Where is incoming traffic coming from?
drew einhorn
drew.einhorn at gmail.com
Sun Aug 2 16:17:23 UTC 2009
What's upstream from the box that's receiving the mystery traffic?
There are are several ways to monitor the traffic before it gets to your
box.
1) if the upstream box is a managed switch you can "mirror" the traffic
to a spare port,
2) if you have an old ethernet hub (not a switch),
you can put between the upstream box and the
box getting the mystery traffic.
3) you can build an ethernet tap.
http://enigmacurry.com/category/electronics/
4) if you have a spare box you can stick two ethernet cards into,
you can manually configure a bridge using command line tools,
or just install one of many linux based router distributions.
5) There may be other options depending on what the
current upstream box is.
Once you have a hardware configuration
that supports capturing all the traffic,
before it gets to the firewall filters that
drops the traffic before you see it,
then you can use wireshark to analyze the traffic,
or, if the box capturing the traffic is not running X,
you can use tcpdump to capture a binary file first,
then ftp it to a box with x and a wireshark.
--
Drew Einhorn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090802/1bb2d596/attachment.html>
More information about the ubuntu-users
mailing list