RE: Using snort for network stats?

["Snort" <Snort () intercept net>]

In your snort_output.log file shows a break down of traffic via snort
looks similar to the following
 
========================================================================
=======
Snort analyzed 133256228 out of 133256228 packets, Using 0 Snort rules
read
dropping 0(0.000%) packets
 
Breakdown by protocol:                Action Stats:
    TCP: 97440393   (73.123%)         ALERTS: 434
    UDP: 24330429   (18.258%)         LOGGED: 434
   ICMP: 10069866   (7.557%)          PASSED: 9144028
    ARP: 325459     (0.244%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 11         (0.000%)
  OTHER: 934586     (0.701%)
DISCARD: 82         (0.000%)
 
 
-----Original Message-----
From: Michael Miller [mailto:michael.miller () state co us] 
Posted At: Tuesday, October 28, 2003 1:29 PM
Posted To: Snort
Conversation: [Snort-users] Using snort for network stats?
Subject: [Snort-users] Using snort for network stats?
 
Since I'm using snort to capture nearly everything that enters and
exists our network, I was curious to see if there was a utility to show
network metrics based on that data. Google didn't find much (or I asked
the wrong questions) and Ethereal is choking on the large dataset, so
that's out. I'm mostly interested in effective thruput, percentages of
TCP/UDP/ICMP data, breakdown of traffic by protocol, etc.