I would like to be able to create some reports from tcpdump/snoop result
output file. After I'm finished snooping packets I need to generate some
reports about it: For example:
protocol distribuition (TCP/UDP, ICMP ...)
appliaction protocol distribution (HTTP, FTP, DNS ...)
I don't need some fancy stuff like Network Associate sniffer. I just wan't
to know at some moments who are the top users who generate the largest
traffic to/from Internet. They all go via proxy machine (on Solaris) and
that is where I need to run sniffer and sniffer analyzer.
I know I have proxy logs and I use them but they are generated on weekly
basis and they are useless at the exact moment I need to find top users.