When I first got the pi up and running as a webserver and implemented some WAN logging I was freaked out by the amount of probing going on eminating from remote computers.

There's always the fear that some unscrupulious hacker has taken over your pied-and-joy (see what I did there!) and using it to route some more than illegal traffic through your network connection to cover their tracks. Trouble is with all this logging you can't see the wood from the trees.

So I got to thinking, whilst in the early days there wasn't a lot of traffic through my website I'd easily be able to tell something was up

sudo apt get install gnuplot

. In fact https://www.raspberrypi.org/forums/viewtopic.php?f=36&t=7390

http://serverfault.com/questions/448768/cat-proc-net-dev-and-ip-s-link-show-different-statistics-which-one-is-lyi