Customer login  |   Contact us
Home Company Products Support Purchase
Forum Home » Network Probe

Topic: certain discrepancies
Replies: 4   Pages: 1   Last Post: Jan 11, 2005 4:51 AM by: Enoch Silvers »


Back to Topic List Back to Topic List Topics: [ Previous | Next ]
Replies: 4   Pages: 1  
Enoch Silvers
certain discrepancies
Posted: Jan 5, 2005 1:42 PM
  Reply

I've been running Netprobe 0.5 on the network round the clock to monitor the system. Here's my story: Our company uses a proxy server and we have a firewall at the gateway of our network. This firewall has a monitoring program of its own. Recently, it reported that a certain IP address on the network suddenly ate up a huge amount of bandwidth that day. So I checked Netprobe to find out at what particular time of the day did the user access the Internet. According to Netprobe, the user never accessed the Internet. And its activity did not even reach 500kb! How is this? Why is there such a discrepancy between the two measuring software?

Eivind Pedersen

Posts: 471
From: Oslo, Norway
Registered: Jun 11, 2002
Re: certain discrepancies
Posted: Jan 6, 2005 1:28 PM
  Reply

Perhaps the computer running Network Probe is connected to a switch? It must be connected to a SPAN port, or a hub connected in front of the switch. Otherwise it will only pick up broadcast/multicast traffic.

Enoch Silvers
Re: certain discrepancies
Posted: Jan 6, 2005 2:12 PM
  Reply

The computer running Network Probe is the proxy server itself. Below it is the switch that connects it to the rest of the network. Here's the thing: I am able to monitor the network well. I tested it. I tried to download lotsa stuff from the Internet using this PC and it registered on Network Probe. What I don't understand is that Network Probe did not detect communications between one particular computer in the network and the proxy server. But the firewall diagnostics registered it consuming huge bandwidth at one particular time. Why is this?

Eivind Pedersen

Posts: 471
From: Oslo, Norway
Registered: Jun 11, 2002
Re: certain discrepancies
Posted: Jan 7, 2005 10:43 PM
  Reply

Please note that versions prior to 1.0 of Network Probe contain some protocol decoding bugs. Basically they had problems distinguishing between source and destinations ports if both source and destination were above port #1024. Do you know which destination protocol this particular conversation was using?

Versions from 1.0 are more reliable, so I recommend you try the latest version. All features are enabled for one week.

Enoch Silvers
Re: certain discrepancies
Posted: Jan 11, 2005 4:51 AM
  Reply

I understand. I have yet to check on the port number of the conversations. But if you say that the source of the problem is the inherent bugs of the program, I guess an upgrade would be the best solution to the problem. I'll look into the matter and feedback the results.



© 1998-2018 ObjectPlanet, Inc. Øvre Slottsgate 5, 0157 Oslo, Norway Tel (+47) 2233 3360 | Fax (+47) 2233 3361