Network Analysis / Diagramming Tool

Discussion in 'Windows Networking' started by gary0371, Nov 9, 2007.

  1. gary0371

    gary0371 Guest

    Does anyone know of a (free) tool that I can use to analyse the
    communications between Windows systems in order to help me determine what
    firewall ports need to be open for certain operations.

    Essentially what I want to do is, in a test environment, open up all
    (firewall) ports
    and run through some test scenarios whilst the analyser capture the
    communications. I then want to be able to use the packet capture to
    automatically create a diagram to determine what boxes are talking what
    protocols/ports to each other during each scenario. I would then use this
    to define the firewall rules.

    Any suggestions appreciated.
     
    gary0371, Nov 9, 2007
    #1
    1. Advertisements

  2. Wireshark will listen on the line..

    Why not start using netstat -ano on your boxes? That will tell you
    what each computer is listening for or connecting to...
     
    Jeffrey Randow, Nov 10, 2007
    #2
    1. Advertisements

  3. gary0371

    gary0371 Guest

    Jeffrey,

    Thanks for the response.

    My problem isn't that I can't listen - I'm using MS Network Monitor and that
    does packet captures well enough for my purpose so I can analyse those if
    necessary - I have already to some degree. What I'm after is a short cut to
    make the analysis easier by creating a diagram automatically from a packet
    trace;

    for example, I'd like to be able to see a DC on the diagram and be able to
    quickly interpret which other boxes it is talking to using LDAP, Kerberos,
    SMB, Netbios, etc.

    Admittedly I'm being lazy not wanting to trawl through endless packet
    captures, and wanting the tool to do a diagram for me.
     
    gary0371, Nov 10, 2007
    #3
  4. Jeffrey Randow, Nov 11, 2007
    #4
  5. The firewall itself should have the ability to do that on its own. It would
    be either in the form of Logs or some sort of "live view". It typically
    works better by *not* opeing everything up,..do the opposite,...stop
    everything. Then run the machine and attempt to perform the traffic and let
    the Firewall show you what it is blocking.

    If it is in production you can't block everything,...so block everything
    from a single test machine then monitor the failed/denied traffic comming
    from that one machine.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Nov 12, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.