Tilted Forum Project Discussion Community - View Single Post

belkins · 11-15-2004, 05:17 PM

"Any way to monitor the whole network without using a computer as a pass-thru?"

One suggestion was to place a sniffer on the router. Good suggestion but it's not necessary.

Assuming you're in a switched environment all switches (the ones I'm familiar with anyway) have the capability allowing you to forward all traffic to one port for just this purpose (it's called a mirrored port).

Once you've forwarded all the traffic to the one port you can then collect the data and open it in whatever protocol analyzer software you choose and see which workstation is chattering away. It's actually pretty easy providing you know what to look for.

You mentioned that it's a "Blaster like virus." Do you know if the virus is Blaster? If it's Welchia you're never gonna get rid of the damn thing unless you shutdown ICMP.

11-15-2004, 05:17 PM	#11 (permalink)
belkins Tilted Location: Salt Lake City	"Any way to monitor the whole network without using a computer as a pass-thru?" One suggestion was to place a sniffer on the router. Good suggestion but it's not necessary. Assuming you're in a switched environment all switches (the ones I'm familiar with anyway) have the capability allowing you to forward all traffic to one port for just this purpose (it's called a mirrored port). Once you've forwarded all the traffic to the one port you can then collect the data and open it in whatever protocol analyzer software you choose and see which workstation is chattering away. It's actually pretty easy providing you know what to look for. You mentioned that it's a "Blaster like virus." Do you know if the virus is Blaster? If it's Welchia you're never gonna get rid of the damn thing unless you shutdown ICMP. Last edited by belkins; 11-15-2004 at 05:23 PM..