Analyze network traffic with Acid

ACID is a great tool if you run a Linux firewall. Combined with the power of SNORT, you can capture all network traffic coming in, and going out of your network. We used this at one of my old jobs to detect where our bandwidth was being used. Acid lets you analyze every packet. which means you can snoop on your users all day long. Tracking Instant Messaging, Streaming Media and keeping track of web usage is also a great use for this tool.

The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include:

• Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).
• Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts
• Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases.
• Chart and statistics generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification