Observer Analyzer : Observer Analyzer : GigaStor Control Panel : Examining your network traffic with forensic analysis : Using network forensics to track acceptable use or compliance
Using network forensics to track acceptable use or compliance
Note: Stream reconstruction (including VoIP) is illegal in some jurisdictions and may be disabled by VIAVI to comply with those laws.
Your company likely has an “acceptable use” policy for its network. As a network administrator, you may be asked to track a specific person's internet use. The challenge of tracking web user activity is that it can provide domain names and URL information but cannot show what exact content was being displayed at the time. If those sites cease to exist or change their content, providing adequate documentation is nearly impossible.
The solution is to record the traffic in its entirety, which offers the ability to view the transactions, and also to reconstruct the original stream of data.
1. Isolate the time frame where you suspect the person was misusing the network. See Selecting a time frame to analyze.
2. Click the IP Stations tab and find the address of the user you are tracking. Select the address. This creates a filter.
3. Click Update Chart. This updates the Detail Chart and shows you all of the traffic from the address.
4. You can further filter the chart and reports by selecting specific traffic types (for example, HTTP, SMTP, Telnet, and so on).
5. Analyze the data using one of the options described in Mining data from your GigaStor . This opens your data in the Decode tab in Observer .
6. Assuming the data is HTTP, select a packet in the Decode tab and right-click. Choose TCP Dump (HTTP) from the menu. This analyzes the data and opens it in the Expert tab.
7. Scroll through the decoded packets. Click the “ReconstructedPage.html” files to see the web page as it looked when the user saw it.
This same process can be used for replaying VoIP calls or capturing e-mail and instant messaging to ensure your company’s “acceptable use” policy is being followed.