Conversations
Ransomware
Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder

Network Traffic Analysis

Type: activity threat detection security

As there is a shortage of windows compatible IDS/IPS, there is a prospect for other methods of network traffic monitoring to be implemented. Fortunately there are a number of free or commercial software that can achieve similar results to IDS/IPS on the Windows platform.

Wireshark is a popular application designed to monitor and record all data communications received by the host computer. For this reason it is important that all network data is forwarded to the host computer, this can be achieved by using a managed switch that can port mirror all communications to the host computer. Wireshark will then analyse the data packets and extract information such as time, source, destination, protocol and other information.

Wireshark is free, very easy to install and use on windows systems. Also wireshark is capable of accurately monitoring data communications to an industry standard. As a result wireshark is perhaps the most popular and successful traffic analyser currently available. Unfortunately traffic analysers are not capable of flagging suspicious behaviour or preventing communications and therefore cannot completely substitute IDS/IPS systems.