mass packet sniffer?

ShibasScotch · Post by **ShibasScotch** » Tue Jun 01, 2004 2:33 pm

I have this bad feeling that one of my 300 comptuers on the domain is spamming. I monitor all the traffic on my mailserver, so I know that it is not comming from there, however, it is comming from the global IP address in my firewall? is there anyway that I can monitor all the outgoing traffic? I have websense setup for filtering, but that is only http and ftp requests mostly... there must be something else that is doing this spamming..
thanks!

Pugsley · Post by **Pugsley** » Tue Jun 01, 2004 4:13 pm

you need a packet sniffing prog. also you need to set the port on the switch to foward all request to it not just the ones bound to that IP. I used to have one but for the life of me i cant find it or remember what it was called... but just look for packet sniffer.

Busby · Post by **Busby** » Tue Jun 01, 2004 6:24 pm

Ethereal will work most likely.

Can't remember the site offhand, Google it.

Pugsley · Post by **Pugsley** » Tue Jun 01, 2004 7:49 pm

Originally posted by Busby
Ethereal will work most likely.

Can't remember the site offhand, Google it.

Thats the one i had. it works good.

ShibasScotch · Post by **ShibasScotch** » Tue Jun 01, 2004 8:26 pm

great thanks !
I had heard of it, I just didnt know if it would work for the whole domain, I will try it out.

Pugsley · Post by **Pugsley** » Tue Jun 01, 2004 8:54 pm

well... if your wohle domain is on switches its only gonna se whats comming in and going out of the computer its on... you need to set a port on a switch to send all traffic (brodcast) like a hub would to see all of the traffic.

ShibasScotch · Post by **ShibasScotch** » Tue Jun 01, 2004 8:58 pm

maybe i can try it out on the firewall or router..

Pugsley · Post by **Pugsley** » Tue Jun 01, 2004 9:53 pm

well cahnces are if whatever is spamming its gonna try and spam everything on the netowrk so you should see packets comming from that machine (the one causing problems) from anywhere on the network.