asked on

Detect where traffic is coming from on my network?

Hi all,
My ISP is complaining that malicious (viral) traffic is coming from our IP address against other ISP clients, on port 139 and 445. I have since obtained a much better router, through which I can lock down this traffic from leaving the network. However, that being a great solution for the Internet, it is a band-aid solution as far as the source of the infection is concerned. I probably won't have a problem dealing with the malware, but I need to find it, and it's a large network - well, it's only 30 computers spread over a large area, but it's still a needle in a haystack. My ISP has sophisticated equipment to detect this stuff, but does anyone know of any reasonably priced or free tools with which I can scan and detect such traffic or something serving this stuff on my LAN, without having to go to each and every PC? This is something I should probably deal with quickly, so it is fairly urgent - thanks.

ASKER CERTIFIED SOLUTION

andyhud

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

GSI Guy

ASKER

Does the traffic that I'm trying to detect have to be coming from or to the computer running ethereal? If so, I don't have a proxy server. I need something that can stand as a third party and detect if another computer (and which one) is sending certain traffic through the router. Please advised. Your effort is appreciated.

andyhud

No mate, you install it on one machine and it can sniff the entire lan.

Andy

GSI Guy

ASKER

Sweet. I'll look into it. Anyone else use anything helpful like this?

SOLUTION