I have a Cisco switch 3560 with a router for private VPN plugged into it. Unfortunately I don't have any kind of access into this router.
I'm going to set a local SPAN and mirror all traffic to another port where I'll plug my sniffer.
I need to generate graphs that will show me what kind of traffic is going through VPN.
Preferably some Linux freeware application which will provide me graphs (something like Cacti) but I need more specific reports with ports and IP addresses.
Is Ntop what I'm looking for? Will it work the way I want?
It depends on what kind of VPN this is, i.e site to site or user, and which side you are on. I think the original poster is implying that he is on the internal side and so could reasonably monitor any unencrypted traffic that leaves that machine bound for internal or external networks that traverse his switch. Similarly even if the traffic is encrypted you are going to see at the very least the volume of traffic to destination / source ips.
Ntop is a pretty good tool for this, and will provide very detailed long running reports on throughput, bandwidth, and other metrics like a protocol breakdown if it can, its also fairly trivial to get running since its based on libpcap and really just needs a promiscuous port on a linux box and some kind of management interface.
I'm thinking you're not going to be able to see the actual traffic inside the VPN tunnel as it will be encrypted, but you should be able to see the volume of VPN traffic.
With a bit of tweaking in the reporting and IO-graphing options, Wireshark should be able to cater for your needs.