net traffic analyzer for linux firewall needed - looking for software suggestions

net traffic analyzer for linux firewall needed - looking for software suggestions

Here is what I'm looking for:
A tiny console tool which dynamically shows all incoming nettraffic.

Here is what I want to improve:
A linux firewall (SuSE 7.3) with tools like (tail -f /var/log/firewall and iptraf [from Gerard Paul Java])

Any software suggestions ?
What experience did you make ? and with wich software ?

Thanks for your help


Who is Participating?
smiskConnect With a Mentor Commented:
Try this for tcpdump :

tcpdump -x -X -i eth0 'dst and dst port not 80 and src net not'

Where the following applies : : firewall that you want to monitor.
80 : http port. : subnet on which to allow incoming traffic from w/out printing to stdout.  use this if you have some trusted hosts on a network (you said all "unkown incoming traffic").

Also, if you're doing this over an ssh connection you probably want to add 'and host not my.ip.address' so your ssh connection doesn't flood the screen.

tcpdump has a lot of really great features.  Check the man pages for more useful options (ie, 'tcp' if you only want to see tcp traffic).

try the man pages for tcpdump. If you don't have it, it is freely available.
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

I find that ntop ( is a very nice traffic analyzer for networks in general. You can monitor overall traffic as well as see statistics relating to a single host, like who they are talking to and how much data is assocaited with a connection.
mfuerlingerAuthor Commented:
hi Irmoore
, tried 'tcpdump' before but got stuck somewhere in the manual.
trying again...more precise:
searching a way to report all unknown incomming nettraffic except port 80 on the firewals eth0 dynamically on stdout.
Did not find a really helpfull expression and/or switch in 'tcpdump' yet.

salut ahoffmann
just downloaded mrtg2.9.18pre9 - hold on.
Try Ethereal as an alternative. It might be easier to set filters.

What do you have in front of the firewall for a router? If it is a Cisco router, you can setup access-lists to send all that traffic off to a syslog server..
hmm, seems that you need to clarify what you want to see:
   a) just packet headers
   b) packet content
   c) data streams (packets belonging/related to a connection)
   d) statistics about traffic (that's what I assumed according to the question)

for a) and b) go with tcpdump, or ethereal if you know how to use a mouse
for c) ethereal might be the better choice, there are some more of such programs
mfuerlingerAuthor Commented:
Finally to finish this question.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.