Network Forensics monitoring

Unanswered Question
Jul 27th, 2007

I know this is a little off the mark but,

We have some people from Network Forensics installing monitoring equipment soon.

Supposedly, this device is going to capture every packet on the network.

How does this work and will it slow things down?

We have many VLANs, are they going to monitor every default gateway?

How would something like this be done?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Fri, 07/27/2007 - 18:08

Do you mean NetForensics? If so, it's a SIM product and it doesn't collect collects events. IDS events. Router events. Firewall events. Host events. etc, etc. Are you a network guy and the security guys will be using this product? They can impact the network, but not in the way you're thinking. A router configured to log events [maybe that it previously was not configured to] could become overloaded. Devices sending events over a slow link could saturate the link. etc.


This Discussion