[Snort-users] [Off topic] Traffic analysis

Erwin Van de Velde erwin.vandevelde at ...10361...
Fri Dec 5 14:21:02 EST 2003


Sorry for asking this off topic question, but I hope someone here can give me 
an answer (You all seem very smart people to me ;-) ). I'm looking for a 
program that can give me stats on network traffic (preferrably on the asked 
amount of time, for example 'last minute') or that gives me the traffic 
itself, looking like this:
src_ip src_port dst_ip dst_port protocol bytes_sent bytes_received start_time 

The fields may of course be reordered, I can do with a little less precise 
timing (if I can timestamp when logging to the database, it would suffice), 
but I need to get this data quick (at least once a minute, I should be able 
to update. The tool should be able to output as clear text (to stdout or 
file), or should be able to log to postgresql database right away.

I already tried ntop, but it does not log as text, nor to postgresql database 
(only mysql is supported now).
I also tried ipaudit, but that can only output when the program quits. This is 
bad, as I have to quit every minute, and so I can lose a lot of traffic data.

Goal? I want to make traffic statistics, and then compare the ongoing traffic 
with it, to detect worms or DoS attacks. So I should be able to see sudden 
increases in traffic on certain ports, and I should be able to see it 
quickly. I don't want to explain afterwards what took the network down, but I 
want to be able to intervene before this happens...

Who could help me on this? Can ntop do it anyway? Or are there other tools?

Thanks in advance!

Erwin Van de Velde
Student of Antwerp University

More information about the Snort-users mailing list