[Snort-users] Off topic a little - usage by port?

Skip Carter skip at ...1552...
Tue Oct 22 09:11:10 EDT 2002

> From: Rich Adamson
> Sent: October 22, 2002 11:10 AM
> To: Snort Users Postings
> Subject: [Snort-users] Off topic a little - usage by port?
> I know this is a little off topic, but the folks that hang out here
> may know...
> I'm looking for a software app that can be used to monitor all traffic
> mirrored from a switch port (as an example), that would accumulate
> usage statistics by IP and tcp/udp port number. It would be great if
> the app could be configured to gather stats for "either" source port
> or destination port. Logging the usage stats to a file on some
> predetermined interval would be helpfull.
> Example:
>   Source IP       Proto Dest Port Packets
>   --------------- ----- --------- ---------
> udp   53        452
>                   tcp   445       10
>                   tcp   110       4,000
>                   tcp   80        1,234
>                   icmp  ---       22
> Does anyone know of such an app or have any thoughts about something
> that might be close that I can modify to do this? 
> Doesn't need to be pretty, and I don't care if it runs under Linux or 
> Win2k; either would be fine.

	ipaudit (ipaudit.sourceforge.net) does a very good job of
  providing this kind of summary.  The associated package
  'ipaudit-web' gives a Web based interface to the summary data.
  Its standard practice here for us to install both snort and ipaudit
  on any IDS system that we deploy.

 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            

More information about the Snort-users mailing list