Friday, April 1, 2005


Shadow has been around
for years. It was one of the first traffic analysis tools available,
allowing the user to analyze aggregate data gathered from packet
headers. It was "cutting edge" at the time and has inspired other non-
standard tools to view network traffic.

IDABench is another of
those tools, this one providing a web front-end to the tool. All in
all, it's still a libpcap-based analysis tool. One of it's nice
features is that you can export a tcpdump-readable file via the web
interface so adding analysts doesn't mean adding root access to a sensor
or console.