Someone earlier was asking for ways to monitor AudioGalaxy traffic. 02/21-14: xxx.xxx.xxx.xxx:2190 -> 64.245.58.230:21 TCP TTL:127 TOS:0x0 ID:55423 IpLen:20 DgmLen:45 DF ***AP*** Seq: 0x595495 Ack: 0xC3A358DA Win: 0xFD40 TcpLen: 20 45 5F 00 03 05 E_... Looks like lots of AG clients do keep alives with that packet. Notice that it uses FTP ports just like most IM clients. Set up an outbound filter for the AG subnet. Or, if you're running Snort or IPChains: alert tcp $HOME_NET any -> 64.245.58.0/23 any (content:"|45 5F 00 03 05|"; offset: 0; depth 5; msg:"Audio Galaxy keepalive?") ..should give you a good idea of machines doing audiogalaxy if you want to see who has it installed. If you work at a school, you have probably the problem of tracking hoggish users. You might want to try out http://ipaudit.sourceforge.net to find bandwidth hogs. It's designed for that :-) Sam Sylar Sr. SysAdmin/GCIA ERAC Network Services (314) 512-2989 [EMAIL PROTECTED] [EMAIL PROTECTED] --------------------------------- Give me ambiguity, or give me something else. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
