Argus is a powerful suite of tools for Transaction-based network auditing. Argus captures network traffic like tcpdump does, but aggregates packets to transactions and applies various metrics.
Argus comes with a daemon for traffic Capture and various client programs in the argus-clients distribution.
Features:
* Read Argus logfiles (up to ~100,000 transactions) and display the records in a fully configurable view.
* Read tcpdump files (on-the-fly converting to Argus format).
* Management of remote Argi via SSH.
* Live transaction reading from an Argus sensor.
* A Details view for each transaction.
* Hostname and whois lookups of IP addresses.
