We have a PaloAlto Firewall (PA-500) for our public interface. We have noticed much traffic on the pipe lately and we can't track it down. Is there some way to tell what is creating all the traffic. We asked our ISP to give us an IP accounting on the circuit but they are slow to respond; by the time they set this up, the high traffic condition has normalized. Is there a software package that we can use to track our network usage? I'd want to know where packets are coming from and where they are going and I want to see it in real-time. The PaloAlto has an extra interface so it could be used as a tap to monitor the ingress/egress traffic.