Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] finding the smoking gun for traffic spikes

From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Mon, 18 Jul 2011 07:12:15 -0400
From: "Rogelio" <scubacuda@xxxxxxxxx>

> On Sun, Jul 17, 2011 at 11:00 PM, Rogelio 
> <scubacuda@xxxxxxxxx>
> wrote:
>> I've got several L2TP tunnels hitting a Cisco 7201 and am trying to
>> use Wireshark to determine what inside my tunnel responsible  queue
>> drops on one of interface responsible for the L2TP termination. I
>> inserted a Wireshark laptop in a hub between  the LAC and the LNS, and
>> I got a good 24 hour sniff of L2TP traffic.
>
> Looks like I've found a good clue!  Out of one big file (200 MB, about
> 38,000 seconds), I see that 336 / 528 MBs is "ip.dst ==
> 239.255.255.250" !

Universal Plug 'n Play (uPnP) traffic.



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp