Packet Monitoring

[Wilcox, Chris]

I don't know where the traffic is originating from, except that it's on my
network, not on the internet.

So I can't pin down an actual internal IP address. I'll just have to log
them all and hope it shows up.

I'm thinking on using tcpdump. I have MRTG running as well. I would like to
setup a max threshold in Nagios, when that threshold is reached, then it
kicks off a script file which runs tcpdump for ten minutes and stops.

Ethan got me heading in the right direction here. Hope it works.

Should I use check_mrtgtraf or check_mrtg?  I'll try to investigate that as
well.  Someone already have the arg's done out there?

Chris.

-----Original Message-----
From: Demetri Mouratis [mailto:dmourati at cm.math.uiuc.edu]
Sent: Friday, August 30, 2002 2:05 PM
To: Wilcox, Chris
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Packet Monitoring


Uhh, try looking at the logs on your servers behind that router?  A packet
sniffer/logger is not a bad idea.  Try snort, sniffit, ethereal, anything
really.  Shouldn't be too hard to track down given the time of day and IP
address.

What ports are open through the firewall?  Is bulk data transfer allowed?


On Thu, 29 Aug 2002, Wilcox, Chris wrote:

> I have a problem.
>
> Using MRTG and Nagios I have determined that some very large data
transfers
> are happening after hours. How do I pin down exactly who and what is being
> transfered??
>
> I could use a sniffer but don't know which one could run all night and
> capture all packets on the network.  Anyone know of a tool to help with
> this??
>
> Thanks in Advance.
>

---------------------------------------------------------------------
Demetri Mouratis
dmourati at linfactory.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20020830/bef8e936/attachment.html>