On Wed, Oct 26, 2005 at 12:35:38PM -0400, Steven M. Bellovin wrote:
> In message <Pine.NEB.4.63.0510261559240.616@localhost.>, David Brownlee writes:
> >On Wed, 26 Oct 2005, Steven M. Bellovin wrote:
> >
> >> Is there any package that will construct a traffic matrix?  Ntop is
> >> telling me that there is traffic to strange and wondrous places, but I
> >> don't know which hosts are talking to them, or over what ports.  (Maybe
> >> ntop can do this, but if so I haven't figured out how to make it
> >> display it.)
> >>
> >> More precisely -- I have a small (Soekris) NetBSD box with three
> >> bridged interfaces, one of which leads to the outside world.  I'd like
> >> to run some package that could monitor traffic on that third interface
> >> and produce a matrix showing which hosts are talking to which.
> >>
> >> Generating data in NetFlow format is probably ideal, since there are
> >> lots of tools to manipulate that.  I see nprobe in pkgsrc, but its
> >> availability terms are, well, unusual.  The package is also quite old;
> >> it's version 1.3.1 from 2002.  4.0 is the current version.
> >
> > 	For realtime display I've find iftop or flodo of some use though
> > 	neither is ideal...
> >
> Or Ethereal.  But I'm looking for something that produces databases that 
> I can query later.

I happen to use "NeTraMet", and wrote a little something to load its log
files into postgresql. It splits into a meter and a reader. All seems
quite robust:

% uname -srp
NetBSD 1.6B i386
% uptime
 2:50PM  up 549 days,  2:17, 2 users, load averages: 0.65, 0.55, 0.39
% ps ax | grep -i netramet
 4787 ?? Ss   574:42.72 /usr/local/bin/NeTraMet -D -i ex0 -w Newnham 
22516 p0 RV     0:00.00 grep -i netramet (csh)

Cheers,

Patrick