• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How to detect network pollution out of 30 servers network?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking

View previous topic :: View next topic  
Author Message
lir
Just Arrived
Just Arrived


Joined: 15 Jun 2005
Posts: 0


Offline

PostPosted: Tue Jul 12, 2005 8:19 pm    Post subject: How to detect network pollution out of 30 servers network? Reply with quote

Ive got a friend whose admining a 30 stations network and he's got
one or maybe a few that are polluting the network, probably by spyware or some viruses...

I was suggesting to give a try with ethereal, though according to him it's
too many details to analyze, as he is not sure how to figure out what is "ok" traffic and what is not (since there are many open ports to the outside).

Is it possible to use ethereal in some way to show bandwidth usage of all boxes its sniffing on?

Any other solution to figure out which of the computers causing the pollution would be happyily welcome.


Thanks,
Lir.
Back to top
View user's profile Send private message
snootalope
Just Arrived
Just Arrived


Joined: 14 Jan 2003
Posts: 4
Location: IA _ USA

Offline

PostPosted: Tue Jul 12, 2005 9:38 pm    Post subject: Reply with quote

Depending how his network is setup, switches vs hubs, ethereal will do the trick if those infected machines are flooding the network..

best thing to do, turn it on and see what you see.. If he see's a constant broadcast/multicast stream from a particular machine that shouldn't be broadcasting, that's probably a good sign. They may even be connection attempts..

Especially if no one is on the network at the time.. It isn't hard to see if a machine is flooding the network (unless you're on a switched network, gets a little tougher to pinpoint).

good luck
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
B
Just Arrived
Just Arrived


Joined: 12 Jul 2005
Posts: 0
Location: New Zealand heading to the UK

Offline

PostPosted: Tue Jul 12, 2005 10:12 pm    Post subject: Reply with quote

you could try downloading the trial version of solarwinds which is a network monitoring tool. That would probably be easier then using ethereal. You can get the 30 day trial of the engineers edition here http://www.solarwinds.net/Download-Tools.htm
It allows you to see what machines are transmitting / receiving what traffic when, plus a large number of other functions. We use it at my workplace to monitor all our servers and switches and routers.

B.
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Jul 12, 2005 10:22 pm    Post subject: Reply with quote

you can use filters in ethereal to reduce the amount of information. here's a handy page of examples

i tend to mostly use the host src and dst ones to look at one server at a time.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register