Hello,
I am capturing all traffic leaving our network in order to determine what traffic should be allowed and what traffic should be blocked (by egress filtering). Last time I did this, it was quite painful and took a long time.
I know there are some built in tools in Wireshark for displaying summaries of pcap traffic, but I am interested in finding out what other tools are out there for anylyzing big pcap files and displaying summaries / statistics in various ways (like end-point communications w/ easy access to whois and/or other details for each node).
Any help on this would be great!
Thanks,
JB
|