This article presents a use case related to monitoring users and endpoints connected to the device ports that pass through VOIP phones on a network.
Many IT teams manage bandwidth consumption for a network that includes a VOIP telephone system. VOIP-enabled network switches often allow each VOIP phone to connect another device--typically a desktop or laptop computer--to the network . Both the phone and the device connected through it request and receive DHCP leases; and both are considered as being connected directly to the switch.
Should an endpoint connected through a VOIP phone become compromised (through a Trojan virus, for example), the network switch, directly connected to the compromised device, becomes vulnerable. Though a firewall is often setup with rules that block the egress of packets that a Trojan-infected endpoint is attempting to send back to its homing station from within the network, the risk and possible repercussions of sensitive information getting out remains. Hacking and securing networks endlessly depend on innovating tactics.
Probably managing bandwidth on your VOIP-enabled network already involves watching and shaping traffic in response to call quality indications and alerts. In fact, SolarWinds Network Performance Monitor, Network Traffic Analyzer, and VOIP & Network Quality Manager interoperate to give you a very granular view of bandwidth allocation and consumption to support VOIP quality of service.
However, while you may be able to see that specific endpoints are hogging bandwidth through a particular application, you will not necessarily be able to see who, internally, is contributing to a spike. For that you also need to correlate MAC and IP addresses, and user activity, with the traffic problem. SolarWinds User Device Tracker provides resources for tracking user logins with the MAC and IP of the device being used. Additionally, if monitoring tools reveal a breach in security, an IT team member can use UDT to remotely shutdown any network device port that might be compromised.