Page 1 of 1
mass packet sniffer?
Posted: Tue Jun 01, 2004 2:33 pm
by ShibasScotch
I have this bad feeling that one of my 300 comptuers on the domain is spamming. I monitor all the traffic on my mailserver, so I know that it is not comming from there, however, it is comming from the global IP address in my firewall? is there anyway that I can monitor all the outgoing traffic? I have websense setup for filtering, but that is only http and ftp requests mostly... there must be something else that is doing this spamming..
thanks!
Posted: Tue Jun 01, 2004 4:13 pm
by Pugsley
you need a packet sniffing prog. also you need to set the port on the switch to foward all request to it not just the ones bound to that IP. I used to have one but for the life of me i cant find it or remember what it was called... but just look for packet sniffer.
Posted: Tue Jun 01, 2004 6:24 pm
by Busby
Ethereal will work most likely.
Can't remember the site offhand, Google it.
Posted: Tue Jun 01, 2004 7:49 pm
by Pugsley
Originally posted by Busby
Ethereal will work most likely.
Can't remember the site offhand, Google it.
Thats the one i had. it works good.
Posted: Tue Jun 01, 2004 8:26 pm
by ShibasScotch
great thanks !
I had heard of it, I just didnt know if it would work for the whole domain, I will try it out.
Posted: Tue Jun 01, 2004 8:54 pm
by Pugsley
well... if your wohle domain is on switches its only gonna se whats comming in and going out of the computer its on... you need to set a port on a switch to send all traffic (brodcast) like a hub would to see all of the traffic.
Posted: Tue Jun 01, 2004 8:58 pm
by ShibasScotch
maybe i can try it out on the firewall or router..
Posted: Tue Jun 01, 2004 9:53 pm
by Pugsley
well cahnces are if whatever is spamming its gonna try and spam everything on the netowrk so you should see packets comming from that machine (the one causing problems) from anywhere on the network.