[Snort-users] Off topic a little - usage by port?
skip at ...1552...
Tue Oct 22 09:11:10 EDT 2002
> From: Rich Adamson
> Sent: October 22, 2002 11:10 AM
> To: Snort Users Postings
> Subject: [Snort-users] Off topic a little - usage by port?
> I know this is a little off topic, but the folks that hang out here
> may know...
> I'm looking for a software app that can be used to monitor all traffic
> mirrored from a switch port (as an example), that would accumulate
> usage statistics by IP and tcp/udp port number. It would be great if
> the app could be configured to gather stats for "either" source port
> or destination port. Logging the usage stats to a file on some
> predetermined interval would be helpfull.
> Source IP Proto Dest Port Packets
> --------------- ----- --------- ---------
> 22.214.171.124 udp 53 452
> tcp 445 10
> tcp 110 4,000
> tcp 80 1,234
> icmp --- 22
> Does anyone know of such an app or have any thoughts about something
> that might be close that I can modify to do this?
> Doesn't need to be pretty, and I don't care if it runs under Linux or
> Win2k; either would be fine.
ipaudit (ipaudit.sourceforge.net) does a very good job of
providing this kind of summary. The associated package
'ipaudit-web' gives a Web based interface to the summary data.
Its standard practice here for us to install both snort and ipaudit
on any IDS system that we deploy.
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skip at ...1552...
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com
Monterey, CA. 93940
More information about the Snort-users