Monitoring A Suspicious Computer

less than 1 minute read

Description:

At one point or another, you may want to monitor a computer to log what connections it is making.

To Resolve:

  1. If you have a network diagram, look to see what port on the switch correlates to the suspect computer.

  2. Log into your switch and find the monitoring section. For a Netgear GS748T – It is Monitoring – Port Mirroring.

  3. Set the ports to mirror each other. For the Netgear switch, you checked a box for the source port, filled in the destination port, filled the direction (Tx and Rx (for send and receive)) and hit apply.

  4. Plug a laptop into the mirroring port and start up Wireshark. Disable all but the wired NIC on the Interface List and setup a capture filter of “host=(ip address of monitored computer)” and then click – Start.

  5. After however much time you feel, comb the logs of Wireshark to determine what connections the computer was making.

-----------------------------------------------------------
Spotted a mistake in this article? Why not suggest an edit!
-----------------------------------------------------------

Comments