The Tao of Network Security Monitoring Beyond Intrusion Detection

6. Additional Data Analysis

This chapter supplements the core tools presented in Chapter 5. All of them work with full content data. They provide additional ways to examine and manipulate that data, beyond the capabilities of Tcpdump and related applications.

Editcap and Mergecap

Purpose: Packet capture assistance

Author: Originally Gerald Combs, with many contributors

Internet site: http://www.ethereal.com

FreeBSD installation: Installed via /usr/ports/net/ethereal

Version demonstrated: Versions shipped with Ethereal 0.10.0a

Editcap and Mergecap are two utilities packaged with Tethereal and Ethereal. Editcap allows users to make certain adjustments to capture files, while Mergecap allows users to combine two or more libpcap traces into a single ...

Get The Tao of Network Security Monitoring Beyond Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Tao of Network Security Monitoring Beyond Intrusion Detection by

6. Additional Data Analysis

Editcap and Mergecap

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly