Wireshark · Wireshark-users: Re: [Wireshark-users] finding the smoking gun for traffic spikes

Wireshark-users: Re: [Wireshark-users] finding the smoking gun for traffic spikes

Date: Mon, 18 Jul 2011 09:46:02 -0300

Anyone know how I easily find unknown unicast flooding?

The only way I can think of how to do it would be to search the IO
graphs for bursts, then look at the MACs / IPs during those bursts,
and then try to compare those to a list of known good IP / MAC
addresses on the L2TP tunnel segment at that time.

I was hoping that there would be an easier way to filter out for it
rather than going through all of these steps.

Follow-Ups:
- Re: [Wireshark-users] finding the smoking gun for traffic spikes
  - From: Kevin Cullimore

References:
- [Wireshark-users] finding the smoking gun for traffic spikes
  - From: Rogelio
- Re: [Wireshark-users] finding the smoking gun for traffic spikes
  - From: Rogelio
- Re: [Wireshark-users] finding the smoking gun for traffic spikes
  - From: David H. Lipman

Prev by Date: Re: [Wireshark-users] finding the smoking gun for traffic spikes
Next by Date: [Wireshark-users] CVE-2011-2597
Previous by thread: Re: [Wireshark-users] finding the smoking gun for traffic spikes
Next by thread: Re: [Wireshark-users] finding the smoking gun for traffic spikes
Index(es):
- Date
- Thread