IPAudit is a free network monitoring program. IPAudit monitors network activity on a network by host, protocol and port.
IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.
IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
It uses a hash table to keep track of the number of bytes and packets in both directions. When ipaudit receives a signal SIGTERM (kill) or SIGINT (kill -2, usually the same as a Control-C), it stops collecting data and writes the tabulated results.
A great article at SecurityFocus.
More information and download is here