CommScope RUCKUS Community Forums

Durhambot · ‎08-03-2023

Do we have the ability to remotely monitor individual user sessions ingress and egress packets? Or anything in regards to investigating suspicious user activity?

Chandini · ‎08-06-2023

Hi Durhumbot

Thank you for reaching us.

Could you please let me know if you are referring to remote port mirroring options on the switches ?
Are these switches part of any monitoring tool ?

Thanks

jdryan · ‎08-07-2023

Hi Durhumbot,

Adding to the above, on the switches you can have SFlow to monitor and analyze the type of traffic coming on the switch ports for a connected user.

The switches also have an option to track session of all users logging into it and their activity, locally via show cli-command-history and remotely via AAA Accounting.

However, the requirement here is to check the specific user's traffic generated on the device [ PC ] that they are working on or are using. This would generally come under EDR : End point detection and Response, where a continuous monitoring is done on end-point [ user's PC ] to track and analyze the activity.

The same cannot be done by the switches, however using port mirroring options you can have the traffic mirrored and redirected to a system that's capable of analyzing it. This is usually done at the core or gateway point where the Ingress and Egress point for all the traffic would be converged in the whole network.
And the System would do threat assessment of the traffic coming in and track it.

Let us know your thoughts !

CommScope RUCKUS Community Forums

Monitoring User Sessions ICX7450