Forensic Network Analysis – Why?

There’s no denying that there are lots of available network security and analysis tools and apps. Security devices like firewalls, Anti-Virus (AV) Systems, and Intrusion Detection Systems (IDS) aim to keep the bad out while NetFlow systems, log analyzers and other tools seek to make sense of what’s using the network and how.

Yet, despite all these tools, unanswered or poorly answered questions about networks persist.

• What devices are on my network and how much bandwidth are they using?
• What applications are in use and how much bandwidth do they use?
• Is there unauthorized activity on my network?
• Who is interacting with my network from the outside world?
• Is my network traffic encrypted?
• Is my network leaking sensitive data?

Here at Recon we believe that the best way to determine what’s happening on the network is to look at what’s happening on the network. Simple right? While many tools provide summaries and simplified views of network activity, they generally toss the bits of information which are providing the most value: the network traffic itself.

Raw network packets contain so much information about who and what is on a network, what applications are in use, and where traffic is going. It contains all the interesting nuggets, bad behavior, evidence of misconfiguration, and even clues to performance problems.

The challenge with raw network traffic is that it’s complicated, always evolving, and can quickly become overwhelming. While these challenges are real, the tendency of some tools to sample, summarize, and discard data often results in even more questions from users. Sure, it may be interesting to learn that your email server is making a periodic 40k HTTP post to an unknown server, but wouldn’t it be even more helpful to actually see what information is contained within that post? This is the sort of detail that traffic analysis with Recon Network Monitor provides.

Have a pile of security events you need to investigate in detail? Have pressing questions about activity on your network that you’re having difficulty resolving? Download and try Recon Network Monitor for free today.

Leave a Reply