Security Basics mailing list archives
Re: Sniffering and Protocol Analyzer ?
From: "Jacco" <computerguy () citlink net>
Date: Mon, 9 Jul 2007 22:29:49 -0500
Mohamed :try ettercap if you have any form of linux or download the win32 binairies from
http://ettercap.sourceforge.net/ and with some screenshots from http://ettercap.sourceforge.net/screenshots.phpthose will help you to get more acurate data, save it to a file and awk it to get a nice output
you can use some of it s addons to further sort out who or what is consuming your bandwith .
also you can checkout proxyfuzz another man-in-the-middle network fuzzer http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/which has many options and a lot of documentation, which should give you a clear view of what , who and when your bandwidth is consumed and what you can do to block these sources or cut the bandwidth on them : i suggest making access control lists (ACL) on one of your layer 3 devices and divide the bandwidth of those processes that consume too much evenly with a net or process limiter
Greetings Jacco "Dash" Rorman Ad Astra per Administratio Aspera !----- Original Message ----- From: "Skokan, Paul" <Paul.Skokan () netapp com> To: "Mohamed Farid" <mfarid () mscc com eg>; <security-basics () securityfocus com>
Sent: Monday, July 09, 2007 12:42 PM Subject: RE: Sniffering and Protocol Analyzer ? NTOP is a good tool which breaks down the conversations and provides other good analysis. -----Original Message----- From: Mohamed Farid [mailto:mfarid () mscc com eg] Sent: Sunday, July 08, 2007 3:00 AM To: security-basics () securityfocus com Subject: Sniffering and Protocol Analyzer ? Dear All : I have a problem : I have a MRTG on one of my Internet Switches and it shows that the traffic is almost 100% utilized ... I need to have a packet sniffering and protocol analyzer to show me the PC which is the cause of this problem ... I used Ethereal ( Woreshark ) but I couldn't get an easy output ... Can you advise what should I do ? Mohamed Farid ,, * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This e-mail (including attachments) is classified as Mediterranean Smart Cards Company confidential and proprietary information The recipient hereby is committed to hold in strict confidence the contents of this (e-mail, document, and information) and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company. Recipient will be held liable for any unauthorized disclosure. It is intended solely for the addressee. Unless you are the addressee, you may not read, copy, use or store this e-mail in any way, or permit others to. If you have received it in error, please notify the sender by return e-mail and delete the message in its entirety, including any attachments * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- No virus found in this incoming message. Checked by AVG Free Edition.Version: 7.5.476 / Virus Database: 269.10.2/891 - Release Date: 7/8/2007 6:32 PM
Current thread:
- Sniffering and Protocol Analyzer ? Mohamed Farid (Jul 09)
- RE: Sniffering and Protocol Analyzer ? Skokan, Paul (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Jacco (Jul 09)
- Re: Sniffering and Protocol Analyzer ? lobo (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Kurt Buff (Jul 09)
- Re: Sniffering and Protocol Analyzer ? Nikhil Wagholikar (Jul 11)
- RE: Sniffering and Protocol Analyzer ? Skokan, Paul (Jul 09)