Hi,
I am not sure if this is the right forum to ask but I hope somebody could provide me some tips.
Our core router is getting occasional outbound spikes (see graph below)
and my big guess is we have a compromised wks/or server.
My plan is to unplug the core router's eth0 from the switch and plug it into a cascaded hub, together w/ a sniffer. I hasn't tried this method yet but I do hope the sniffer will nail down the source. I am using eEye sniffer.
Does anyone have a better suggestion on how to track down the source or the cause of the outbound spikes?
Thanks in advance,
Khan
I am not sure if this is the right forum to ask but I hope somebody could provide me some tips.
Our core router is getting occasional outbound spikes (see graph below)
and my big guess is we have a compromised wks/or server.
My plan is to unplug the core router's eth0 from the switch and plug it into a cascaded hub, together w/ a sniffer. I hasn't tried this method yet but I do hope the sniffer will nail down the source. I am using eEye sniffer.
Does anyone have a better suggestion on how to track down the source or the cause of the outbound spikes?
Thanks in advance,
Khan