folk have asked me to summarize. so here it goes "Justin M. Streiner" <streiner@cluebyfour.org> and Nicolas Strina <nicolas.strina@noc.ip-man.net> recommended the nfdump nfsen pair, http://nfsen.sourceforge.net http://nfdump.sourceforge.net Chris Kuethe <chris.kuethe@gmail.com> and Peter Wohlers <pedro@whack.org> recommended ntop http://www.ntop.org/ Peter Wohlers <pedro@whack.org> also recommended Stager http://software.uninett.no/stager/?page=docs Steven Rakick <stevenrakick@yahoo.com> recommended nSight http://www.obtuse.net/software/nsight Tony Hacche <hacche@gmail.com> recommended Crannog's NetFlow Tracker http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1 Jared Mauch <jared@puck.nether.net> has a tool to detect and highlight ddos symptoms, but it does not have per-protocol sexy graphs. looks very useful for ddos detection, though --- i am currently playing with nfsdump/nfsen randy