Dear experts,


I use a firewall on my XP machines.

And, set task manager to come up on startup.
This way I can watch any network activity that is ocurring.


Usually, I can be pretty sure that the network activity is
coming from me. But sometimes there is activity not from me.
I will run netstat to see the IP and HTTP addresses.
Often it can be a background processes running, such as updates.

But what if is it is malicious?

What website is that coming from????

I'd like to get some software that will summarize network
activity by website and IP address. In real time.

So, if I see a lot of actvity on task manager networking,
I will see exactly which websites and IP addresses that
activity is associated with.

I noticed that Linux has iptraf. This is a good start.
From what I can see, it shows me all the activity.
But I don't see a way to summarize this activity by
website or IP address.

What are some software packages that will summarize the
network activity by website? Ideally, for free
(similar to process monitor, or explorer).


Thanks a lot!

I'd use iptraf as you mentioned for an overview of what is going through your firewall (linux) and if you need more detail, use tcpdump.

Darrell, a simple (both in configuration and in details) solution with web interface would be darkstat.

Its two minutes to configure and get going. Instead of giving the netmask in the config as 192.168.1.0/24, try 192.168.1.0/255.255.255.0. The former gave me trouble when I tried, not sure why.

And if you are looking for something without web interface, I like to use etherape a lot. This gives the real time traffic usage, with from-to ip/host and protocol/port etceteras.