Re: Suspicious activity on the wire
--- Rod Waldren <rjwaldren@yahoo.com> wrote:
> Is there a package available will easily (for a
> beginner/novice) identify
> virus, trojan and D-O-S activity on a network? I'm
> thinking along the
> packet capture line such as TCPdump with prebuilt
> filters for common
> threats.
>
> Any advice would be appreciated. Unfortunately, I
> don't have time to
> experiment and learn how to track it down right
> since this system is in use
> 24x7, except for when the entire system dumps each
> night (always within the
> same ~2 hour window).
>
> Here the situation...I have three subnets with 24
> workstations each. Each
> subnet has a server to provide a lookup DB to the
> workstations in that
> subnet. The subnets are switched and also
> physically connected for
> flexibility and administration. This is private LAN
> that is that is
> serially connected to 9 other remote private LAN's.
> Each night a subnet
> will start having lookup timeouts that quickly
> worsen and spread to effect
> the other subnets. Broadcast traffic goes through
> the roof according to
> netstat and the switches but without an analyzer the
> source can't quickly be
> identified. Rebooting the systems fixes it but
> leaves no time to
> troubleshoot. So I hope to be able to watch the
> wire from a box to track
> this down.
In deed tcpdump is a very good option, when I have
problems of the kind I use tcpdump, ettercap(have a
lot of options) and snort. Also try iptraf for
simplicity of use.
Hope this help
Regards.
--
Sergio Basurto J.
If I have seen further it is by standing on the
shoulders of giants. (Isaac Newton)
--
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Reply to: