Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Want to monitor a port, count bytes transferred, record who transferred, nothing else

From: Seth Hall <seth () icir org>
Date: Sun, 22 Apr 2012 10:59:25 -0400

On Apr 20, 2012, at 11:45 AM, Brian Excarnate wrote:


So my first question is:  Is there some other tool that is a better choice, and if so which?



You could use something that generates netflow records and a netflow collector or Argus.  You could also give Bro-IDS a 
try (I'm one of the developers).  The output you're looking for can be found in our conn logs.  You can download a 
binary package from our website too:
        http://www.bro-ids.org/download/#binarypackages

If you're just interested in getting the conn logs, you should be to run (with the appropriate interface):
        sudo bro -i eth0

It will start creating logs in your current working directory.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: