Network Analysis / Diagramming Tool

Does anyone know of a (free) tool that I can use to analyse the
communications between Windows systems in order to help me determine what
firewall ports need to be open for certain operations.

Essentially what I want to do is, in a test environment, open up all
(firewall) ports
and run through some test scenarios whilst the analyser capture the
communications. I then want to be able to use the packet capture to
automatically create a diagram to determine what boxes are talking what
protocols/ports to each other during each scenario. I would then use this
to define the firewall rules.

Any suggestions appreciated.

Wireshark will listen on the line..

Why not start using netstat -ano on your boxes? That will tell you
what each computer is listening for or connecting to...
---
Jeffrey Randow
(E-Mail Removed)
Windows Networking MVP 2001-2006
http://www.networkblog.net


On Fri, 9 Nov 2007 01:56:02 -0800, gary0371
<(E-Mail Removed)> wrote:

>Does anyone know of a (free) tool that I can use to analyse the
>communications between Windows systems in order to help me determine what
>firewall ports need to be open for certain operations.
>
>Essentially what I want to do is, in a test environment, open up all
>(firewall) ports
>and run through some test scenarios whilst the analyser capture the
>communications. I then want to be able to use the packet capture to
>automatically create a diagram to determine what boxes are talking what
>protocols/ports to each other during each scenario. I would then use this
>to define the firewall rules.
>
>Any suggestions appreciated.

Jeffrey,

Thanks for the response.

My problem isn't that I can't listen - I'm using MS Network Monitor and that
does packet captures well enough for my purpose so I can analyse those if
necessary - I have already to some degree. What I'm after is a short cut to
make the analysis easier by creating a diagram automatically from a packet
trace;

for example, I'd like to be able to see a DC on the diagram and be able to
quickly interpret which other boxes it is talking to using LDAP, Kerberos,
SMB, Netbios, etc.

Admittedly I'm being lazy not wanting to trawl through endless packet
captures, and wanting the tool to do a diagram for me.

"Jeffrey Randow" wrote:

> Wireshark will listen on the line..
>
> Why not start using netstat -ano on your boxes? That will tell you
> what each computer is listening for or connecting to...
> ---
> Jeffrey Randow
> (E-Mail Removed)
> Windows Networking MVP 2001-2006
> http://www.networkblog.net
>
>
> On Fri, 9 Nov 2007 01:56:02 -0800, gary0371
> <(E-Mail Removed)> wrote:
>
> >Does anyone know of a (free) tool that I can use to analyse the
> >communications between Windows systems in order to help me determine what
> >firewall ports need to be open for certain operations.
> >
> >Essentially what I want to do is, in a test environment, open up all
> >(firewall) ports
> >and run through some test scenarios whilst the analyser capture the
> >communications. I then want to be able to use the packet capture to
> >automatically create a diagram to determine what boxes are talking what
> >protocols/ports to each other during each scenario. I would then use this
> >to define the firewall rules.
> >
> >Any suggestions appreciated.
>

TheDude does some mapping, but not to the extent that you want...
http://www.mikrotik.com/thedude.php

---
Jeffrey Randow
(E-Mail Removed)
Windows Networking MVP 2001-2006
http://www.networkblog.net

On Sat, 10 Nov 2007 02:31:01 -0800, gary0371
<(E-Mail Removed)> wrote:

>Jeffrey,
>
>Thanks for the response.
>
>My problem isn't that I can't listen - I'm using MS Network Monitor and that
>does packet captures well enough for my purpose so I can analyse those if
>necessary - I have already to some degree. What I'm after is a short cut to
>make the analysis easier by creating a diagram automatically from a packet
>trace;
>
>for example, I'd like to be able to see a DC on the diagram and be able to
>quickly interpret which other boxes it is talking to using LDAP, Kerberos,
>SMB, Netbios, etc.
>
>Admittedly I'm being lazy not wanting to trawl through endless packet
>captures, and wanting the tool to do a diagram for me.
>
>"Jeffrey Randow" wrote:
>
>> Wireshark will listen on the line..
>>
>> Why not start using netstat -ano on your boxes? That will tell you
>> what each computer is listening for or connecting to...
>> ---
>> Jeffrey Randow
>> (E-Mail Removed)
>> Windows Networking MVP 2001-2006
>> http://www.networkblog.net
>>
>>
>> On Fri, 9 Nov 2007 01:56:02 -0800, gary0371
>> <(E-Mail Removed)> wrote:
>>
>> >Does anyone know of a (free) tool that I can use to analyse the
>> >communications between Windows systems in order to help me determine what
>> >firewall ports need to be open for certain operations.
>> >
>> >Essentially what I want to do is, in a test environment, open up all
>> >(firewall) ports
>> >and run through some test scenarios whilst the analyser capture the
>> >communications. I then want to be able to use the packet capture to
>> >automatically create a diagram to determine what boxes are talking what
>> >protocols/ports to each other during each scenario. I would then use this
>> >to define the firewall rules.
>> >
>> >Any suggestions appreciated.
>>

"gary0371" <(E-Mail Removed)> wrote in message
news:81825BAC-4509-44F3-AC10-(E-Mail Removed)...
> Does anyone know of a (free) tool that I can use to analyse the
> communications between Windows systems in order to help me determine what
> firewall ports need to be open for certain operations.

The firewall itself should have the ability to do that on its own. It would
be either in the form of Logs or some sort of "live view". It typically
works better by *not* opeing everything up,..do the opposite,...stop
everything. Then run the machine and attempt to perform the traffic and let
the Firewall show you what it is blocking.

If it is in production you can't block everything,...so block everything
from a single test machine then monitor the failed/denied traffic comming
from that one machine.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------