Here we will discuss how to use the appropriate resources to analyse network traffic. Analysing network traffic is very important to improvise the performance and take necessary steps to make it better.
Simple Network Management Protocol (SNMP) –
- SNMP Manager – It is responsible for data collection. It can configure devices or pull information.
- SNMP Agent – It is software on device. It is used on switches, printers and servers and can monitor or send data.
- SNMPv2 – It offer performance improvements but has complex security and hence not widely adopted.
- SNMPv3 – It is the highest security. It allows for username authentication and verify that data is unchanged and encryption.
SYSLOG – The syslog allows devices to send alerts and errors to a syslog server. Messages within the syslog specify which program logged the error, the severity and the error itself. Messages can be spoofed. The syslog can use software to parse and analyse messages.
Event Viewer – The event viewer allows us to access logs and events and can be viewed on local and remote computers and servers. In the event viewer, custom logs can be set up, specifics tasks can also be audited.
Logs – Various type of log logs can be found on a windows system. Some of them are specified here –
- General Logs – These are the system related logs to view including information, warnings and errors. These logs can be application logs which are errors, events related to software and applications, security logs are security related events that we add in our security related policy to audit, systems are going to show error, events and information related to the system itself.
- History Logs – They indicate a history of changes or actions performed. For e.g. internet browsers keep history of data surfed. It can be used later for accountability
- Traffic Analysis – It analyse network traffic for issues or make decisions or insights into the network as a whole. There are different tools for analysis like Microsoft analyser, Wireshark, netstat, firewall/IDS logs, and more.
- Protocol Analyser – It analyses traffic by capturing network data to get an insight. We see things like IPs, ports, protocols, packet data, etc. There need to be a baseline with which we can compare things.