We have a Linux box (mandrake 8.0 with kernel 2.4) set up as a firewall.
It has 2 NIC's, one for our link and one into our switch. I noticed today that the usage looks fishy. i.e. : Received bytes (970MB) Transmitted bytes (2790MB).
As the link is only used for mail and www surfing I suspect either misuse of mail (all those porn videos) or someone running a warez server on our network.
I need a way to monitor traffic by host in our network. Overall usage statistics will also be usefull of course.
I had a look on the web but got lost in all the pre-ipchains and other old methods (which I did not bother to even read. I am trying the easy way out here).
Thus what I need is pointers to the best network usage/firewall traffic usage software that will work with our current setup to catch the culprit.
Fire away ...
PS. Please do not tell me to run tcpdump. I am very capable of doing that but doing the math in my head is too much and writing scripts to do it will hog the server too much.