[CentOS] OT: mysterious traffic

Fri Jan 13 10:55:56 UTC 2006
Johnny Hughes <mailing-lists at hughesjr.com>

On Fri, 2006-01-13 at 17:37 +0700, Beast wrote:
> Peter Kjellström wrote:
> > On Friday 13 January 2006 11:10, Beast wrote:
> > 
> >>Hi all,
> >>
> >>I have few sites which interconnected using a dedicated link.
> >>During these few weeks I've found that there are some mysterious traffic
> >>pass over my router with constant amount of bandwidth all over the time.
> >>I can know this because after working hours, only few applications are
> >>running and it did not generate this kind of traffic.
> >>
> >>Anyone can advice how to detect what kind of traffic that consumes those
> >>bandwith?
> > 
> > 
> > Run an ethereal/tcpdump capture session over night. Then it should be clear 
> > enough.
> > 
> I forget to add that the router interface is connected to ethernet 
> switch. Still possible to run packet sniffer?
Yes, but if it is a switch and not a hub, you may need to figure out how
to assign one port of the switch as a "Monitor Port".

Some switches filter traffic so that you only see traffic on you
rindividual port.  A "Monitor Port" shows all traffic, allowing you to
sniff from that port ... you would set that option for the port that the
machine running ethereal / tcp dump is using.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060113/32d1c8d3/attachment-0005.sig>