Advertisment
How-Tos

What's up on your Network?

author-image
PCQ Bureau
New Update

Why Internet access is so slow today?Why do simple file transfers take ages? Of the many, some reasons may be heavy Internet downloads, huge file transfers, online gaming and malware programs. When this happens, you need to figure out the source of the traffic and then determine what kind of traffic is it to put a stop to it. While the former is easy to do, it is the latter that's difficult. Here, we'll tell you how to monitor your network's traffic usingapacket-capturingandprotocol-analyzing utility called Ethereal. We'll show you how to detect all the activities on your network using some advanced techniques in Ethereal. A simple packet-capture sequence using Ethereal tells you a lot about what's happening. Installing it is pretty easy, but remember to install Winpcap first, else Ethereal won't capture packets. Install it on a machine that receives traffic from the entire network, such as your Internet gateway or proxy server.

Advertisment
Direct

Hit!

Applies to: Network administrators

USP: Use

Ethereal to analyze your network's traffic

Primary link: www.ethereal.com 
Google keywords:

 Ethereal
On PCQEssential CD: Network\Ethereal

Launch Ethereal, and choose Capture>Interfaces. It shows packets flowing across all network interfaces on your system. Click on the appropriate Capture button

Launch Ethereal, and choose Capture>Interfaces. It shows packets flowing across all network interfaces on your system. Click on the appropriate Capture button
You also get to know which IP address (source) is communicating with which (destination) and using what protocol
Statistics menu summarizes the capture sequence. Use it to find which nodes are generating the maximum traffic
Note that the highest number of packets (503) has been



exchanged between 192.168.3.28 and 192.168.3.1 using Netbios-SSN protocol. Click on Close to return to packets
You can isolate packets protocol-wise by entering expressions in the Filters field. Here we've isolated all SMB packets by typing 'smb'. Click on Clear to remove the filter
Filter the communication between two IP addresses as shown. Next see how they establish this communication
TCP communication is established with a 3-way handshake-, and . So this is valid traffic
Something to worry about. IP 192.168.2.217 is running Gnutella, a P2P client that can eat up your bandwidth 
Another one to look in to! IP 192.168.3.5 is playing games on games.yahoo.com



Anil Chopra

Advertisment