How It Works
Ipaudit listens to a network device in promiscuous mode, and records every 'connection', each conversation between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
It uses a hash table to keep track of the number of bytes and packets in both directions. When ipaudit receives a signal SIGTERM (kill) or SIGINT (kill -2, usually the same as a Control-C), it stops collecting data and writes the tabulated results.
Ipaudit uses the pcap packet library, by LBNL Network Research Group, to read the network interface.