Network software to monitor network usage/packets, does something like this exist?
 

I was thinking it would be neat to have a device that sits at the gateway and basically sniffs all packets coming in/out. It would then group them in various ways, allow you to setup rules etc so they show up as different colors, or what not. Maybe even generate graphs and such. Basically, a fancy packet sniffer/analyzer, if you will. It could either sit between internet and firewall, or sit behind firewall so it can also be aware of all the vlans. it would use a read only approach where it's simply on the same bus as the trunk port and listens to all the traffic. Could probably use port mirroring or some kind of hub/splitter etc. Idealy it would require a box with two nics, as the other nic would be management (access web interface and such).

It would be used to get an idea of what traffic is going in/out of your network, while allowing you to easily filter out certain types of traffic like http so you can easily find anything that is odd/not right. Perhaps it could even do real time packet sniffing with a rolling log that just deletes older sniffs. Rules could be used so it only sniffs stuff that you did not set as an exception (ex: torrent traffic). Basically kinda like a firewall, but only for analyzing and categorizing traffic.

Does such software exist? If not I wonder how hard it would be to make something like that. I imagine there must be premade libraries that would do the hard work of capturing packets and deciphering the basic metadata.

It sounds like you were describing Wireshark, I'm not sure about the making graphs though
https://www.wireshark.org/

I know about wireshark, but I'm talking about something that runs more in the background 24/7 on a server. Something that will allow me to do analytics and such on traffic. Perhaps even alert for weird patterns. Ex: connectivity on a port that has never been connected to before.

What you are looking for could be SiLK; this set of tools can collect traffic information a from a piece of network equipment (switch, router) that can be analyzed later on. It doesn't generate graphs, but you can probably build them from the gathered data.

I have no experience with this (I have learned about it from this book); it probably requires some time and resources to give you the results that you are looking for.

Generally speaking, you may want to look at similar tools able to manage NetFlow (for Cisco equipment) or sFlow (from other vendors). SiLK is one solution, there is probably other ones available.

Does this sound like what you want?

-- Bro is an analysis framework "Bro is not trying to tell you what is bad, it tries to tell you what is happening." It also has a scripting language "Bro-Script" for custom automation. The advantages of Bro is that it records all traffic, so if something happens you can look in detail what it was, and the records dont lie.
-- Suricata is an enhancement to exsisting infranstucture (logging critical componets, hardware acceleration, firewall integration, *NIX socket mode for automated PCAP file processing, etc) Also has a scripting language "Lua" that can be used with information obtained from packets for complex matching to detect complex threats

Thanks those two sound interesting, I may check them out. This is more just something I was thinking it would be nice to have, idealy I'd probably want to setup a dedicated box for that but might play with it in a VM too.

no problemo glad to help.