[Snort-users] How to simply sum up all the transferred bytes ?

Ing. Daniel Manrique roadmr at ...5706...
Mon Sep 9 08:53:15 EDT 2002

Someone asked a slightly similar question before, and everyone pointed him 
to ntop and other tools, stating, plainly, that snort is not the best tool 
for the traffic monitoring job.


ntop is sometimes considered overkill (everything but the kitchen sink on 
the sucker), so if your needs are indeed more simple, you could also take 
a look at darkstat or iptraf ; darkstat tries to be a "simpler ntop" and 
iptraf is a complete traffic analyzer for the console.


> As a snort newbie a question about using snort as a simple traffic monitor:
> How can I measure the sum of bytes traffic between my personal local
> computer and the net outside within a given period of time ?
> The statistic should distinguish between
> inbound and outbound traffic
> and possibly the used ports
> - 21, 22 (= all ftp)
> - 80, 81, 8080 (=all html)
> - * (=rest)
> The time period is e.g. today.

More information about the Snort-users mailing list