Losinsky, Jim said:
> I have a user that is generating 100's of MB of traffic and I think it
> is coming from a specific server. So, I want to monitor all traffic
> from the user IP to the server IP. I would like to get the statistics in
> a report.
What sort of statistics?
If you don't *know* whether the traffic is between that user and some
specific server, presumably one thing you want to find out is whether it
is, in which case you'd want to monitor all traffic to and from that user
IP *regardless* of what the other server is, and see how much of that
traffic is to or from that server.
If so, you could capture the traffic with a capture filter of
host {that user's IP address}
and then use the "Conversations" statistic (although it was called
something else - "endpoint talkers"? - in earlier releases and perhaps in
the current release) to see who they're talking to.
However, if *all* you want are statistics of that sort, you might want to
use ntop instead:
http://www.ntop.org/ntop.html
as it doesn't save the traffic to disk - if you want a *traffic
monitoring* tool, ntop is, in some cases, better than Ethereal.