On Thu, Aug 30, 2012 at 4:32 AM, Indunil Jayasooriya <indunil75 at gmail.com>wrote: > Have you tried Darkstat - it's a nice very very lightweight alternative > > > > http://unix4lyfe.org/darkstat/ > > > > > I installed it on Centos 6.2 (64 bit VM). It is pretty light. > > I would like to know on which host should I install it on LAN? > If you want it to be able to see all traffic on the local network, then you have to make sure all the traffic actually shows up on that interface - which is not usually the case on a switched network :-) My plan for today is to install darkstar on a separate physical host with dual nic's, and tell the switch to copy all traffic on the VLAN's that I wish to monitor to one port which will then be connected to one of the NIC's on the darkstar host. This feature is called "port mirroring" on ProCurve switches but most professional switches have similar features, although they might be called differently. > gateway Machine, proxy Server or any host on that LAN? > Alternatively, if you have a gateway machine that all traffic passes through, this would also be a good candidate unless traffic is so high that the additional load from darkstat impacts performance - or any bug in darkstat that just might interrupt regular operations. BR Bent