[Snort-users] How to simply sum up all the transferred bytes ?
Ing. Daniel Manrique
roadmr at ...5706...
Mon Sep 9 08:53:15 EDT 2002
Someone asked a slightly similar question before, and everyone pointed him
to ntop and other tools, stating, plainly, that snort is not the best tool
for the traffic monitoring job.
ntop is sometimes considered overkill (everything but the kitchen sink on
the sucker), so if your needs are indeed more simple, you could also take
a look at darkstat or iptraf ; darkstat tries to be a "simpler ntop" and
iptraf is a complete traffic analyzer for the console.
> As a snort newbie a question about using snort as a simple traffic monitor:
> How can I measure the sum of bytes traffic between my personal local
> computer and the net outside within a given period of time ?
> The statistic should distinguish between
> inbound and outbound traffic
> and possibly the used ports
> - 21, 22 (= all ftp)
> - 80, 81, 8080 (=all html)
> - * (=rest)
> The time period is e.g. today.
More information about the Snort-users