Packet Processing ================= - Process HTTP traffic nohup ./plab -x -r /mnt/dump.log -D 1 -d /usr/local/data/lun -F ../Filters/NA/na-egress.txt -m -P -R 900 -t 900 -Z 7200 Commented: -x # filter out TCP packets without payload -r /mnt/dump.log # read packets from file .. -D 1 # process only day of week = Monday -d /usr/local/data/lun # save output logs in directory .. -F ../Filters/NA/na-egress.txt # Filter read packets using pcap filter in file .. -m # Evaluate MSS -P # Inspect packets payload -R 900 # Process rates (pps/bps/sps) with 900 seconds (15 min) -t 900 # Set session timeout to 900 seconds (15 min) -Z 7200 # Set timezone to +7200 - Analysis of the Slammer worm traffic ./plab -r mssql-20030125-0.sanitized.pcap -d mit-20030125-0-BAD -q h -g 1 less 404 and greater 404 Packet Capture ============== - Capture all TCP:80 traffic in and out proxy.unina.it keeping 10 bytes of TCP payload nohup ./plab -f -p -i em0 -s 300 -W 10 -w ../dumps/proxy tcp and port 80 and host proxy.unina.it File Conversions ================ - Zero-out IP addresses: plab -f -p -0 -r h09.dump -w h09.0.dump