![]() ![]() The key thing to focus on is not catching people doing bad things but rather watching for potential malicious activity that is degrading network functionality (i.e., the employees' ability to get their work done). Your company has policies for handling the "petty cash" drawer, and I would bet your network infrastructure costs a lot more that. This thing is costing money, so there has to be a business justification for its very existence. In general, business terms, what business needs does the computer network exist to meet, and what are appropriate uses of the resource. Probably won't see, but who knows)Īt the same time, work with your management to develop a network resource usage policy. You're looking for Top Type of traffic (likely HTTP, but who knows), Top Talkers (should be your servers, but who knows), and potentially Malformed Traffic (large amount of TCP retransmissions, malformed packets, high rates of very small packets. As a monitoring tool, IMHO, wireshark is not quite the tool you need. If you need to look at/troubleshoot the interaction between a couple machines, wireshark is great. You'll just get too much data, but you have a hard time analyzing the data. I would recommend against using wireshark to monitor traffic. ![]()
0 Comments
Leave a Reply. |