As a consultant called to evaluate why the mail host for a domain noticed a threefold increase in outgoing traffic,
I went to network monitor (inside their firewall) to identify the offending machine. Is there a way to monitor just SMTP traffic coming from all machines? I was able to identify the offending machines through the router interface but both were clean using both McAfee (they have a Sonic Wall firewall) and Symantec online scanning for viruses. The worrries don't stop there because they use VOIP for the phone system.
Windows NT and 2000 Server come with a built-in Network Monitor application that will allow you to capture and analyze network packets based on specific filter criteria. However, the native utility will only analyze packets that are sent to or from the local computer. To perform analysis on an enterprise network you will need an additional utility such as Systems Management Server or another third-party application - HP Openview, Unicenter TNG or the like.
If your client is already using a firewall, I wouldn't be surprised if the firewall itself possessed some description of monitoring software that might potentially meet your needs in this situation. It's certainly worth investigating in the interests of saving money and not having to re-invent the wheel.
Dig deeper on Enterprise Infrastructure Management
Related Q&A from Laura E. Hunter
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
A Windows administrator moving from Windows Server 2003 to Windows Server 2003 R2 wants to perform a restore of a previous server to a new one ...continue reading
An admin has two domains and two Active Directories. He wants to know how to join the Active Directories so that internal staff can access both, but ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.