While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy.
Which of the following tool or technology would work BEST for obtaining more information on this traffic?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The best tool or technology to obtain more information on the unknown traffic is a protocol analyzer, which is also known as a network sniffer or packet analyzer.
A protocol analyzer is a software or hardware tool that captures and analyzes network traffic in real-time. It allows network administrators to monitor the traffic and identify any issues or anomalies that may indicate a security threat or violation of the organization's policies.
In this scenario, the unknown traffic could be a potential security threat or a violation of the organization's Acceptable Use Policy. Therefore, a protocol analyzer would be the most appropriate tool to capture and analyze the traffic. The captured packets can be examined for any suspicious patterns or activity that could pose a threat to the organization's network security.
While firewall logs and IDS logs can provide some information on the traffic, they may not provide sufficient detail to determine the exact nature of the traffic. Firewall logs provide information on traffic that has been allowed or blocked by the firewall, while IDS logs provide alerts on potential security threats detected by the IDS system. Increased spam filtering is also not relevant in this scenario as the traffic is classified as "unknown" and not specifically related to spam.
In summary, a protocol analyzer is the most suitable tool to obtain more information on the unknown traffic as it allows network administrators to capture and analyze the traffic in real-time to identify any security threats or policy violations.