If you’re looking for real-time network statistics, check out the terrific ntop tool (http://www.ntop.org). It is a full-featured protocol analyzer with a web frontend, complete with SSL and graphing support. Unfortunately, ntop isn’t exactly lightweight (the precise amount of resources required depend on the size of your network and the volume of network traffic), but it can give you a very nice picture of who’s talking to whom on your network.

ntop needs to run initially as root (to throw your interfaces into promiscuous mode and start capturing packets), but then releases its privileges to a user that you specify. If you decide to run ntop for long periods of time, you’ll probably be happiest running it on a dedicated monitoring box (with few other services running on it, for security and performance reasons).

Some of the important Ntop Features

• Sort network traffic according to many protocols
• Show network traffic sorted according to various criteria
• Display traffic statistics
• Store on disk persistent traffic statistics in RRD format
• Identify the indentity (e.g. email address) of computer users
• Passively (i.e. withou sending probe packets) identify the host OS
• Show IP traffic distribution among the various protocols
• Analyse IP traffic and sort it according to the source/destination
• Display IP Traffic Subnet matrix (who’s talking to who?)
• Report IP protocol usage sorted by protocol type
• Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
• Produce RMON-like network traffic statistics

Starting ntop (not as a daemon):

Some stats from ntop web interface: