[Full-disclosure] Full packet inspection


I am wondering if someone can point me in the right direction. We are currently evaluating our bandwidth policy and are finding the need to dig deeper in our network traffic to find out what the current bandwidth is being used for.

We have used different tools in the past, NTOP for example to find out this information but it seems that this tool may no longer be a good way to go about it.

We are finding the need to look inside socks connections and classify traffic that is encrypted on it's own amount other things.

I was hoping some people could provide a list of tools they are using or have used to help in classifying or inspecting network traffic on a ongoing bases.


Michael Gale

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/