I need to sniff out irc traffic on my network and view the text...how?

[Goku81]

Hi.
I'm kind of a newbie to this part.... We have a DOS attack running on our network (I'm a student working in our network services department by the way). I suspect that it's using IRC to initiate the attack.... over the weekend our logs captured 1000 connections made via IRC, which is quite high when only a few of us on campus use IRC (our campus is only about 2500 people, and i say only 20 of us tops use mIRC)

i want to sniff the network for irc traffic, and view all the commands being made. What's the easiest way to go about doing this.

Also if I am in the wrong form for this .... where should I direct it?

 

[jgercken]

Download & install Ethereal (POSIX or WinX) and the required libpcap library.

Create a filter for IRC traffic, TCP/UDP port 194, and capture.

Also you obviously need to be able to see the traffic (use a hub or switch w/ monitor(span) port.

-Jeff ----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!