Re: [Ethereal-users] lan configuration for ethereal

[B MCC <billmx@xxxxxxxxx>]

On our network, we had a machine with a virus that was
flooding our gateway with some type of requests. It
slowed our web connection to a trickle.  I had hoped
to use Ethereal to troubleshoot this problem and find
out what was happening on the network. When that
didn't work for me,  I finally discovered the "show ip
nat translation" on the cisco router and that pointed
out the machine that the requests were coming from.
Could there have been a way to find this problem using
ethereal in our current configuration ? 

Thanks !



Message: 13
Date: 01 Jun 2005 11:36:10 +0200
From: Jens Link <lists@xxxxxxx>
Subject: Re: [Ethereal-users] lan configuration for
ethereal
To: Ethereal user support
<ethereal-users@xxxxxxxxxxxx>
Message-ID: <87ekbmto51.fsf@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

Ulf Lamping <ulf.lamping@xxxxxx> writes:

> I don't know a lot about small companies, but hubs
are not used very
> often today, as switches usually provide better
throughput (and hubs 
are
> difficult to get now).

Last time I checked small switches where cheaper than
(DUAL Speed) 
HUBs.

> Usually, you'll use Ethereal to track down problems.
I that case, 
you'll
> might already have an idea which hosts are involved
and therefore can
> select the "right" port to capture from.

Well I usually start with something simpler, like
checking the 
interface
statistics of a switch or computer or just a good old
fashioned ping.

There are some problems you can't find with Ethereal
(like a duplex
mismatch between a switch and a server) and some
problems you can't 
find
without Ethereal (e.g. A client takes about 20min. to
login to a W2K
server because a router *dropping* port 135/tcp.)

It needs some experience to choose the right tool for
the job.

Jens

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com