In message <Pine.NEB.4.63.0510261559240.616@localhost.>, David Brownlee writes:
>On Wed, 26 Oct 2005, Steven M. Bellovin wrote:
>
>> Is there any package that will construct a traffic matrix?  Ntop is
>> telling me that there is traffic to strange and wondrous places, but I
>> don't know which hosts are talking to them, or over what ports.  (Maybe
>> ntop can do this, but if so I haven't figured out how to make it
>> display it.)
>>
>> More precisely -- I have a small (Soekris) NetBSD box with three
>> bridged interfaces, one of which leads to the outside world.  I'd like
>> to run some package that could monitor traffic on that third interface
>> and produce a matrix showing which hosts are talking to which.
>>
>> Generating data in NetFlow format is probably ideal, since there are
>> lots of tools to manipulate that.  I see nprobe in pkgsrc, but its
>> availability terms are, well, unusual.  The package is also quite old;
>> it's version 1.3.1 from 2002.  4.0 is the current version.
>
> 	For realtime display I've find iftop or flodo of some use though
> 	neither is ideal...
>
Or Ethereal.  But I'm looking for something that produces databases that 
I can query later.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb