The analysis for this paper was done on a Linux system, we used tcpdump[23] to read the logs provided. Mergecap(1)[3] was used to combine multiple log files into one, in order to facilitate the analysis of more than one file. To process output from tcpdump, standard UNIX utilities like sed(1) and awk(1) were utilized. For all these tools, their respective man pages will give more information on how exactly they can be used. In addition to all of these tools, We decided to utilize graphical libraries and utilities to generate event graphs for visual analysis.
This chapter will first set the stage for what exactly has been done and what files have been analyzed. Then some first analysis steps are executed and event graphs introduced. This first Chapter will give us a very good understanding of what type of traffic we are dealing with in all the log files. Chapter 3 will then go into some in-depth analysis of a few findings. The exact tools used during the analysis process are explained in Appendix B. There we will walk through an elaborate example of how to graph events. Space limitations for this paper did not allow us to show all the steps necessary to generate each graph in this paper2.1.