Posted: Tue Jul 12, 2005 8:19 pm Post subject: How to detect network pollution out of 30 servers network?
Ive got a friend whose admining a 30 stations network and he's got
one or maybe a few that are polluting the network, probably by spyware or some viruses...
I was suggesting to give a try with ethereal, though according to him it's
too many details to analyze, as he is not sure how to figure out what is "ok" traffic and what is not (since there are many open ports to the outside).
Is it possible to use ethereal in some way to show bandwidth usage of all boxes its sniffing on?
Any other solution to figure out which of the computers causing the pollution would be happyily welcome.
Depending how his network is setup, switches vs hubs, ethereal will do the trick if those infected machines are flooding the network..
best thing to do, turn it on and see what you see.. If he see's a constant broadcast/multicast stream from a particular machine that shouldn't be broadcasting, that's probably a good sign. They may even be connection attempts..
Especially if no one is on the network at the time.. It isn't hard to see if a machine is flooding the network (unless you're on a switched network, gets a little tougher to pinpoint).
Joined: 12 Jul 2005 Posts: 0 Location: New Zealand heading to the UK
Posted: Tue Jul 12, 2005 10:12 pm Post subject:
you could try downloading the trial version of solarwinds which is a network monitoring tool. That would probably be easier then using ethereal. You can get the 30 day trial of the engineers edition here http://www.solarwinds.net/Download-Tools.htm
It allows you to see what machines are transmitting / receiving what traffic when, plus a large number of other functions. We use it at my workplace to monitor all our servers and switches and routers.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum