We currently have a firewall which allows outgoing connections to be
established on any port (only incoming traffic is filtered).
It would be nice to obtain data showing the breakdown of TCP traffic by port
from a given time period, to help identify unusal activity possible
indicating spyware, trojans, etc.
Does anybody know of such a program (or a mechanism for hooking into
iptables which doesn't require me to understand the entire kernel networking