[clug] IP network traffic monitoring
Tony and Robyn Lewis
beakysnugger at yahoo.co.uk
Wed Sep 14 01:27:28 GMT 2005
I am a paranoid bunny. I want a tool that will sniff my internet-facing
interface, and store "flow" information (source/dest IP/port, time,
proto, packet/byte count). Does such a beast exist as a debian package,
or any other package?
I know there are lots of network monitoring stuff (been through
http://packages.debian.org/testing/net) but nothing that can do graphs
and/or reporting by that resolution.
The nearest I can find is something like pmacct, or ulog-acctd, and
pumping that into a database/file and then having a web front end to
generate graphs. But I'd love to find something already rolled.
flow-tools comes close if I can find something that will generate
netflow data.
My underlying requirement is this: I use cacti, and it reported to me
last night that my upload was maxed out between around 3am to 6am. I
don't know why. I've checked the logs for the apps that operate on the
ports I have open, and nothing jumps out, and so I'm a little stumped
and curious/nervous. Some monitoring tool like this would help.
Tony Lewis
More information about the linux
mailing list