[c-nsp] OT: Following Up on Netflow Information
Gert Doering
gert at greenie.muc.de
Fri Jul 8 12:21:08 EDT 2011
Hi,
On Fri, Jul 08, 2011 at 03:58:54PM +0000, Jeff Cartier wrote:
> I'm just curious as to how 'you' would go about tracking down a
> user that *may* possibly be downloading large amounts of data
> causing congestion on a link. For instance, I had a case this
> morning with an internal IP address of 10.x.x.x that showed a 900MB
> conversation over TCP 80 (HTTP) to an ip address of 174.120.5.220.
ntop on a sniffer port is nice.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110708/6f0bc3eb/attachment.pgp>
More information about the cisco-nsp
mailing list