Ping a Specific Port

Question

blsub6

Asked: 2011-02-26 09:49:14 +0800 CST2011-02-26 09:49:14 +0800 CST 2011-02-26 09:49:14 +0800 CST

How do I find out what all this traffic is?

772

I have seen a consistent spike in traffic over my network since Monday morning and I don't know where it's coming from!

I don't have netflow routers (like I would like), I have IPCop firewalls.

Is there any way that's built in to Linux that I can see where the packets are coming from/to? Like a built in packet capture?

If there's not, how do I go about finding where this traffic's coming from?

3 Answers

Voted

Niall Donegan · Answer 1 · 2011-02-26T09:52:05+08:00

Best Answer

Niall Donegan

2011-02-26T09:52:05+08:002011-02-26T09:52:05+08:00

Get SSH access into the IPCop box and run iftop. This should give you a real time view of what's happening.

1

Scott Pack · Answer 2 · 2011-02-26T10:50:26+08:00

Scott Pack

2011-02-26T10:50:26+08:002011-02-26T10:50:26+08:00

Moving forward I would recommend you looking into a piece of software called Argus. It generates flow data, similar to (net|j)flows, by watching either pcap files or a promiscuous network interface.

1

rems · Answer 3 · 2011-02-26T10:01:23+08:00

rems

2011-02-26T10:01:23+08:002011-02-26T10:01:23+08:00

Run tcpdump on your ipcop and you will see where the traffic is coming from and going to, IP addresses and ports.

0

How do I find out what all this traffic is?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?