[Snort-users] How to simply sum up all the transferred bytes ?

Ing. Daniel Manrique roadmr at ...5706...
Mon Sep 9 08:53:15 EDT 2002


Someone asked a slightly similar question before, and everyone pointed him 
to ntop and other tools, stating, plainly, that snort is not the best tool 
for the traffic monitoring job.

http://www.ntop.org

ntop is sometimes considered overkill (everything but the kitchen sink on 
the sucker), so if your needs are indeed more simple, you could also take 
a look at darkstat or iptraf ; darkstat tries to be a "simpler ntop" and 
iptraf is a complete traffic analyzer for the console.

http://cebu.mozcom.com/riker/iptraf/
http://members.optushome.com.au/emikulic/net/darkstat/


> As a snort newbie a question about using snort as a simple traffic monitor:
> 
> How can I measure the sum of bytes traffic between my personal local
> computer and the net outside within a given period of time ?
> 
> The statistic should distinguish between
> inbound and outbound traffic
> and possibly the used ports
> - 21, 22 (= all ftp)
> - 80, 81, 8080 (=all html)
> - * (=rest)
> 
> The time period is e.g. today.





More information about the Snort-users mailing list