The goal of creating a boot up configuration baseline is to record the behavior of a PC 'on the wire' when it is powered on. The client does not need to be present since no login is required. Any dependencies, protocols and load will be documented.

Methodology:

  • Place your protocol analyzer either on the same hub as the workstation or configure some form of port monitoring.
  • Be careful if you set up a MAC/DLC filter based on the target workstation's hardware address. You may miss some packets, like some DHCP replies. If DHCP is used and you wish to use a MAC filter, include the bootp/DHCP protocol.
  • Capture all the packets and filter later if you need to.
  • After powering the workstation on, ensure that all background services are loaded by simply observing the hard drive light.
  • When the hard drive light 'settles down', and the frame counters stop, you're done.
  • All services, applications and protocols will create network traffic as well as any policies or other activities.