Try adding "ether host ff:ff:ff:ff:ff:ff" to the end of your NTOP command line. This will collect all traffic to and from a broadcast address. This should make it simple to looking your Stats/hosts lists for the offender. Also, look in icmpWatch for bogus icmp packets to see if you have a CodeRed or Nimda host on your wire.
-- J. Eric Josephson Director of Network and System Operations 978-720-2159 mailto:[EMAIL PROTECTED] Scott Hebert <scoheb@yahoo To: [EMAIL PROTECTED] .com> cc: Sent by: Subject: [Ntop] Determining whose sending Broadcast packets ntop-admin@un ipi.it 10/17/2001 11:55 AM Please respond to ntop Hi, Someone on my network seems to be sending a large amount of data to all systems on a particular segment. In Linux, while running knetload, we all see a constant 8000 KB/s coming in. I believe there's probably an errant application, broadcasting like crazy, running on a server. What's the best way, using ntop, to determine which machine is the culprit ? Thanks SH __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
