Wireshark mailing list archives
Re: finding the smoking gun for traffic spikes
From: Kevin Cullimore <kcullimo () runbox com>
Date: Mon, 18 Jul 2011 17:41:10 -0400
On 7/18/2011 8:46 AM, Rogelio wrote:
Anyone know how I easily find unknown unicast flooding? The only way I can think of how to do it would be to search the IO graphs for bursts, then look at the MACs / IPs during those bursts, and then try to compare those to a list of known good IP / MAC addresses on the L2TP tunnel segment at that time. I was hoping that there would be an easier way to filter out for it rather than going through all of these steps.
Statistics->conversations might be worth a look.
___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- finding the smoking gun for traffic spikes Rogelio (Jul 17)
- Re: finding the smoking gun for traffic spikes Rogelio (Jul 17)
- Re: finding the smoking gun for traffic spikes David H. Lipman (Jul 18)
- Re: finding the smoking gun for traffic spikes Rogelio (Jul 18)
- Re: finding the smoking gun for traffic spikes Kevin Cullimore (Jul 18)
- Re: finding the smoking gun for traffic spikes David H. Lipman (Jul 18)
- Re: finding the smoking gun for traffic spikes Rogelio (Jul 17)