Packet Sniffers

Anyone know anything about packet sniffers? It looks like we have something generating broadcast storms/excessive Internet traffic, and I need to find it, as it is killing our bandwidth. One method is obviously to unplug everything and re-introduce it segment at a time, but that is both time-consuming and highly disruptive.

I know there are products out there which do this (heck, I sold them for a little while!), but don't really know where to start analysing the data which they return - are they any bluffers' guides or products which are relatively straight-forward to use?

Use wireshark and it will highlight eveyrhitng colour coded. You can spot the broadcasts a mile off and if something is flooding its even more obviois,.

It will show source MAC and IP address which will let you track down the rogue device pretty easy.

we had a hp 2600 shot itself, it was sending out a dhcp request and ignoring the replies and flooding the network with dhcp req's. Found and isolated it pretty promtpt.y

Thanks. Do I need to get a special Ethernet adapter, or will it work on the standard one?

Quote:

---

Originally Posted by enjay

Thanks. Do I need to get a special Ethernet adapter, or will it work on the standard one?

---

Nothing special required... just download and go.

Well, that's progress. When I worked for a company selling these things, we also sold special NICs, something about some NICs not being able to capture packets which are destined to other computers; also had to mess around with port mirroring, as I recall.

You only need to do port mirroring if you are looking for traffic going to/from a specific port, so you may need to set that up on your switch if you need to look at traffic going to the internet or a specific location. If it's general broadcast stuff, every nic will receive it so worth checking that out first.

Okay, that's running - I'll start a new thread with the potential issues it has found...