A new project I have due. I could use assistance.

[GFBurke]

Hello. Nice site.

I need to build a "box" of some sort that can monitor packets for individual IP addresses. This would send alerts if there was an absorbent amount of traffic on an "odd port" (worms, Trojans, malware - to be customized) and let us know which IP it's coming from.

This is for a large (and growing) WiFi ISP.
We just need to know when these scumware's are using bandwidth so we can alert the client and/or turn them off.

The through-put is 45MB a second at the nock. (So a 10/100 NIC is sufficient)

I was thinking of something like TCPdump or similar. I think reporting EVERY packet could be very cumbersome for this box - so maybe ever 5th packet or something. Then show a % or somthing.

This box will not be in our physical location - so we would like the data to be pushed over to a PHP site , or so we can remotely see the data.

I would like this to be a rack, but the physical is not important right now.

Any good ideas here on this?
Thank you.

[the_unforgiven]

Did you try out Nagios??
http://www.nagios.org

It's a general purpose network monitor, but can be extended with plugins.