Many tools let you view traffic in real time, but real-time monitoring at any level requires significant human and hardware resources, and doesn't scale to networks larger than a single workgroup. It is generally more practical to archive all traffic and analyze subsets as necessary. This process is known as reconstructive traffic analysis, or network forensics. In practice, it is often limited to data collection and packet-level inspection; however, a network forensics analysis tool can provide a richer view of the data collected, allowing you to inspect the traffic from further up the protocol stack? The IT industry's ever-growing concern with security is the primary motivation for network forensics. A network that has been prepared for forensic analysis is easy to monitor, and security vulnerabilities and configuration problems can be conveniently identified. It also allows the best possible analysis of security violations. Most importantly, analyzing a complete record of your network traffic with the appropriate reconstructive tools provides context for other breach-related events.
[1]
Stan Barber,et al.
Common NNTP Extensions
,
2000,
RFC.
[2]
Marshall T. Rose,et al.
Post Office Protocol - Version 3
,
1996,
RFC.
[3]
James P Anderson,et al.
Computer Security Technology Planning Study
,
1972
.
[4]
Jon Postel,et al.
Telnet Protocol Specification
,
1980,
RFC.
[5]
Jon Postel,et al.
Time Protocol
,
1983,
RFC.
[6]
Jarkko Oikarinen,et al.
Internet Relay Chat Protocol
,
1993,
RFC.