On our network, we had a machine with a virus that was
flooding our gateway with some type of requests. It
slowed our web connection to a trickle. I had hoped
to use Ethereal to troubleshoot this problem and find
out what was happening on the network. When that
didn't work for me, I finally discovered the "show ip
nat translation" on the cisco router and that pointed
out the machine that the requests were coming from.
Could there have been a way to find this problem using
ethereal in our current configuration ?
Thanks !
Message: 13
Date: 01 Jun 2005 11:36:10 +0200
From: Jens Link <lists@xxxxxxx>
Subject: Re: [Ethereal-users] lan configuration for
ethereal
To: Ethereal user support
<ethereal-users@xxxxxxxxxxxx>
Message-ID: <87ekbmto51.fsf@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
Ulf Lamping <ulf.lamping@xxxxxx> writes:
> I don't know a lot about small companies, but hubs
are not used very
> often today, as switches usually provide better
throughput (and hubs
are
> difficult to get now).
Last time I checked small switches where cheaper than
(DUAL Speed)
HUBs.
> Usually, you'll use Ethereal to track down problems.
I that case,
you'll
> might already have an idea which hosts are involved
and therefore can
> select the "right" port to capture from.
Well I usually start with something simpler, like
checking the
interface
statistics of a switch or computer or just a good old
fashioned ping.
There are some problems you can't find with Ethereal
(like a duplex
mismatch between a switch and a server) and some
problems you can't
find
without Ethereal (e.g. A client takes about 20min. to
login to a W2K
server because a router *dropping* port 135/tcp.)
It needs some experience to choose the right tool for
the job.
Jens
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com