Analyzing network data with appliance router

[NoOp]

On 06/12/2011 03:47 PM, Patton Echols wrote:
> Greetings all,
> 
> I am looking for ways to analyze the traffic through my home network.  
> The tools that I seen mentioned as I google all seem to need to run on 
> the router.  This makes sense to me. After all, where better to access 
> the traffic.  I am wondering whether there are tools that can moniter 
> traffic within the LAN and / or to and from the WAN, but do it from my 
> desktop machine within the LAN.
> 
> Here is what I am trying to do:
> 
> I have been reading about concerns of Botnets and a recent article that 
> suggested that nearly 20% or windows machines are infected.  I have to 
> support several windows machines in our network.  We have antivirus and 
> updates applied as soon as available, but I would like to have a way to 
> ID a box that gets infected.  One suggested method is to watch their 
> traffic.  If a windows box has spikes in network activity, starts port 
> scanning, or doing other obnoxious activity, then you know you have work 
> to do.
> 
> The logging function of my appliance router is fairly minimal.  It 
> records the outgoing IP and protocol, but not the port or the time.  
> Also, it seems to be pretty limited as to how much it saves.  I'd prefer 
> to not have to set up my own router if not necessary.
> 
> Any thoughts?

Better router :-) That said, when my trusty BEFVP41 started going wonky
on my I had to back up to my Netgear & that router sucks as far as
traffic logs go. For a small home network, you might want to install
etherape to watch your network periodically. It will give you a
graphical view of your network traffic.

Unfortunately the repositories for maverick only offer 0.9.8 & 0.9.12 is
the latest:
https://launchpad.net/ubuntu/+source/etherape
http://etherape.sourceforge.net/

I'm not aware of any 0.9.12 deb's (haven't looked actually).