Steps in Auditing Networks

809 WordsFeb 18, 20183 Pages
The very first step in auditing networks is to define where to analyze the traffic. Taking a common scenario for analysis, the following assumptions were made. There is a switched network made up of a number of switches, several terminals and a file server. Network performance has dropped, however the cause is unknown. There is no IDS (Intrusion Detection System) that can alarm or inform about attacks or network malfunction. Also, it is known that there are no problems with the transfer rate of the file server to LAN (Local Area Network) terminals [3]. Furthermore, network equipment does not have Netflow protocols to analyze traffic remotely. Wireshark was chosen to analyze the above scenario. The first doubt which arises is where to install Wireshark. It would seem logical to install Wireshark on the file server itself to analyze the traffic that flows through this network segment. However, there could be situations in which there is no access to the server physically or quite simply for security reasons. Thus, Wireshark cannot be installed there. Some alternatives are provided in the following paragraphs that enable to capture traffic without having to install Wireshark on the server. A. Using a Hub If a user connects a node where Wireshark is installed to one of the switch ports, he will only see the packets that occur between the switch and his terminal, however this is not desired for traffic analysis. The switch divides the network into segments creating separate
Open Document