Hi all,
I have few sites which interconnected using a dedicated link. During these few weeks I've found that there are some mysterious traffic pass over my router with constant amount of bandwidth all over the time. I can know this because after working hours, only few applications are running and it did not generate this kind of traffic.
Anyone can advice how to detect what kind of traffic that consumes those bandwith? I suspecting its a virus or something else because half of our clients are still using windows.
TIA.
On Friday 13 January 2006 11:10, Beast wrote:
Hi all,
I have few sites which interconnected using a dedicated link. During these few weeks I've found that there are some mysterious traffic pass over my router with constant amount of bandwidth all over the time. I can know this because after working hours, only few applications are running and it did not generate this kind of traffic.
Anyone can advice how to detect what kind of traffic that consumes those bandwith?
Run an ethereal/tcpdump capture session over night. Then it should be clear enough.
/Peter
I suspecting its a virus or something else because half of our clients are still using windows.
TIA.
Peter Kjellström wrote:
On Friday 13 January 2006 11:10, Beast wrote:
Hi all,
I have few sites which interconnected using a dedicated link. During these few weeks I've found that there are some mysterious traffic pass over my router with constant amount of bandwidth all over the time. I can know this because after working hours, only few applications are running and it did not generate this kind of traffic.
Anyone can advice how to detect what kind of traffic that consumes those bandwith?
Run an ethereal/tcpdump capture session over night. Then it should be clear enough.
I forget to add that the router interface is connected to ethernet switch. Still possible to run packet sniffer?
On Fri, 2006-01-13 at 17:37 +0700, Beast wrote:
Peter Kjellström wrote:
On Friday 13 January 2006 11:10, Beast wrote:
Hi all,
I have few sites which interconnected using a dedicated link. During these few weeks I've found that there are some mysterious traffic pass over my router with constant amount of bandwidth all over the time. I can know this because after working hours, only few applications are running and it did not generate this kind of traffic.
Anyone can advice how to detect what kind of traffic that consumes those bandwith?
Run an ethereal/tcpdump capture session over night. Then it should be clear enough.
I forget to add that the router interface is connected to ethernet switch. Still possible to run packet sniffer?
Yes, but if it is a switch and not a hub, you may need to figure out how to assign one port of the switch as a "Monitor Port".
Some switches filter traffic so that you only see traffic on you rindividual port. A "Monitor Port" shows all traffic, allowing you to sniff from that port ... you would set that option for the port that the machine running ethereal / tcp dump is using.
-
Beast -
Johnny Hughes -
Peter Kjellström