Snort mailing list archives

Re: Off topic a little - usage by port?

From: Skip Carter <skip () taygeta com>
Date: Tue, 22 Oct 2002 09:10:49 -0700

From: Rich Adamson
Sent: October 22, 2002 11:10 AM
To: Snort Users Postings
Subject: [Snort-users] Off topic a little - usage by port?

I know this is a little off topic, but the folks that hang out here
may know...

I'm looking for a software app that can be used to monitor all traffic
mirrored from a switch port (as an example), that would accumulate
usage statistics by IP and tcp/udp port number. It would be great if
the app could be configured to gather stats for "either" source port
or destination port. Logging the usage stats to a file on some
predetermined interval would be helpfull.

Example:
  Source IP       Proto Dest Port Packets
  --------------- ----- --------- ---------
  123.123.123.123 udp   53        452
                  tcp   445       10
                  tcp   110       4,000
                  tcp   80        1,234
                  icmp  ---       22

Does anyone know of such an app or have any thoughts about something
that might be close that I can modify to do this? 

Doesn't need to be pretty, and I don't care if it runs under Linux or 
Win2k; either would be fine.


        ipaudit (ipaudit.sourceforge.net) does a very good job of
  providing this kind of summary.  The associated package
  'ipaudit-web' gives a Web based interface to the summary data.
  Its standard practice here for us to install both snort and ipaudit
  on any IDS system that we deploy.







-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            













-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Off topic a little - usage by port? Rich Adamson (Oct 22)
- Re: Off topic a little - usage by port? Chris Reining (Oct 22)
  - Re: Off topic a little - usage by port? Gene Yoo (Oct 22)
- Re: Off topic a little - usage by port? Alberto Gonzalez (Oct 24)
- <Possible follow-ups>
- RE: Off topic a little - usage by port? Miller, Eoin (Oct 22)
- RE: Off topic a little - usage by port? McCammon, Keith (Oct 22)
- RE: Off topic a little - usage by port? Knight, Ric (Oct 22)
  - Re: Off topic a little - usage by port? Skip Carter (Oct 22)