You could mirror all traffic to your machine (would need access to your
main router and the switches leading up to your machine) and run a
sniffer for about 10 minutes. When you think you've collected enough
information stop the sniffer and run an analysis on it (sniffers you pay
for would have decent analyzers, not sure how ethereal's is). The
analysis should show which machines are creating what % of traffic. Or
instead of analyzing you could manually look for which machine is
creating a ton of packets.
Hope this helps
Jeff Lasman wrote:
> This stuff always drives me crazy...
> One of our clients writes:
> We have a high amount of incoming data (green on the graph) - can we
> tell what this is? It seems very constant!
> He's writing about an mrtg graph average of 300 gbps.
> Any easy way (on linux) to tell where the traffic is coming from?