Honeypots mailing list archives
RE: Protocol accounting analysis program?
From: <hugh_fraser () dofasco ca>
Date: Fri, 3 Dec 2004 10:02:16 -0500
I'd agree with that. Also check out ossim for its use of ntop with anomaly detection, which attempts to predict, for instance, how much http traffic there should be, and alerts you if it differs. This bit of statistical magic takes into account "seasonal" variations, so it learns that mornings and lunch are busy times, but evenings are quiet, and that on weekends traffic drops to nothing. -----Original Message----- From: Paris E. Stone [mailto:pstone () alhurra com] Sent: Thursday, December 02, 2004 5:06 PM To: Tenorio, Leandro; Rock Lobster; honeypots () securityfocus com Subject: RE: Protocol accounting analysis program? NTOP rocks, absolutely rocks! ~~~~~ Paris E. Stone, "Linux Zealot" CISSP, CCNP, CNE, MCSE, CIW Master Administrator ~~~~~ "Not all who wander are lost." J.R.R.T. -----Original Message----- From: Tenorio, Leandro [mailto:LTenorio () intelaction com] Sent: Thursday, December 02, 2004 4:55 PM To: Rock Lobster; honeypots () securityfocus com Subject: RE: Protocol accounting analysis program? There're at least 3 different ways to do that, if you need it for internet connections your firewall can do that using either using syslog or build in reporting, for internal user you could also use RMON on any SNMP/RMON capable switch, the last one, you could use any packet snifer on windows / linux to do the trick, I'm using a combination of the first two @ our site. -----Original Message----- From: Rock Lobster [mailto:rocklobster () cheerful com] Sent: Thursday, December 02, 2004 5:18 PM To: honeypots () securityfocus com Subject: Protocol accounting analysis program? Hi, Whats everyone out there using to account for the amount of traffic different protocols are generating? I just can't seem to find an application (linux or windows) that will do the trick. I can find plenty of applications that will let me know the quantity of traffic that is ultimately flowing in and out of my interfaces, but I want something that lets me know how much traffic http, ftp, irc, rpc, or whatever I flag generates. Preferably somethinng I can monitor through http too :) I've checked freshmeat, deja/google etc relentlessly.
Current thread:
- Protocol accounting analysis program? Rock Lobster (Dec 02)
- Re: Protocol accounting analysis program? James Riden (Dec 02)
- Re: Protocol accounting analysis program? dave (Dec 02)
- <Possible follow-ups>
- RE: Protocol accounting analysis program? Tenorio, Leandro (Dec 02)
- RE: Protocol accounting analysis program? Paris E. Stone (Dec 02)
- RE: Protocol accounting analysis program? hugh_fraser (Dec 03)
- RE: Protocol accounting analysis program? Jeff Bryner (Dec 03)
- Re: Protocol accounting analysis program? James Riden (Dec 02)