If I wanted to minimize senseless or useless traffic on my network what kind of traffic would I look for and what are some good wireshark filters to find this traffic? Basically I would like to make the ethernet pipes clean for all the good traffic flowing through. I realize this seems pretty general, as with varying types of networks types of traffic may be deemed good or bad. Just trying to get a general idea of what others look for. Any help or offered experience would be helpful, thanks asked 10 Apr '15, 20:13 zer0day |
2 Answers:
There is probably no easy answer for this. One thing could be do get rid of all obsolete protocols, like AppleTalk, IPX, etc, but this is not what I'd call network performance tuning. It's just annoying to see those. Other protocols could be STP, SSDP and others which you may not need, but again, they aren't really stealing bandwidth - plus, you need to know what their purpose is and if you need them or not. answered 11 Apr '15, 03:15 Jasper ♦♦ |
As @Jasper said: not easy to answer. Here is my attempt. I don't believe that there is a general need to keep the pipe clean, unless you are experiencing network problems. However, as a "network problem" could be caused by a lot of things (overload, dns problems, duplicate addresses, physical problems, etc.), there is nothing one can do in advance to "keep the pipes clean". Furthermore, I don't believe that any traffic is useless per se, as there is usually a reason why that traffic is on the line. Some kind of traffic might be "less usefull" in certain environments, and then you should try to figure out who (system, software) is generating that traffic and then decide if and how you are going to stop it. So, to answer your question: There is no "good" traffic I can recommend to look for, as that's totally dependent on your own behavior and there is no "bad" traffic I can recommend to look for either, for the same reason. What you can do: Capture the traffic at a mirror port in front of your internet router and let it run for a few minutes while you are NOT surfing the web (close all browser instances). Then look at the Conversations (Statistics -> Conversations) and try to identify TCP connections that look "strange" (whatever that means in your environment) or connections that consume bandwidth they should not. You can also try to find "unusual" UDP connections in the same view and/or other protocols. Regards answered 11 Apr '15, 05:23 Kurt Knochner ♦ edited 11 Apr '15, 05:39 |