Do you know the data that is sent from one computer to another over the wire or wireless network can actually be captured and read? In this guide, we are going to look at the basics of network monitoring. computer forensics examiner monitoring can be done at any time, either manually by the administrator or in an automated way. The purpose is to capture the traffic that is going in and out of a particular workstation or computer.
Normally, the network monitoring is done at the layer above the layer where you’re LAN or Network card is placed. Once the computer identifies any destination, it processes the data packets and triggers them to through the physical network card. Before it could actually reach the LAN card, the network monitor received every incoming or outgoing packet which it parses and stores in its interface for the administrator to look over at a later stage. Thus now we know what network monitoring is.
At times it becomes highly essential for the administrator to take a network monitor capture to understand weird behavior identified on the network and amongst network nodes or computers. There are not of sophisticated Network monitoring utilities available in the market. The one that is packages along with the windows operating system is know as Network Monitor which is easy to use and reveal a lot of interesting information about each and every packet that has been captured. All you have to do is to specify a network interface or LAN interface in the Network Monitor application and it will start the capture what all is coming in and going out.
Apart from this network monitoring can also be done with the use of third party application which will install a network monitoring service in all your client workstations or computers and servers. This service must be installed on each and every workstation and server which would be linked with the monitoring and reporting server. The purpose of this service would be to trigger an alert incase something goes bad in any machine. Almost all the companies today are using such alerting and network monitoring service to get hold on each and every device in their premises. This is essential in those cases where the computer have been compromised or hacked and the administrators are alerted immediately. To proof that you have been hacked, lot of investigations are conducted to gather proof of the incident which can be used for any lawful intercept.
If the network monitor traces have been gathered, they can be sent over to the network forensic department for close watch to identify the source of its origination as every company would like to know from which IP address they have been attacked. This can help in getting hold of the suspected person or at-least the premises from which this happened.