possibe DoS?
 

we're having a weird problem in my office. we have a dsl connection, with a server and 5 desktops connected to a hub, connected to a linksys router, connected to the dsl modem. for the last 2 weeks or so the network has been going down randomly for about 5 minutes at a time, usually 5-10 times a day. we've played with the hardware, swapping out the router and modem and i believe we've verified that the problem isn't the hub, router or cable modem. usually when the network does down we can ping the server and other computers, but the last two times that didn't work either (couldn't ping anything). since there were no changes made to the server or any of the computers on the network, i'm wracking my brain to think of something else to try.

could this be a DoS attack against the router? an icmp flood or something? i'm not sure what to look for....

EDIT: forgot to mention that the first thing i did was call our provider, but they ran tests on the line and said the connection looked fine.

Try using Ethereal to packet sniff the network and see if anything unusual occurs.

If you have never used Ethereal before you can view the user's guide however it shouldn't be too hard to figure out the basics.

similar to tcpdump? that's what i've used in the past. i can't remember though, does it listen promiscously by default to all traffic? if i run it on my laptop would i see icmp packets being received by the router? anyway, i'll give it a shot and see what i see.

It is similar to tcpdump however it's interface is GTK based. You can make ethereal listen in promisc. mode provided you run it on an account that has the proper privilages (root).

If you are running a hub you should have no problems seeing all the traffic in the hub. The Linksys Gateway may be more difficult, I don't think Linksys Routers have spanning but you could try putting your sniffer in the DMZ.