cory seligman <[email protected]>
writes:
> Does anyone know of a simple way of showing which of my machines on my home
> network is hogging all my data?
netflow is the right answer (as already mentioned). But I'm too stupid
and lazy for that, so what I generally do is
timeout 5m tcpdump -i wan -w tmp.pcap # on the wrt
wireshark -r tmp.pcap # on a bloated GUI desktop[0]
Then poke around the Statistics menu, in particular IPv4 endpoints and
TCP conversations. Then I have this conversation:
"Hey, <flatmate>, why are you talking to Russia so much?"
"I'm not."
"You are, look."
"WTF, that's not me."
"Looks like your shitty Windows box is a botnet zombie. Fix it."
[0] actually I use tshark -z, but the sentiment is the same.
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
