I've been running Netprobe 0.5 on the network round the clock to monitor the system. Here's my story: Our company uses a proxy server and we have a firewall at the gateway of our network. This firewall has a monitoring program of its own. Recently, it reported that a certain IP address on the network suddenly ate up a huge amount of bandwidth that day. So I checked Netprobe to find out at what particular time of the day did the user access the Internet. According to Netprobe, the user never accessed the Internet. And its activity did not even reach 500kb! How is this? Why is there such a discrepancy between the two measuring software?
Perhaps the computer running Network Probe is connected to a switch? It must be connected to a SPAN port, or a hub connected in front of the switch. Otherwise it will only pick up broadcast/multicast traffic.
The computer running Network Probe is the proxy server itself. Below it is the switch that connects it to the rest of the network. Here's the thing: I am able to monitor the network well. I tested it. I tried to download lotsa stuff from the Internet using this PC and it registered on Network Probe. What I don't understand is that Network Probe did not detect communications between one particular computer in the network and the proxy server. But the firewall diagnostics registered it consuming huge bandwidth at one particular time. Why is this?
Please note that versions prior to 1.0 of Network Probe contain some protocol decoding bugs. Basically they had problems distinguishing between source and destinations ports if both source and destination were above port #1024. Do you know which destination protocol this particular conversation was using?
Versions from 1.0 are more reliable, so I recommend you try the latest version. All features are enabled for one week.
I understand. I have yet to check on the port number of the conversations. But if you say that the source of the problem is the inherent bugs of the program, I guess an upgrade would be the best solution to the problem. I'll look into the matter and feedback the results.