[Snort-users] Off topic a little - usage by port?

Skip Carter skip at ...1552...
Tue Oct 22 09:11:10 EDT 2002


> From: Rich Adamson
> Sent: October 22, 2002 11:10 AM
> To: Snort Users Postings
> Subject: [Snort-users] Off topic a little - usage by port?
> 
> 
> I know this is a little off topic, but the folks that hang out here
> may know...
> 
> I'm looking for a software app that can be used to monitor all traffic
> mirrored from a switch port (as an example), that would accumulate
> usage statistics by IP and tcp/udp port number. It would be great if
> the app could be configured to gather stats for "either" source port
> or destination port. Logging the usage stats to a file on some
> predetermined interval would be helpfull.
> 
> Example:
>   Source IP       Proto Dest Port Packets
>   --------------- ----- --------- ---------
>   123.123.123.123 udp   53        452
>                   tcp   445       10
>                   tcp   110       4,000
>                   tcp   80        1,234
>                   icmp  ---       22
> 
> Does anyone know of such an app or have any thoughts about something
> that might be close that I can modify to do this? 
> 
> Doesn't need to be pretty, and I don't care if it runs under Linux or 
> Win2k; either would be fine.

	ipaudit (ipaudit.sourceforge.net) does a very good job of
  providing this kind of summary.  The associated package
  'ipaudit-web' gives a Web based interface to the summary data.
  Its standard practice here for us to install both snort and ipaudit
  on any IDS system that we deploy.







-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            















More information about the Snort-users mailing list