Mark Oden wrote:
> You could mirror all traffic to your machine (would need access to
> your main router and the switches leading up to your machine) and run
> a sniffer for about 10 minutes. When you think you've collected
> enough information stop the sniffer and run an analysis on it
> (sniffers you pay for would have decent analyzers, not sure how
> ethereal's is). The analysis should show which machines are creating
> what % of traffic. Or instead of analyzing you could manually look
> for which machine is creating a ton of packets.
> Hope this helps
> ~Mark Oden
> Jeff Lasman wrote:
>> This stuff always drives me crazy...
>> One of our clients writes:
>> We have a high amount of incoming data (green on the graph) - can we
>> tell what this is? It seems very constant!
>> He's writing about an mrtg graph average of 300 gbps.
>> Any easy way (on linux) to tell where the traffic is coming from?
If you just want to know general statistics and you have Cisco gear or
an OpenBSD router, you could use netflow to gather information about the
traffic stream. Once you identify the source of the traffic, you can use
more specific means, like Ethereal or a commercial sniffer, to get
details on what the traffic actually is. Here are a couple articles I
found useful in setting up netflow on my network devices.