Tip

Monitor your network content

Monitor your network content
Barrie Sosinsky

A content-monitoring system needs to be tailored to the number of workstations in your enterprise. If you are considering its use, the Internet connection and its capacity must also be taken into account. In most cases, content-monitoring systems are behind the firewall where it is easy to view all packets coming in and going out. The hub or switched port should be capable of mirroring all packets to a monitor port or to a mirror. A fast processor and a lot of RAM are optimal for capturing and reporting network traffic. Another important feature is a NIC with promiscuous mode operation for viewing all packets on the network. Use 100-Mbps cards in different locations so in the event the monitoring device gets loaded with packets from a hub or switch it can handle them instead of dropping them.

Once you have the optimal hardware installed, your system needs to filter network communications. Use words or phrases placed in subject type dictionaries. General words like games, news, sports, etc., will cause filtering of captured network traffic according to an algorithm, which looks for words and phrases found in the body of each message. If a message is flagged through the use of a filter, the monitoring software will perform an action. The only problem with this system is that some words will have various meanings and can be misinterpreted by the monitoring tool. While trying to preserve a modicum of

    Requires Free Membership to View

    Login

employee privacy, be aware that knowledgeable employees can sometimes "fool" a content-monitoring system by using jargon that is easily misinterpreted by the monitoring system. There are some content-monitoring systems that use proprietary linguistic and mathematical analyses to monitor communications that fall outside of words and phrases collected in subject matter dictionaries. You might be able to add keywords but not edit or delete default dictionaries. For those systems that do allow editing, it can become time consuming and tedious to overhaul the entire dictionary.

Multiple site accesses from one URL request are often reported and extraneous material is often downloaded with a page. Cookies and banner advertisements are recorded as site accesses. Some systems allow you to compress duplicate hits to one site access strictly for reporting. Be aware that messages with overlapping content or categories will be reported in all matching categories so duplication will be present. Your hits may be inflated in some categories. Discerning the true number takes some time to decipher. Check out the latest content-monitoring systems and decide which one will give you the most for your money with the least amount of fine-tuning.

Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

Did you like this tip? Let us know via e-mail.


This was first published in September 2001

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top