?
Solved

Wireshark Emergency Trouble

Posted on 2011-02-28
4
Medium Priority
?
419 Views
Last Modified: 2012-05-11
My boss is asking me to use Wireshark to check why one of our sites is accessing the internet slowly within the last month, and why we are getting email alerts stating that the sites inbound traffiic on interface 'Serial 0/0 is to high at odd hours and even on the weekend when there's barely people at that site access the network.

I need a quick crash course on how to troubleshoot using wireshark....step by step if possible. I barely have 24 hours to get this right...I'm going to the site tomorrow and I'm lost.

I have it installed on my Windows XP laptop...
0
Comment
Question by:bernardb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
Rhyseh earned 1200 total points
ID: 35003289
0
 
LVL 9

Assisted Solution

by:tjdabomb
tjdabomb earned 400 total points
ID: 35003315
its not too hard, start it on your NIC interface, let it run during a period in which you think there is "bad traffic" and then analyze the results  - it's pretty easy to use.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 400 total points
ID: 35003371
Wireshark will more than likely not give you much information you will need in a timely fasion.

You need an application that will be able to give you your top n talkers based on traffic, protocol, etc
Youcvould use an application such as ntop;

http://www.ntop.org/overview.html

Download  a livecd:
http://slampp.abangadek.com/info/

Or if this is a Cisco router, you can use IP accounting to give you an idea:

int ser0/0
ip accounting

show ip accounting

then if you are using nat, you will need to determine the IP address that is sending allot of packets and then cross reference via the NAT table.

Billy

0
 

Author Closing Comment

by:bernardb
ID: 35029758
Thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question