David Elze wrote:
Am Donnerstag, den 02.03.2006, 12:29 -0700 schrieb Spruell,
Darren-Perot:
Hi,
You would be well served by Netflow graphs. You can get traffic breakdowns
in a very granular fashion and the right frontend will allow you to drill
down in a very granular fashion. There are a couple of utils that can give
you netflow capabilities, including flowd and pfflowd in the ports tree.
Well, tried these and flow-tools (also in the ports tree) in conjunction
with FlowViewer/FlowGrapher but that didn't work out.
In case I am not misunderstanding you, you may have a look at these ones:
http://www.andrew.cmu.edu/user/rdanyliw/snort/snortacid.html
http://secureideas.sourceforge.net/
http://www.l0t3k.org/security/tools/ids/
It might look a bit like overkill, but perhaps these ones can be of help
for you collecting services you want and to build graphs and more.
Have a nice day
Michael
--
Michael Schmidt MIRRORS:
DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/