Netwitness

[Techmonkey]

Use the "Thread Rating" at the top of this post to give your rating to Windows 7 out of 1 - 5 stars.

Site: http://download.netwitness.com/download.php?src=DIRECT

This is an excellent program with an almost fully featured freeware version.

Put simply Netwitness is a network traffic analysis tool, much along the same lines Ethereal or Wireshark. However it has one major advantage over the others, you dont have to be a network guru to use it for meaningful results.

I recently used it at a clients site as they had 100+ pc's and one of them had got infected with a mailbot which was causing it to spam out thousands of junk mails.

Our normal practice in this situation is to switch all machines off and bring them back on one at a time, running combofix, mbam etc over each machine. An effective but time consuming pratcice.

Using netwitness we instead install it on to a machine on the network and let it capture the network traffice for about 10 - 15 mins. Then it is a simple case of drilling down for the information required. So click SMTP protocol, then I am presented with all machines using the SMTP protocol with a count of the number of attempts/connections made from that machine. So look for the one with an unacceptably high number of connections and you can bet your bottom dollar thats you infected machine.

This is just one use it could be used for and to get a better idea I would recommend looking at their youtube tutorials.

http://www.youtube.com/netwitness