13 Jun
2013
13 Jun
'13
5:58 p.m.
On 13/06/2013 16:49, Andy Smith wrote:
I mostly just use simple bandwidth graphing in cacti
to see when
there's anything out of the ordinary and then use tcpdump/wireshark
to work out what is the abnormal traffic.
If it's more complicated than that then I'll use ntop to get a
breakdown by IP address and port/protocol.
mrtg for traffic level; ipaudit (getting rather long in the tooth now)
for daily/weekly/monthly stats and wireshark or ntop for more detailed
inspection.
If anybody knows of a good ipaudit replacement I'd be interested...
Cheers,
Mike