I guess this is the continuation of the last email : )
You need a network sniffer. If you have access to X then ethereal [
http://www.ethereal.com ] is nice. Ethereal also comes with tethereal,
which is a command line sniffer. For the command line tcpdump is
popular. Both ethereal and tcpdump use the same library for their
filters, so the capture filters are the same. In fact I use the tcpdump
man page to write ethereal capture filters.
For example you may need a filters like...
"dst host dns_servername" on your monitor box. If you turn real-time
display on, this will show you all the traffic going to dns_servername.
Would like to get DNS traffic, then you'll need a filter like "dst port
53" or "dst host dns_servername and dst port 53"
Check the tcpdump man page for the entire syntax.
PS. Why are you running routerd?
PS2. And you are running the latest version of Bind, right? IE. did you
patch for the Ramen worm?
-Kervin
System Administrator wrote:
>
> Hi,
>
> I have a machine setup as a secondary DNS server. Basicically it runs
> named, routed, inetd (with virtually no services enabled), and a few
> other MINOR services. ie. now web, no mail, no news, no proxy - nothng.
>
> It runs on linux-2.2.16.
>
> My question is this: Using ntop to monitor my traffic (which is running
> on my primary machine), it says that the secondary DNS server is
> receieving around 385mb of traffic a day. I can't imagine that would all
> be DNS lookups.
>
> How can I tell what the traffic is and where it is originating from?
>
> --
> Are you in business?
> Are you able to be found worldwide?
> Get into the premier online directory for only $52 per year
> Quickpages Business Directories
> http://www.quickpages.com.au/netbiz
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to [EMAIL PROTECTED]
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
