How best to identify applications and users that might be accessing an older application server?
Posted on 2016-11-16
I have an older Server 2008 R2 application server (IIS 6 and 7 are installed, I know it was a mail relay and a licensing server for our engineering program, but not sure what else) in my domain that I'm attempting to sunset and remove. My issue is that I've been here a year and I'm still stumbling onto undocumented applications and processes in my environment, and I fear removing the server and finding out later on that there was an old app, piece of manufacturing equipment, MFP, etc. that depended on something that was running on the server.
What's my best option for determining who or what might be connecting to this box, and for what purpose?
My first thought is wireshark, but I'm not too experienced with the app, so I don't know if this is my 'best' option or not. I could also just shut the thing down and wait for an outcry, but I really hate the impression that type of move will give to my users (if it turns out that this is hosting some critical process).
Any advice would be greatly appreciated!