[TriLUG] kinda a sniffer, kinda a snort, kinda weird
Aaron Joyner
aaron at joyner.ws
Fri Aug 26 15:56:39 EDT 2005
Greg Brown wrote:
>Does anyone know anything that will pull in data on a listening
>interface (from a span port on a Cisco, for instance) that will log
>traffic to a database then present a break-down of what that person
>did, what protocols they used, what websites they visited, etc? Kind
>of an intellignet traffic reporter? A watchdog so to speak? Does
>anyone know of a linux/bsd package that will do this?
>
>The front-end has to be fairly simple, something a non-techincal
>manager can look at and go "holy crap, employee X is visiting
>monster.com 450000 times per day, while only hitting the web app they
>are supposed to enter data in 10 times a day".
>
>I've never seen a commerical app to do this so I'm having a hard time
>saying "just like product X, only linux-based and free".
>
>Any ideas?
>
>Greg
>
>
http;//ntop.ethereal.com/ntop.html
Just be careful to exclude your workstation from the span, so as not to
expose your pr0n traffic to your boss sudden keen insight into traffic
flows through ntop. It's not perfect, but it's pretty nice for
relatively small environments.
Aaron S. Joyner
More information about the TriLUG
mailing list