Forensic Network Analysis – Why?

There’s no denying that there are lots of available network security and analysis tools and apps. Security devices like firewalls, Anti-Virus (AV) Systems, and Intrusion Detection Systems (IDS) aim to keep the bad out while NetFlow systems, log analyzers and other tools seek to make sense of what’s using the network and how.

Yet, despite all these tools, unanswered or poorly answered questions about networks persist.

• What devices are on my network and how much bandwidth are they using?
• What applications are in use and how much bandwidth do they use?
• Is there unauthorized activity on my network?
• Who is interacting with my network from the outside world?
• Is my network traffic encrypted?
• Is my network leaking sensitive data?

Here at Recon we believe that the best way to determine what’s happening on the network is to look at what’s happening on the network. Simple right? While many tools provide summaries and simplified views of network activity, they generally toss the bits of information which are providing the most value: the network traffic itself.

Raw network packets contain so much information about who and what is on a network, what applications are in use, and where traffic is going. It contains all the interesting nuggets, bad behavior, evidence of misconfiguration, and even clues to performance problems.

The challenge with raw network traffic is that it’s complicated, always evolving, and can quickly become overwhelming. While these challenges are real, the tendency of some tools to sample, summarize, and discard data often results in even more questions from users. Sure, it may be interesting to learn that your email server is making a periodic 40k HTTP post to an unknown server, but wouldn’t it be even more helpful to actually see what information is contained within that post? This is the sort of detail that traffic analysis with Recon Network Monitor provides.

Have a pile of security events you need to investigate in detail? Have pressing questions about activity on your network that you’re having difficulty resolving? Download and try Recon Network Monitor for free today.

Introducing: The Recon Network Monitor

Recon_Wireshark

What devices are on my network, and what are they doing? That should be a simple starting point. Maybe you log into an access point or router to see what devices have attached to the network – or perhaps you run tcpdump when something seems out of sorts. Maybe you even capture logs in splunk and have a repository of pcap files. Now what? Hours of digging through packets in wireshark? We think there is a better way.

Welcome to Recon

Welcome to Recon Networks! We’re a collection of network engineers and analysts who have been developing network traffic processing and analysis tools for over 15 years. We strongly believe in both the power of network traffic analysis to reveal network issues and the need for easy-to-use network analysis tools in the commercial marketplace.

Network traffic is complicated and trying to make sense of it can quickly become overwhelming. We strive to develop tools that can help make sense of it all and can help users—from those just starting out to seasoned analysts and engineers—get answers to their questions about the networks they manage.

We are happy to launch the initial version of our publicly available Network Monitor, which is free for personal and commercial use. We encourage you to download the software and give it a try. See things you like, hate, or would like to have? Please let us know. Our aim is to manage a tool that is truly driven by the community that uses it. Expect future enhancements that will support user-developed contributions and sharing within the broader community.

Network traffic analysis is a huge subject area, so check our blog for entries on a variety of topics that should help new users get started (How do I capture traffic on my network?) and hopefully show experts something new (Making sense of one sided traffic). We hope to have something for everyone.

Thanks for reading! We look forward to hearing from you soon.

The Recon Team.