Wireshark-users: Re: [Wireshark-users] Want to monitor a port, count bytes transferred, record wh
From: Seth Hall <seth@xxxxxxxx>
Date: Sun, 22 Apr 2012 10:59:25 -0400
On Apr 20, 2012, at 11:45 AM, Brian Excarnate wrote:

> So my first question is:  Is there some other tool that is a better choice, and if so which?


You could use something that generates netflow records and a netflow collector or Argus.  You could also give Bro-IDS a try (I'm one of the developers).  The output you're looking for can be found in our conn logs.  You can download a binary package from our website too:
	http://www.bro-ids.org/download/#binarypackages

If you're just interested in getting the conn logs, you should be to run (with the appropriate interface):
	sudo bro -i eth0

It will start creating logs in your current working directory.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/