i've been pretty impressed with nfsen. took a little bit of fiddling to figure out, but lets me drill down into things pretty well.
Seconded. nfsen is awesome. Bit of a learning curve, but extremely powerful once you get the hang of it!
You can also use iptables and the ULOG target to generate "flow" information from your Linux boxes and send the output to nfsen/nfcapd as well!
Ray
I'm not trying to hijack this thread but do you find any significant overhead involved with using the ULOG target or packet loss in your statistics? Would you have a ULOG target very early on in your FORWARD filter to log all packets? Do those packets go to a ulogd instance and then to disk (rrd to limit disk usage) for nfsen to use?
I'm concerned with losing packets in my current ntop configuration (not using pf_ring) and am looking at less obtrusive alternatives like gulp or ulog to first get ALL of the packets and with as little overhead as possible move that data to a location where analysis can happen using ntop or nfsen. Thanks.