[c-nsp] traffic monitoring?
Gustavo Rodrigues Ramos
gustavo at acmesecurity.org
Tue Jan 17 20:56:43 EST 2006
Shaun,
I'm assuming you'll do that with cisco routers.
I do what you want with Netflow enabled in several routers and
Flow-tools [1] (with Flowscan [2] and JKFlow [3]) collecting and
processing flows in a freebsd box (this also works for linux).
Regards,
Gustavo.
[1] http://www.splintered.net/sw/flow-tools/
[2] http://www.caida.org/tools/utilities/flowscan/
[3] http://users.pandora.be/jurgen.kobierczynski/jkflow/JKFlow.html
Shaun wrote:
>I'm looking for a software that will run on a linux server and monitor
>traffic and keep accounting totals per ip and per port (and protocol would
>be nice too). Basically I would like to be able to look at the statistics
>and see if a certain ip is sending a abnormal about of smtp traffic
>(spamming, mailing). I could sworn I ran across a piece of software like
>this in the past but I have yet to find anything.
>
>Anybody know of any open source tools out their that can do this?
>
>
>
More information about the cisco-nsp
mailing list