My goal is to reduce traffic loads and save some money.
Now I am exporting Netflow to AdventNet Netflow Analyzer - it is helping me to understand what traffic is passing through router. It gives a lot of useful information. But, I still have a lot of traffic that I can not classify - tcp and udp, random ports, googling gives no result. I want to have some kind of Intrusion Detection or Virus Detection software. Some soft that helps me to classify unknown traffic and probably say to me : this traffic is net worm activity. Or something like that. What solution you can advice (except - Cisco MARS)?