IPAudit monitors network activity on a network by host, protocol and port.
IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.
2016.02.13: After 13 years (wow, that's a long time), here's a new version of the ipaudit binary tarball: ipaudit-1.1. It includes several bug fixes that improves ipaudit as a daemon.
2005.07.12: There is a very good introduction to IPAudit-Web at SecurityFocus.org.
2005.01.08: A new ipaudit binary package ipaudit-1.0BETA2 is now available via the downloads section. Ipaudit 1.0 incorporates all the changes that were made to the ipaudit binary that is bundled into ipaudit-web. Compared to previous ipaudit binary packages, 1.0 includes improved portability, a daemon execution mode (-D), a timed execution mode (-E) and Mysql support as well as other improvements.