This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
When using network protocol analyzers, analysts may run into problems when they need to recommend a configuration change to the technicians who manage the firewalls or routers. This can happen when a network analyst spots abnormal or suspicious traffic and wants to block it. It also can happen when an analyst determines that a firewall or router configuration is preventing proper communication with a new application.
With either scenario, the analyst who captured the packets has to explain or translate the change to the router or firewall manager. The potential problem is that different technicians from various disciplines might not easily understand what's needed or be on the same page.
This is where a little known Wireshark feature comes in, which I demonstrate in the video below.
When analyzing packets in Wireshark, go to the Tools menu and select the Firewall ACL Rules option and you will see various configuration syntaxes for different firewall and router products such as Cisco IOS, Netfilter (iptables) and Windows Firewall (via netsh). These rules are based on MAC addresses, IPv4 addresses, TCP and UDP ports, and IPv4+port.
Please pay attention to the screen and ensure you have the appropriate deny and inbound options selected to have the expected result.
Finally, feel free to copy and paste several filters into a text editor, but be careful of the order and if the product you're working with needs a deny or permit all at the end.
AIOps has great potential to streamline workflows and increase productivity within IT and NetOps teams. This can improve business outcomes and allow for the reallocation of resources to other projects.
Delivering automation throughout the IT stack helps alleviate organizational strains, making it possible to manage change at scale both on-premises and in the cloud while ensuring the performance and functionality.
As with all generational changes and upgrades, plan carefully, make sure that the monitoring fabric is an integral part of that plan, and put that monitoring in place early to ensure a smooth and secure transition to the new data rate.