Wireshark mailing list archives
Re: Finding an intruder
From: Anne Blankert <anne.blankert () geodan nl>
Date: Thu, 15 Dec 2016 03:39:58 +0100
Hi, there is no 'standard' way to filter 'problem' traffic. However, if the problem is the AMOUNT of traffic, then just a small sample might suffice. Ask your friend to do nothing specific on her computer(s) and collect network traffic for a few minutes. Analyse the data manually to see what is the type, the source, and the destination of the most of the data captured. How much is the data cap? Divide that by 30 (days) times 24 (hours) times 60 (minutes) and you know how much per minute that is. Does the size of the capture per minute amount to more than this limit? Anneb 2016-12-15 3:06 GMT+01:00 Steve Matzura <sm () noisynotes com>:
New to the list, been using some version of the Shark way back to Ethernim days, so I'm familiar with its capabilities. It's become quite sophisticated lately, hence the following problem description and question. A friend has a cable Internet provider with data caps. Lately, he's been getting nastygrams from them that he's exceeded those caps, and it's only two weeks into his billing month. Something somewhere is sending and receiving tremendous amounts of data, and I've been taksed to find out what's doing it. So, should I just run Wireshark and capture everything, collect some ridiculous amount of data and hand-analyze it, or might there be a convenient filter out there in Wireshark cyberspace land that could help me narrow the field and nail the culprit? Antivirus, antimailware, antispyware scans all come up clean and green, the DHCP client list on the router has no unknown devices in it, we're stumped, so I'm turning to the best network monitoring tool I know to help me dig this one out. Thanks in advance. ____________________________________________________________ _______________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Finding an intruder Steve Matzura (Dec 14)
- Re: Finding an intruder Anne Blankert (Dec 14)
- Re: Finding an intruder Steve Matzura (Dec 14)
- Re: Finding an intruder Anne Blankert (Dec 14)