Ethereal

Re: [Ethereal-users] lan configuration for ethereal
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2005

 

Hansang Bae wrote:
> On 02:50 PM 6/2/2005, B MCC wrote:
> 
>>[snip: virus slamming the GW. Internet traffic slowed to a crawl]
>>I finally discovered the "show ip
>>nat translation" on the cisco router and that pointed
>>out the machine that the requests were coming from.
>>Could there have been a way to find this problem using
>>ethereal in our current configuration ? 
> 
> 
> 
> Sure.  You could have spanned the router's Ethernet port (your GW) and would have seen significant traffic due to the virus.  

If you're trying to track down a virus/worm outbreak across multiple
routers you could also use NetFlow (assuming it's supported on your
hardware).  Since NetFlow runs over UDP you can export each flow to the
workstation or laptop on which Ethereal is running, and Ethereal will
act like an ersatz collector.  Although you won't see the actual packets
generated by the virus or worm, NetFlow packets have enough information
to find scanning activity.

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.