wireshark and nmap
I'm looking for a good way to map the applications we run on our internal network. Basically mapping the logical relationships between hardware vs the physical.
I am considering writing a perl script that will invoke wireshark once nmap determines a port is active, to determine how much traffic a service is getting... or vise versa, wireshark invoking nmap once a certain traffic limit on a port is reached...? and then maybe sending the script to the next remote host, and writing to an external log?
this is just as far as my brainstorming has gotten, anyone else have any ideas here, or done anything similar?