In my post about Top conversations and how they are calculated () we can see a lot of Microsoft DS (445) port traffic as the source port. My question is, what do you all use as tools to determine what applications on the source server is causing this traffic. My thought is to use a packet sniffer like Etherreal running on the source machine or set up a port mirror in the switch. It seems like this is a time consuming and tedious method but I can't think of another way. Is this the best approach? What have you done in the past and with what tools?
Thanks,
Paul
