Main > Everything Else

Port scanning/network traffic software

(1/5) > >>

CCM:
Anyone know of any good network traffic monitoring software?  I work at a small company and by default I became the network guy, which is scary because I'm a programmer and anything I know about the network side is what I've picked up on my own.  I guess working at a small company you gotta wear different hats.

Anyway,  we got an email form our ISP saying that there were over 7000 connections coming from our office, all on port 22 (SSH).  Considering there are only 6 people in our office, this seems a little high to say the least.

I have everyone updating virus defs and running scans, but I was wondering if there is any free software out there that I can run that will tell me what is using port 22?

Thanks!

lokki:
Try

http://www.ethereal.com/

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Ports_0_to_1023
http://www.auditmypc.com/port/tcp-port-22.asp
http://www.auditmypc.com/port/udp-port-22.asp

ChadTower:

--- Quote from: CCM on December 20, 2007, 12:02:58 pm ---Anyone know of any good network traffic monitoring software?  I work at a small company and by default I became the network guy, which is scary because I'm a programmer and anything I know about the network side is what I've picked up on my own.  I guess working at a small company you gotta wear different hats.

Anyway,  we got an email form our ISP saying that there were over 7000 connections coming from our office, all on port 22 (SSH).  Considering there are only 6 people in our office, this seems a little high to say the least.

I have everyone updating virus defs and running scans, but I was wondering if there is any free software out there that I can run that will tell me what is using port 22?

Thanks!

--- End quote ---


Don't be surprised if you discover someone running 95% of them via p2p sharing.

Do you have wireless running?  What is within range of your wireless signal?  A lot of people, when they discover a wireless network they can get into, will use it to snake bandwidth.

CCM:
We're not running wireless.  We do have one employee that uses a VPN tunnel to connect to an office out of state, other than that, nothing too fancy going on.

ChadTower:

I'd say first thing to do is focus on that VPN tunnel and the client using it, given that the ISP says it's all coming through port 22.  Standard deep adware/spyware/virus sweeps and do a registry check to see if any of the usual p2p softwares have been installed.  Many employees will deny stuff like that when the traffic reports hit the fan and think they can just uninstall an app and not get caught.

Another approach, since you only have 6 people and presumably that means less than 20 machines, would be to stay in real time contact with someone at your ISP that can see your stats.  Disconnect each client from the network one at a time.  Eventually you'll hit the one that is making all of that chatter.  Admittedly that is assuming it's all coming from one or two specific clients and it's not a distributed problem.

Navigation

[0] Message Index

[#] Next page

Go to full version