ipaudit listens to a network link using promiscuous mode and gathers statistics on network usage. For every combination of host pair, port pair and protocol, it counts bytes and packets in both directions. After a fixed interval (30 minutes for example) ipaudit can be signaled (via kill command) to output its results. The text output can be processed into reports but the raw data can also be useful identifying heavy bandwidth consumers, intrusive telnet sessions, denial of service attacks, etc. There is also an option (like tcpdump) to save raw packets to specific ports for detailed subsequent analysis with packages such as tcpdump or ethereal.
982b4d7197acb8b92706652d9b2b43d7fd82be03e5ac8e480a7d688834cf94a8