ArgusEye

Argus is a powerful suite of tools for Transaction-based network auditing. Argus captures network traffic like tcpdump does, but aggregates packets to transactions and applies various metrics. Argus comes with a daemon for traffic Capture and various client programs in the argus-clients distribution. Features: * Read Argus logfiles (up to ~100,000 transactions) and display the records in a fully configurable view. * Read tcpdump files (on-the-fly converting to Argus format). * Management of remote Argi via SSH. * Live transaction reading from an Argus sensor. * A Details view for each transaction. * Hostname and whois lookups of IP addresses.