From owner-freebsd-isp  Sat Nov 15 00:50:21 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id AAA08451
          for isp-outgoing; Sat, 15 Nov 1997 00:50:21 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from netdev.comsys.com (netdev.comsys.com [192.94.236.100])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA08446
          for <freebsd-isp@FreeBSD.ORG>; Sat, 15 Nov 1997 00:50:18 -0800 (PST)
          (envelope-from alex@comsys.com)
Received: from neisse.comsys.com ([204.202.49.58]) by netdev.comsys.com (8.8.5/8.6.9) with SMTP id CAA11060; Sat, 15 Nov 1997 02:02:48 -0700 (MST)
Reply-To: "alex huppenthal" <alex@comsys.com>
From: "alex huppenthal" <alex@comsys.com>
To: "Ernie Elu" <ernie@spooky.eis.net.au>, <freebsd-isp@FreeBSD.ORG>
Subject: Re: Traffic monitoring
Date: Sat, 15 Nov 1997 00:41:17 -0800
Message-ID: <01bcf1a2$3d472540$3a31cacc@neisse.comsys.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I've seen children pinging broadcast addresses from a variety of sites.
Welcome to
the Internet ala CB Radio traffic from the 70s.

Try
>> tcpdump net 255

 That'll give you a dump of the source. You might see some valid RIP
messages
occasionally, but if it is the trash I see periodically, it'll be something
like

00:35:21.220035 den-co5-06.ix.netcom.com > 255.255.255.255: icmp: echo
request
00:35:22.351393 den-co5-06.ix.netcom.com > 255.255.255.255: icmp: echo
request
00:35:22.945241 den-co5-06.ix.netcom.com > 255.255.255.255: icmp: echo
request

--- pure pollution.

We send the trash up the to the next link.

There are many other approaches to locating the criminal.

-----Original Message-----
From: Ernie Elu <ernie@spooky.eis.net.au>
To: freebsd-isp@FreeBSD.ORG <freebsd-isp@FreeBSD.ORG>
Date: Saturday, November 15, 1997 12:31 AM
Subject: Traffic monitoring


>I am trying to monitor out internet traffic to figure out what is causing a
>sudden increase over the last couple of days which Inoticed on an mrtg
graph for
>the router.
>
>I have tried trafshow but I can't pick anything odd from it. What I need is
>something that will keep a running totals of traffic to each of the
>addresses in our class-C's.
>
>Any suggestions?
>
>- Ernie.
>