What’s that server doing?

Like me, you’ve probably been asked that question many times, usually when looking at reclaiming resources, planning migrations or simply enforcing your company’s security policy.

And if the answers to the above questions cannot be answered in a timely manner the old method was simply to power the workload down and see what broke or who screamed, unfortunately in this day an age that is no longer a reasonable approach.

In a world where we are ever moving towards network white-list models where all flows are denied by default, except those specifically allowed in the policy, visibility into what the applications are doing and how they interact with each other are now critical to understand. The 2 last projects I have done enforced a network white-list policy and mapping all the required application flows involved a lot of detective work and traffic capturing to establish what…