realize summary of flows and bandwidth may be problematic just
> collecting header detail (first 68 bytes). How deep beyond the first 68
> bytes is needed to collect the complete destination 99% of the time? And
> is deeper inspection required to identify the non http and https flows
> on those default ports?
> -----Original Message-----
> From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Isaac Perez
> Sent: Monday, November 13, 2006 2:18 AM
> To: jgiyanani at niksun.com; UNIversity Security Operations Group
> Cc: unisog at lists.sans.org
> Subject: Re: [unisog] HTTP Session Reconstruction and Monitoring
> You can try sguil, a console for snort that that reconstruct the traffic
> of the snort cached attacks.
> http://sguil.sourceforge.net/
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list