Hi folks, With this latest round of MS worms infecting then port scanning and the occasional user trying to port scan networks from the inside, what tools are out there to identify which IP addresses are doing most of the traffic once the network becomes a little clogged?
I've tried IPtraf, but that doesn't show (that I know of) traffic sorted by Ip and volume (it does do MAC addresses, but that doesn't help with switches etc in between). Arpwatch will show fake IP headers, snort does work, but takes a while to set up. In the end, using Ethereal and sorting by source was the answer. That, however is a fairly manual process, so not the best. So, what tools do you folks use? Any suggestions as to what to try? TIA Al -- Al Sheppard Support Centre Consultant, Information Technology Services, Lincoln University Email: [EMAIL PROTECTED] Phone: +64 3 325 3838 extn. 8996
