Wireshark mailing list archives

Re: finding the smoking gun for traffic spikes

From: Kevin Cullimore <kcullimo () runbox com>
Date: Mon, 18 Jul 2011 17:41:10 -0400

On 7/18/2011 8:46 AM, Rogelio wrote:

Anyone know how I easily find unknown unicast flooding?

The only way I can think of how to do it would be to search the IO
graphs for bursts, then look at the MACs / IPs during those bursts,
and then try to compare those to a list of known good IP / MAC
addresses on the L2TP tunnel segment at that time.

I was hoping that there would be an easier way to filter out for it
rather than going through all of these steps.

Statistics->conversations might be worth a look.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

finding the smoking gun for traffic spikes Rogelio (Jul 17)
- Re: finding the smoking gun for traffic spikes Rogelio (Jul 17)
  - Re: finding the smoking gun for traffic spikes David H. Lipman (Jul 18)
    - Re: finding the smoking gun for traffic spikes Rogelio (Jul 18)
    - Re: finding the smoking gun for traffic spikes Kevin Cullimore (Jul 18)