[nsp] Suggestions on tracking down bandwidth offenders
Scott Weeks
surfer at mauigateway.com
Thu Jul 15 02:15:35 EDT 2004
On Wed, 14 Jul 2004, Tony Mucker wrote:
: Remove the white space and enjoy. In the past I've used ethereal dumps
: to figure out who the big talkers were, but frankly it takes too long to
: crunch all the packets. I've also tried etherApe, but the analysis
: makes my poor little laptop crawl. Are there any tools out there that
: will speed this up? Possibly by looking at the firewall logs?
NTop will find out the top talkers (bit-wise) without you trying to look
at all the packets individually. Then use Nessus to scan the offender.
If you can't find them that way, see if a machine on your network is being
used as a DOS attacker. Perhaps there's not a lot of bits transferring
from any one machine, but there's a lot of packets. Use MRTG to graph
packets per second, syn packets per second, etc. in addition to bits per
second.
www.ntop.org
www.nessus.com
scott
x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=
More information about the cisco-nsp
mailing list