Program to sniff out packets.. Virus HELP plz

[Guest]

Does anyone know of a program that scan detect which computer is trying to
flood my network with packets.

I have a server and 80 nodes. I have been informed by the person that
controls the firewall that there are viruses on my network. They believe that
one machine in particular is trying to flood the network with packets and is
crashing the firewall.

I run Sophos enterprise, but this version is a bit flaky and out of date.

Because of the high volume of packets being transmitted, many of the
computers can’t connect to the network.

So

Can anyone suggest a good program that can tell me which machine is sending
out these high amounts of malicious packets?

Your help is greatly appreciated.

ppls

 

[Herb Martin]

Does anyone know of a program that scan detect which computer is trying to
flood my network with packets.

Depends on precisely what you man by "which" computer
but the likely most useful first ideas include:

1) Included (with WinNT+) server: NetMon
(free version only shows packets to/from server on
which it runs however -- SMS version shows more)
2) Ethereal (free, open source)
3) WinDump (free, open source)

And probably best for what you seem to want: Snort (and the Windows
specific port WinSnort).

I have a server and 80 nodes. I have been informed by the person that
controls the firewall that there are viruses on my network. They believe
that
one machine in particular is trying to flood the network with packets and
is
crashing the firewall.

Then they likely have the IP or Mac address already.

Ask for that.

I run Sophos enterprise, but this version is a bit flaky and out of date.

FProtect is virtually free ($4 or less per computer for 80 nodes) and
just as good (better really) with one exception: Has no enterprise
management console but once installed they will auto-update so you
probably don't need it.

There is also the free ClamAV and Windows specific ports of it.

Because of the high volume of packets being transmitted, many of the
computers can't connect to the network.

Then it is trivial to put a monitor (see above) on the line and
figure out which computer.

Snort is far more capable (and likely more complicated) than you
need since it is about WARNING you of such attacks even when
you don't already know they are underway.

So

Can anyone suggest a good program that can tell me which machine is
sending
out these high amounts of malicious packets?

Any netmon/packet analysis program (see above) can find such
machine trivially.

Your help is greatly appreciated.

 

[Guest]

As Herb mentioned, use Ethereal or Win Network Montiro on a machine that is
on the same subnet.

Your firewall person should be able to tell you what's going on if it's
causing him to crash...???

Good luck.

 

[Herb Martin]

As Herb mentioned, use Ethereal or Win Network Montiro on a machine that
is
on the same subnet.

Your firewall person should be able to tell you what's going on if it's
causing him to crash...???

ESPECIALLY if the firewall folks indcicated:

"They believe that one machine in particular..."