Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need to Track Broadcasts over network. 2

Status
Not open for further replies.

Georules

Technical User
Jul 13, 2000
17
US
The network I am working for has some old computers and I am afraid that some computers are broadcasting constantly and slowing down the network.  Does anyone have any tips for tracking down these offenders using the TCP/IP or NetBUI protocols?
 
I think you would need a packet sniffer to do it that way.&nbsp;&nbsp;At least 1000.00<br><br>You could do it the old fashioned way.&nbsp;&nbsp;Either bring your machines up one at a time until the packet strom starts, then you know the offender.&nbsp;&nbsp;Otherwise disconnect you most suspisicous machines one at a time.&nbsp;&nbsp;Tedious but it can work, depending on what exactly is causing the storm. <p> Jeff<br><a href=mailto: masterracker@hotmail.com> masterracker@hotmail.com</a><br><a href= > </a><br> Of all the things I've lost in life, I miss my mind the most ...
 
Well, if your running Netbeui it is all about broadcasting. Rid yourself of that protocol if possible. If you have manageable internetworking devices, i.e. - switches, routers, repeaters..then you can view the stats on the individual ports of these devices to see who creates all the traffic. Depending on how your network is configured and segmented the broadcast traffic shouldn't pass through a router, you could then isolate the broadcast traffic to a certain segment and then monitor from that point.<br> <p>Doug<br><a href=mailto:dxd_2000@yahoo.com>dxd_2000@yahoo.com</a><br><a href= > </a><br>
 
I would do that the 'old fashioned' way, but I am talking about about 100 computers spread over different buildings.&nbsp;&nbsp;I am currently doing what dxd has suggested, but I was wondering if there was a program of some sort that could do this faster.
 
If you want software, you're back to packet snifffer programs.&nbsp;&nbsp;The cheapest one I know of is about 1000.00 plus the cost of a PC to put it on. <p> Jeff<br><a href=mailto: masterracker@hotmail.com> masterracker@hotmail.com</a><br><a href= > </a><br> Of all the things I've lost in life, I miss my mind the most ...
 
I concur, if you have no need for NB, remove it from the stack. NB is fine for home Networks, or even Networks under 30 users, but it is just plain being lazy for using it on anything higher.&nbsp;&nbsp;A tool you say?&nbsp;&nbsp;Yes its called Sniffer Pro and you can get it from Mcafee.&nbsp;&nbsp;Net Xray was way better but since Mcafee bought them, we are stuck with the new watchamajigs and dohickeys that are totally useless. However the ability to watch your network talk away is still there. You might even try Winfiles.com for a few shareware products too. <p>The Geek<br><a href=mailto: > </a><br><a href= > </a><br>Dont be afraid to share what you know. There are no losers in our arena, only self rightous monkeys atop their own tree.
 
Thanks for the tip on NetB. <br><br>I might have to do this stuff the slow way, as I am not certain they are willing to spend so much money on this small project I am on.<br><br>What about NetMonitor?&nbsp;&nbsp;Can that 'packet sniff'?&nbsp;&nbsp;If it can, could you explain what I should do? <p>Geo Miller<br><a href=mailto:Georules@onebox.com>Georules@onebox.com</a><br><a href= > </a><br>
 
You do not want to capture packets. You want to watch your traffic on the network.&nbsp;&nbsp;Again try Winfiles.com for shareware tools or explain to your company that you are an intelligent System Enginner and you need certain tools throughout your career to aid in network management and perfection :), if they say no, simply smile and tell em to find a lackey that doesnt care about the LAN and its future performance!&nbsp;&nbsp;&nbsp;<br><br>PS- You can demo Sniffer Pro for free, this will give you the time needed to watch your traffic :) <p>The Geek<br><a href=mailto: > </a><br><a href= > </a><br>Dont be afraid to share what you know. There are no losers in our arena, only self rightous monkeys atop their own tree.
 
I haven't tried this one yet, but I just saw mention of it.&nbsp;&nbsp;You can download a trial version of CommView at <A HREF=" TARGET="_new"> shareware and only costs 49.00.&nbsp;&nbsp;Might help you.<br><br>By the way, I agree with everyone else here:&nbsp;&nbsp;unless you have a specific need for NetBeui, get rid of it.&nbsp;&nbsp;1. it broadcasts like crazy.&nbsp;&nbsp;2. Less protocols is always better. <p> Jeff<br><a href=mailto: masterracker@hotmail.com> masterracker@hotmail.com</a><br><a href= > </a><br> Of all the things I've lost in life, I miss my mind the most ...
 
Why don't I want to 'capture' packets?&nbsp;&nbsp;Can Net Monitor display MAC or IP addresses for me when computers broadcast?&nbsp;&nbsp;That would be helpful if it could.&nbsp;&nbsp;I will try to persuade them to pay for somethign better, but if Net Monitor could help a little, it would be better than nothing.<br><br> <p>Geo Miller<br><a href=mailto:Georules@onebox.com>Georules@onebox.com</a><br><a href= > </a><br>
 
From what you have told us, TCPIP packet loss, destination issues, Layer issues, Message issues etc... is not the issue. That is what packet capturing does.&nbsp;&nbsp;All you are asking us is how to browse which computer either by MAC or IP is doing what.&nbsp;&nbsp;That is what a Traffic Map will show you.<br><br>It was called a Matrix View on Net Xray,,not sure what Sniffer Pro calls it. Trust me I wouldnt #$@! you.&nbsp;&nbsp; <p>The Geek<br><a href=mailto: > </a><br><a href= > </a><br>Dont be afraid to share what you know. There are no losers in our arena, only self rightous monkeys atop their own tree.
 
Well, thanks man.&nbsp;&nbsp;You have helped a lot.&nbsp;&nbsp;Hope I can do the same for you one day. heh.&nbsp;&nbsp;Thanks again.<br><br>Geo <p>Geo Miller<br><a href=mailto:Georules@onebox.com>Georules@onebox.com</a><br><a href= > </a><br>
 
Hi ALL,

I am very new to this Solaris System Adminstrator Area. Please guide me in finding solution to this problem. We have Solaris Sparc 5.8 machine.

I need a solution or utility which tracks or logs the
IP Address of all remote machines which connects to my Solaris Machine.

A User can connect to my machine using Telnet, FTP, scp, sftp or ssh services.

Please guide me how to solve this problem.

Thanks & Regards,
Vasu

 
Vasu, I see that you have posted to several other posts with the same question. That is bad netiquette.

However, all that you need to do is enable logging for inet and ssh. You can set logging such that all connection requests are written to your logs.

BTW, I would disable Telnet and FTP unless they are ABSOLUTELY necessary. Both protocols send username/password in clear-text and can easily be captured by someone interested in using your server as a launching point for more significant attacks.


pansophic
 
Hi Pansophic,

Thanks a lot for your valuable advice. Your timely help is appreciated.

Thanks & Regards,
Vasu
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top