At 10:23 AM 2/27/02 -0600, Brian wrote: >As our network grows and our laziness takes over, bad things start to >happen. We're running in a Novell/NT hybrid environment and we've >isolated down some issues that we think equates to some nasty congestion >on the network. When 8:00 hits, the network slows to a crawl in parts of >the net. > >I'd like to set up a linux laptop to watch our network for some things >that should not be. Specifically: > >Protocols (shouldn't be anything other than TCP/IP and IPX) >Frame types (Ethernet 802.2 only) > >What software would you suggest using for such a project? I know linux >kicks Microsoft where it hurts when it comes to tracking down these >problems, but I don't know what applications to use. I would set up the laptop with Linux and a Gnome desktop, and run etherape to get a visual picture of busy protocols and hosts. Then I'd use ethereal to grab packets and look at frame types and protocols in more detail. If ethereal craps out (as it does sometimes) then tcpdump gathers the same info, just not as easy to read or filter. If your network has Cisco routers, then MRTG does a great job of graphing traffic over time. You could narrow down busy segments that way. Alternately, ntop also does a decent job of displaying network traffic, and can do so via a web page. Am thinking a TCLUG session on packet sniffing would be interesting. -- Carl Patten