ntop and BandwidthD are yet further utilities built on libpcap. Both are more useful for long term monitoring of network traffic as a general policy of looking for suspect packets than for speedy forensics.
From the homepage:
ntop is a network traffic probe
... uses a Web browser for the interface... configurable via the
browser...
From the homepage:
BandwidthD tracks usage
of TCP/IP network subnets and builds HTML files with graphs to
display utilization. Charts are built by individual IPs, and by default
display utilization over 2 day...
| ...previous | up (conts) | next... |