Monitor (read) network traffice BEFORE it's encrypted?

Hi folks,
Is there any way to monitor my network traffic before it's encrypted via
group policy with IP/Sec? At our organization, we need to encrypt all traffic
to satisfy auditors, but we would still like to be able to be able to read
the traffic via Ethereal, Etherpeek, etc. if we choose to. I'm wondering if
some NIC's may allow this (Intel S series, etc.) before the traffic is
encrypted? Also, is there any way as Administrators to be "alerted" if, and
when, someone on the wire IS monitoring the traffic??? Suggestions?

Thanks,
Ed

Phillip
Wed Jun 22 14:23:23 CDT 2005

Encryption occurs near the top of the OSI model (Session Layer I think).
Packet sniffers work at the absolute bottom of the OSI model at the Physical
Layer where the traffic is placed on the wire. So no,...it is not possible
with those kind of tools.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Ed Flecko" <EdFlecko@discussions.microsoft.com> wrote in message
news:1AF5CAE9-2F5C-4E75-942B-BE2C46050ECF@microsoft.com...
> Hi folks,
> Is there any way to monitor my network traffic before it's encrypted via
> group policy with IP/Sec? At our organization, we need to encrypt all
traffic
> to satisfy auditors, but we would still like to be able to be able to read
> the traffic via Ethereal, Etherpeek, etc. if we choose to. I'm wondering
if
> some NIC's may allow this (Intel S series, etc.) before the traffic is
> encrypted? Also, is there any way as Administrators to be "alerted" if,
and
> when, someone on the wire IS monitoring the traffic??? Suggestions?
>
> Thanks,
> Ed

Mercury
Thu Jun 23 06:25:56 CDT 2005

Your auditors should fail your encryption system if there was any chance of
doing this.
Most hacks occur internally remember?

"Phillip Windell" <@.> wrote in message
news:eqqXc$1dFHA.3328@TK2MSFTNGP09.phx.gbl...
> Encryption occurs near the top of the OSI model (Session Layer I think).
> Packet sniffers work at the absolute bottom of the OSI model at the
> Physical
> Layer where the traffic is placed on the wire. So no,...it is not
> possible
> with those kind of tools.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Ed Flecko" <EdFlecko@discussions.microsoft.com> wrote in message
> news:1AF5CAE9-2F5C-4E75-942B-BE2C46050ECF@microsoft.com...
>> Hi folks,
>> Is there any way to monitor my network traffic before it's encrypted via
>> group policy with IP/Sec? At our organization, we need to encrypt all
> traffic
>> to satisfy auditors, but we would still like to be able to be able to
>> read
>> the traffic via Ethereal, Etherpeek, etc. if we choose to. I'm wondering
> if
>> some NIC's may allow this (Intel S series, etc.) before the traffic is
>> encrypted? Also, is there any way as Administrators to be "alerted" if,
> and
>> when, someone on the wire IS monitoring the traffic??? Suggestions?
>>
>> Thanks,
>> Ed
>
>

Steven
Thu Jun 23 12:14:18 CDT 2005

If you use Ethereal or such you will only see the ipsec ESP traffic. One on
the downsides of encryption is that you can not sniff it. A user can also
sniff the network undetected but if the traffic is encrypted you effectively
mitigate that risk anyhow. --- Steve


"Ed Flecko" <EdFlecko@discussions.microsoft.com> wrote in message
news:1AF5CAE9-2F5C-4E75-942B-BE2C46050ECF@microsoft.com...
> Hi folks,
> Is there any way to monitor my network traffic before it's encrypted via
> group policy with IP/Sec? At our organization, we need to encrypt all
> traffic
> to satisfy auditors, but we would still like to be able to be able to read
> the traffic via Ethereal, Etherpeek, etc. if we choose to. I'm wondering
> if
> some NIC's may allow this (Intel S series, etc.) before the traffic is
> encrypted? Also, is there any way as Administrators to be "alerted" if,
> and
> when, someone on the wire IS monitoring the traffic??? Suggestions?
>
> Thanks,
> Ed