As a consultant called to evaluate why the mail host for a domain noticed a threefold increase in outgoing traffic,...
I went to network monitor (inside their firewall) to identify the offending machine. Is there a way to monitor just SMTP traffic coming from all machines? I was able to identify the offending machines through the router interface but both were clean using both McAfee (they have a Sonic Wall firewall) and Symantec online scanning for viruses. The worrries don't stop there because they use VOIP for the phone system.
Windows NT and 2000 Server come with a built-in Network Monitor application that will allow you to capture and analyze network packets based on specific filter criteria. However, the native utility will only analyze packets that are sent to or from the local computer. To perform analysis on an enterprise network you will need an additional utility such as Systems Management Server or another third-party application - HP Openview, Unicenter TNG or the like.
If your client is already using a firewall, I wouldn't be surprised if the firewall itself possessed some description of monitoring software that might potentially meet your needs in this situation. It's certainly worth investigating in the interests of saving money and not having to re-invent the wheel.
Related Q&A from Laura Hunter
Active Directory expert Laura E. Hunter explains to a reader what must be done to change the default display specifiers for new users in Active ...continue reading
Active Directory expert Laura E. Hunter tells a reader what to keep in mind when deleting subnets associated with sites being removed in an ...continue reading
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.