The Network Hub

Feb 13 2009   10:43PM GMT

NetScout adds authentication and policy control to packet sniffer

Shamus McGillicuddy Shamus McGillicuddy Profile: Shamus McGillicuddy

If you’re a network manager, chance are you’ve possessed a laptop with a packet sniffer or protocol analyzer on it. Just plug that bad boy into the corporate network and you can look at all the traffic that’s going across the wire.

I’m sure you’ve worn a white hat while using such a tool, but has the thought crossed your mind at some point that one of your admins could go rogue with such a tool and cause some real trouble for you?

I recently talked to Steve Shalita, vice president of marketing for NetScout, about this worry. Back in the fall of 2007, NetScout bought Network General, the maker of one of the original packet sniffers, named (what else) Sniffer.

Shalita said NetScout is releasing a new version of Sniffer called Sniffer Global which introduces a server-based authentication point for all Sniffer desktop installations. Through this central server, network managers can set policies for usage of Sniffer technology.

“You can limit how far they can go into the packet,” Shalita told me. “And you have the ability to, by user and with very granular detail, report on what that user has done out there on the network. The server is doing policy control and authorization of what they can do and reporting back to you.”

Sniffer Global isn’t a cure-all for potentially rogue packet sniffers on the network. It isn’t backwards compatible with older versions of Sniffer. So you’d have to update all the desktops that have Sniffer on them. That means you’d have to find the ones you don’t know about, too.  And of course, Sniffer Global’s server won’t identify packet sniffers made by other vendors, either. Instead, Sniffer Global’s value is in establishing centralized control over sanctioned Sniffer PCs across the network.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: