Re: Network Interrogation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

if you are using vlans i'd suspect the ethernet card in the machines that are misbehaving.  for wireshark you probably need to tee the network, or use a spare machine to run the ethernet through (bridged)  and run wireshark on the inserted machine (there are of course taps).  might also monitor the line that comes into the small subnet, assuming you can get the background noise reduced.  might also separate (physically) from the lan when probing it internally.

--
The Power Of the People Is Stronger Than The People In Charge.


5. Sep 2017 06:33 by chris_e_olson@xxxxxxxxx:


> ------------------------------------------------------------------
> A recent update to this protection product has caused it
> to start probing the network for other systems.  There is
> sometimes a message following scans indicating that there
> are other systems on our network that are unprotected. It
> appears that the two systems it is naming are a CentOS 6
> system and the HP printer.
>
> This network probing does not happen with every scan that
> is run by the protection software and we have not been able
> to determine what causes that probing to be initiated. We
> also do not know exactly what is happening over the network
> during the probing activity.  The protection software support
> folks have been no help in figuring out what is going on.
>
> There seems to be no good reason for the probing message to
> name only these two systems. The available printer status
> shows no indication of network traffic associated with this
> probing activity.  The CentOS 6 system also does not indicate
> any related network activity from the system that is running
> the protection software.  We have tried unsuccessfully to
> capture the network probing activity using Wireshark.
>
> Any ideas regarding how to track down what is happening here
> would be greatly appreciated.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux