I am looking for an application to run on a Linux/BSD box
that will listen passively to network traffic and collect statistics about the
type of traffic being passed. I have a distribution router for a few hundred
users, and a backbone router. The two are connected via Ethernet. I am going to
connect them to a switch and mirror all traffic to one of the ports to another
port for analysis. The load is well under 100Mbps (actually more like 3-4Mbps).
I want to collect data about the type of traffic so that I
can put in place filters to rate limit some of the traffic we deem as “lower
priority” (i.e. – p2p, file sharing, etc.). I would like to be able
to generate graphs and reports on the types of traffic being passed over the
network.
I would prefer this box be passive on the network and only
collect data rather than have traffic route through it, that way if the box
fails the network is unaffected. However, I am willing to place the box as a
router simply routing data between the “distribution” and “backbone”
routers.
Is this something Ethereal (perhaps with some modifications)
can do? Is this something I can just run tcpdump and log the data to a file for
analysis at a later time with some package? If so, what? I really don’t
know where to start… thanks for input!
Thanks,
Chris Miller
6PS Corporation
www.6ps.com