Monitor all traffic from inside lan to internet - how to get in the path
Posted on 2005-04-14
What is the best way to get a computer-hosted network monitor in the path from the lan to the internet on a switched nework ? This is for the purpose of discovering unwanted outbound traffic from internal infected computers, or diagnosing protocol specific failures when when communicating with specific internet resources. I have been configuring a portable Server 2003 / ISA Server with Microsoft's Network Monitor as a temporary replacement for the normal NAT/Firewall device in order get in the path. It works fine, but is time consuming to set up when several inbound access-list mappings have to be maintained when using the temporary diagnostic router. It also breaks network connectivity during the transition from the permanent NAT device to the diagnostic NAT server.