Packet Monitoring

[Brian Wilson]

You could setup something like argus to monitor a spanned port that will
have this traffic on it.  You should be able to spot the flow fairly
easily.  You could also analyze netflow data from your router (if it
supports this) to determine where the flows are coming from.  Or you could
take samples from tcpdump every so often and tell tcpdump to only output
the minimal pieces of info needed to determine the culprit.

http://www.qosient.com/argus/
http://www.canet3.net/stats/cflowd.html

Hope I'm not to far out in left field, but the above tools seem to help us
greatly.

Brian

--
Brian Wilson  <wilson at ncsu.edu>      Network Analyst
Communication Technologies, ATD      W: 919.513.3472
North Carolina State University      www.ncstate.net

On Thu, 29 Aug 2002, Wilcox, Chris wrote:

> I have a problem.
>
> Using MRTG and Nagios I have determined that some very large data transfers
> are happening after hours. How do I pin down exactly who and what is being
> transfered??
>
> I could use a sniffer but don't know which one could run all night and
> capture all packets on the network.  Anyone know of a tool to help with
> this??
>
> Thanks in Advance.
>




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf