The quickest way to monitor for PCAnywhere activity is the run a
Traffic Distribution Report with IP protocol field set to TCP and
enter 65301,5631 in the Destination Port field. This will monitor for
activity on the Data ports associated with PCAnywhere.
A second report to run would be a Traffic Distribution Report with IP
protocol field set to UDP and enter 22,5632 in the Destination Port
field. This will monitor for activity on the status fields assocaited
Both of these reports should be saved as Custom reports which could then be added to one of your dashboards
It would also be advisable to monitor for any netscanning activity on these ports to check if any internal or external hosts are attempting to exploit this vunerability. To do this access a Netscan :: by Source report and enter 65301,5631,22,6532 in the Port field. After running the report save as a custom report.
These 2 actions will allow you detect PCAnywhere activity on your network and will also allow detect any hosts attempting to detect possibily vunerable systems on your network.