A couple of months ago, our organization’s network was hit by… something. I couldn’t really tell if it was a DOS attack or “just” a rapidly spreading virus. All I knew was that my DHCP requests were barely getting through, and all other traffic seemed to be being dropped. The cheap ethernet switch I had its activity lights flickering faster than I had ever seen, and for all ports (broadcast packets?).

This made me pretty disgruntled with our network ops(shouldn’t this be stopped at the WAN router), but I didn’t think whining about it would do any good. So I fired up Knoppix, since it has Ethereal built-in, and I obviously didn’t have the connectivity to download a port of it otherwise.

Mind you, I’ve never used Ethereal before, but it seemed like a good chance to play with it. So I had it gather a couple of traces off the network. FYI, 30 second traces were weighing in at around 13MB, so, do the math, and you can get a feel for how much junk was coming through my 10Mbps link. Anyway, I didn’t make a whole lot of sense of it, but if anyone wants to take a peek at one of the traces and email/post-a-comment, s/he is welcome to it.

Download Ethereal trace (.zip)

