In message <20051027142609.GF16701@quartz.itdept.newn.cam.ac.uk>, Patrick Welch
e writes:
>On Wed, Oct 26, 2005 at 12:35:38PM -0400, Steven M. Bellovin wrote:
>> In message <Pine.NEB.4.63.0510261559240.616@localhost.>, David Brownlee writ
>es:
>> >On Wed, 26 Oct 2005, Steven M. Bellovin wrote:
>> >
>> >> Is there any package that will construct a traffic matrix?  Ntop is
>> >> telling me that there is traffic to strange and wondrous places, but I
>> >> don't know which hosts are talking to them, or over what ports.  (Maybe
>> >> ntop can do this, but if so I haven't figured out how to make it
>> >> display it.)
>> >>
>> >> More precisely -- I have a small (Soekris) NetBSD box with three
>> >> bridged interfaces, one of which leads to the outside world.  I'd like
>> >> to run some package that could monitor traffic on that third interface
>> >> and produce a matrix showing which hosts are talking to which.
>> >>
>> >> Generating data in NetFlow format is probably ideal, since there are
>> >> lots of tools to manipulate that.  I see nprobe in pkgsrc, but its
>> >> availability terms are, well, unusual.  The package is also quite old;
>> >> it's version 1.3.1 from 2002.  4.0 is the current version.
>> >
>> > 	For realtime display I've find iftop or flodo of some use though
>> > 	neither is ideal...
>> >
>> Or Ethereal.  But I'm looking for something that produces databases that 
>> I can query later.
>
>I happen to use "NeTraMet", and wrote a little something to load its log
>files into postgresql. It splits into a meter and a reader. All seems
>quite robust:

That sounds like exactly what I'm looking for; thanks!  (And I see it's 
even in pkgsrc.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb