OT: Traffic monitoring?

[Peter Bates <peter.bates () lshtm ac uk>]

Hello all...

I've been happily snorting away now for months,
but have recently been concerned that my system
(for one reason or another) is not incredibly loaded...

Because of this, I wondered if I could turn my snort box
(just running 1.7, on tweaked RH Linux 6.2, and uploading
to the ARIS system hourly) to a spot of 'traffic monitoring'...

At present using port mirroring I've got all my external
traffic passing by eth1 and being snorted... does anyone
know or recommend any programme/system to do some degree
of top hosts/most popular port sort of analysis?

I've got assorted lists, ntop, trafshow, etc. etc.
but I wondered if anyone out there was pressing
an (under-abused) snort box toward another task?

Thanks.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users