Re: How to start Ethereal capture at network usage threshold?

To monitor bandwidth you must capture ALL packets on the network. Ethereal will
allow you to do just that. You can then plot the bandwidth using built-in
charting.

If you want to monitor between certain times you may need to use Windows Task
Scheduler and write a script or two. Winpcap might be easier in this case.
Windows Server 2003 also comes with a packet sniffer app similar to Ethereal.

<ryanlink@xxxxxxxxx> wrote in message
news:1149282162.150395.34210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

I am trying to sniff out the source of big spikes in our bandwidth
utilization on a private school LAN. XO is the ISP. The gateway is a
Cisco router, behind which is a Netscreen firewall. Two or three times
a day, we are seeing pretty massive network spikes, which occasionally
result in slowdowns or shutdowns of the LAN.

I would like to use Ethereal or some other tool to monitor the packet
flow above a certain bandwidth, but I'm not sure how to go about doing
this. I'm currently running it on a Win2K3 server which is doing DNS
and DHCP, as well as Active Directory. It's a mixed-platform network,
lots of Mac workstations and two Mac servers (one running secondary
DNS).

Main switch is a stack of 4 3Com #C17300 24-porters... I've
successfully used SwitchMonitor to connect to these, but am seeing
nothing unhealthy.

Key point: I'm outsourced IT for this school, so I'm not on-site all
the time. I do have remote access.

Any suggestions? Should I set a timer to capture all promiscuous
packets between 6:30-7am, perhaps, when we often see a spike? How
would I go about doing that?

Thanks,
Ryan



.

Relevant Pages

  • Re: Good rogue ap finder? or...going down the wrong path?
    ... The packets are actually steered using ... switches to isolate sections, and now all you'd hear is broadcasts such ... But we simply monitor all of the switches and the ARP ... a message is sent to Network Operations and the Security Desk. ...
    (alt.internet.wireless)
  • RE: Detecting WAPs
    ... CTS packets.. ... Now...you could, theoritically, monitor the RTS and CTS packets. ... whether or not you have an AP on the network. ...
    (Security-Basics)
  • Re: Trying to monitor wireless trafic
    ... I would like to monitor the network trafic on my home wireless network. ... I would like to monitor which computers are connected, what they are doing, etc. ... I tried using Ethereal, but it sees only the packets issued by the computer it's running on, not the packets exhanged between the access point and other computers of the network. ... If youre using ndiswrapper youre probably out of luck, as most windows drivers dont support monitor mode. ...
    (comp.os.linux.networking)
  • Re: Dumb Win2k network question - remote trafic "viewer"
    ... Network Supervisor I didn't notice any bandwidth monitoring features. ... > Create a graph to monitor HIS network connection, ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: All E-mail Users
    ... We monitor the bandwidth and every time some sends a reply to all e-mail ... users it brings our network down to a craw ...
    (microsoft.public.exchange.admin)