All, The only way you will track this issue down is by being on the router that is on the edge of the network. If this router does not support TCPDump which is what Wireshark relies on. Then you are out of luck. The reason is due to how the l2 translation on the router will occur. If you have Pc1, PC2 directly connect to a router which is on the edge. If PC2 is sending a lot of traffic to the Internet. PC1 will not see this traffic at all. This is why you need to do the TCPDump on the router. If the router does not support TCPDump or have its own form of packet dumping. Then set up a firewall and block everything except for tcp:port 80, 25 and IMAP/POP3. If the issue goes away then you have to start identifying the possible port. A very painful method to work out the issue. Depending on the capabilities of your router. If it can do a range of ports for UDP/TcP. Then start using the range option as it will make things easier. Most home routers done’t do this. If you are using Cisco, then it is really easy by the ACL’s. Sean
On 18 Dec 2016, at 2:26 am, Chris Turner via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> wrote:
Not had to use these on vast networks but personally I use the command line tools Tshark or Tcpdump. That in combination with grep and awk to filter output.
Unfortunately as screen reader users, we just don't get the nice intuitive view of a packet stream that the gui stuff can give someone at a glance. There are other tools like Ntopng which present packet capture information in a webgui.
You probably know but in case not, it matters where you place your sniffing machine too. On a wired network, you want to connect it to a SPAN or Mirror port with the sniffer's interface in promiscuous mode. You could use a old layer 1 hub instead otherwise you have to mess about doing man in the middle njiggery pokery to see all the traffic on the LAN. Unless you're router is linux based, then run the commands on there.
Regards
Chris Turner
On 16/12/2016 16:55, John G Heim wrote:
I use ngrep but that's linux. I haven't used Windows in many years. There are only like eleventy gazillion network tools for linux. I use ngrep because it was the first one I found 20 years ago. I learned it's command line syntax and have been using it ever since. I did track down a problem almost exactly like this many years ago with ngrep. I wrote a perl script thatsniffed packets with ngrep for about 30 seconds and then printed a list of the IP addresses and ports that were getting the most traffic. I can share that perl script but I suspect that by now there are linux network utilities that do it better.
Maybe it's that when you have a hammer, everything looks like a nail but if I had a problem like this, I sure would want to use a linux machine to track it down.
On 12/16/2016 10:32 AM, Steve Matzura wrote:
I have a friend with a big problem. Something is eating his network alive. Could be a computer, could be the modem, in which case a re-flash of firmware will fix it. All his computers are virus- and badware-free, according to up-to-date installations of antivirus and all kinds of anti-badware softwares. Meantime, I thought I'd see what Wireshark is like with a screenreader, test it locally, get my friend to install it, Tandem into that machine, run it, and see what's what. FORGETABOUTIT! Using the JAWS cursor doesn't do much, not even with the OCR feature. There are some tabbable dialogs, or screens that act like they're dialogs, but to kick the thing started, I just cannot seem to get it to start listening and collecting packets and doing its thing with them. I remember using this tool way back when it was EtherNim and thought it was pretty accessible. But that was more than a decade-and-a-half ago, and times (and obviously software) have changed. Anyone got any accessibility hacks for Wireshark, or can recommend another tool that runs on anything--Windows, OS X, some Linux--heck, I'd even run it on a Raspberry Pi if it's accessible!!--that will do the same thing?
Thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins