[nsp] Suggestions on tracking down bandwidth offenders

Scott Weeks surfer at mauigateway.com
Thu Jul 15 02:15:35 EDT 2004



On Wed, 14 Jul 2004, Tony Mucker wrote:

: Remove the white space and enjoy.  In the past I've used ethereal dumps
: to figure out who the big talkers were, but frankly it takes too long to
: crunch all the packets.  I've also tried etherApe, but the analysis
: makes my poor little laptop crawl.  Are there any tools out there that
: will speed this up?  Possibly by looking at the firewall logs?


NTop will find out the top talkers (bit-wise) without you trying to look
at all the packets individually.  Then use Nessus to scan the offender.
If you can't find them that way, see if a machine on your network is being
used as a DOS attacker.  Perhaps there's not a lot of bits transferring
from any one machine, but there's a lot of packets.  Use MRTG to graph
packets per second, syn packets per second, etc. in addition to bits per
second.

www.ntop.org
www.nessus.com

scott










x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=



More information about the cisco-nsp mailing list