I came across Ipsumdump today. It's a program to read traffic and summarize what it sees in a user-defined format on one line. In the example below I watch the sf1 interface in real time and tell Ipsumdump to show a timestamp, source IP and port, and destination IP and port. Ipsumdump works against multiple interfaces simultaneously as well as pcap files and NetFlow traces. In the example below the first two packets are an ICMP echo and echo reply, followed by the beginning of an SSH session.
bourque# ipsumdump -tsSdD -i sf1
warning: sf1: no IPv4 address assigned
!IPSummaryDump 1.1
!creator "ipsumdump -tsSdD -i sf1"
!host bourque.taosecurity.com
!runtime 1073092478.545313 (Fri Jan 2 20:14:38 2004)
!data timestamp ip_src sport ip_dst dport
1073092486.925087 172.27.20.11 - 192.168.60.3 -
1073092486.925253 192.168.60.3 - 172.27.20.11 -
1073092529.535523 192.168.50.2 23924 192.168.60.3 22
1073092529.535689 192.168.60.3 22 192.168.50.2 23924
1073092529.543094 192.168.50.2 23924 192.168.60.3 22
1073092529.545758 192.168.60.3 22 192.168.50.2 23924
0 komentar:
Posting Komentar