<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> <TITLE>RE: [Nagios-users] Packet Monitoring</TITLE> </HEAD> <BODY> I don't know where the traffic is originating from, except that it's on my network, not on the internet. So I can't pin down an actual internal IP address. I'll just have to log them all and hope it shows up. I'm thinking on using tcpdump. I have MRTG running as well. I would like to setup a max threshold in Nagios, when that threshold is reached, then it kicks off a script file which runs tcpdump for ten minutes and stops. Ethan got me heading in the right direction here. Hope it works. Should I use check_mrtgtraf or check_mrtg? I'll try to investigate that as well. Someone already have the arg's done out there? Chris. -----Original Message----- From: Demetri Mouratis [<A HREF="mailto:dmourati@cm.math.uiuc.edu">mailto:dmourati@cm.math.uiuc.edu</A>] Sent: Friday, August 30, 2002 2:05 PM To: Wilcox, Chris Cc: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] Packet Monitoring Uhh, try looking at the logs on your servers behind that router? A packet sniffer/logger is not a bad idea. Try snort, sniffit, ethereal, anything really. Shouldn't be too hard to track down given the time of day and IP address. What ports are open through the firewall? Is bulk data transfer allowed? On Thu, 29 Aug 2002, Wilcox, Chris wrote: > I have a problem. > > Using MRTG and Nagios I have determined that some very large data transfers > are happening after hours. How do I pin down exactly who and what is being > transfered?? > > I could use a sniffer but don't know which one could run all night and > capture all packets on the network. Anyone know of a tool to help with > this?? > > Thanks in Advance. > --------------------------------------------------------------------- Demetri Mouratis dmourati@linfactory.com </BODY> </HTML>