|
|
|
| Other things to see and do |
||
| (partial list) |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| • | TCP
bytes seems normal or low, TCP packets |
||||||||||||
| normal
or slightly higher, TCP flows high |
|||||||||||||
| – | look
for SYN flood or similar strangeness |
||||||||||||
| • | Ratio
of TCP to UDP/ICMP (any) decreasing |
||||||||||||
| – | packet
loss on network causing TCP to back off |
||||||||||||
| • | Watch
high-traffic hosts and hosts which talk to |
||||||||||||
| many
other external machines |
|||||||||||||
| – | find
the owned warez box faster |
||||||||||||
| • | Look
for traffic which shouldn't make it through |
||||||||||||
| your
firewall configuration |
|||||||||||||