Security Basics mailing list archives
Re: Sniffering and Protocol Analyzer ?
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Mon, 9 Jul 2007 15:50:45 -0700
On 7/8/07, Mohamed Farid <mfarid () mscc com eg> wrote:
Dear All : I have a problem : I have a MRTG on one of my Internet Switches and it shows that the traffic is almost 100% utilized ... I need to have a packet sniffering and protocol analyzer to show me the PC which is the cause of this problem ... I used Ethereal ( Woreshark ) but I couldn't get an easy output ... Can you advise what should I do ? Mohamed Farid ,,
MRTG is a good tool for finding which machine is consuming bandwidth, but it must be set up correctly. First, what leads you to believe that utilization is nearing 100%? Which link (or set of links) showing high utilization, and in your environment what exactly does that mean? Second, are you monitoring all of the ports on your switch? Third, do you allow more than one machine to connect to an end-user switch port? If you do, then you'll need to use another tool, such as ntop or something else, to see which MAC address on the affected switch is causing the traffic. Lastly, if you have more than one switch, you may need to monitor them all, to finally pinpoint the culprit. Kurt
Current thread:
- Sniffering and Protocol Analyzer ? Mohamed Farid (Jul 09)
- RE: Sniffering and Protocol Analyzer ? Skokan, Paul (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Jacco (Jul 09)
- Re: Sniffering and Protocol Analyzer ? lobo (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Kurt Buff (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Nikhil Wagholikar (Jul 11)
- RE: Sniffering and Protocol Analyzer ? Skokan, Paul (Jul 09)