The age old question about network abuse and security. What is the better or recommended network monitoring tools out there to accurately monitor internet traffic ONLY going IN and OUT of a network? The only thing acting as the Firewall is the router. All internal addresses are being NATted and I need to see who is abusing the internet connection?
I have logs which show some DOS attacks but I also have logs that show 4-8Gb of downloads in a week.
The client primarily uses the internet connection to send email and has a staff compliment of about 6 and the only things they should be receiving or sending are architectural drawings.
I heard about wireshark but will it create a realtime log for me and would it be easy to analyse this log? Has anyone had any experience with wireshark? What are your views?
Looking for something simple but effective - I want to see connections, ports, downloads(if possible) and all the nice stuff to nail the suckers who've been making a sucker out of me!
Any help will do!