<HTML><HEAD><TITLE>Chapter  21 -- How Intranet Monitoring Software Works</TITLE><META></HEAD><BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EE" VLINK="#551A8B" ALINK="#CE2910"><H1><FONT SIZE=6 COLOR=#FF0000>Chapter&nbsp;21</FONT></H1><H1><FONT SIZE=6 COLOR=#FF0000>How Intranet Monitoring SoftwareWorks</FONT></H1><HR><P><CENTER><B><FONT SIZE=5><A NAME="CONTENTS">CONTENTS</A></FONT></B></CENTER><UL><LI><A HREF="#HowIntranetMonitoringSoftwareWorks">How Intranet Monitoring Software Works</A></UL><HR><P>In the last chapter, we saw how network administrators can blockintranet users from visiting objectionable sites on the intranetusing server software. But in many cases, intranet administratorswant to do much more than simply block users from visiting objectionablesites. They may also want to track the overall usage of the Internetfrom inside the intranet, and be able to see in exquisite detailexactly how the Internet is being used-for example, to see thetimes of the greatest access, or which departments and subnetsmake the greatest use of the Internet. And they may want to tracknot only how people on the intranet are accessing the Internet,they may also want to see how they are using the intranet itself.<P>All that can be done-and a lot more-using intranet monitoringsoftware. This is software that sits on a server, and monitorsall traffic between the Internet and the intranet. It can alsomonitor all traffic on the intranet itself.<P>The software works by examining every IP packet coming into andgoing out of the intranet. It looks into both the IP header andat the data itself. The intranet administrator decides what kindof traffic to track. For example, access to intranet and InternetWeb servers; FTP (File Transfer Protocol) usage; access to newsgroups;use of e-mail; and Telnet could all be tracked using this software.The monitoring software can then log all that traffic in extraordinarydetail. It can track the destination address as well as the originatingaddress; the amount of data transferred; the time of day; andmany other pieces of data. All that data is automatically putinto a database that intranet administrators can use to createreports of just about any type.<P>This information can help intranet administrators in many ways.It can help them know when new bandwidth needs to be ordered ornew servers need to be installed. And it can also tell them ifinappropriate sites are often visited.<P>Some monitoring software goes beyond merely tracking usage, andallows administrators to set access rules for the entire corporationor for individual departments. For example, it will allow networkadministrators to lock out certain sites from the entire corporation,such as those that have pornographic material on them. And itcan let them decide on a department-bydepartment basis what kindof Internet access should be allowed.<P>While this type of software is certainly helpful to intranet administrators,some intranet users may be leery of it. They may think that ithas a &quot;Big Brother&quot; feel to it, that intranet administratorsare violating their privacy, or watching in detail how they usetheir computers. While that is a possibility, when used correctlythe software can help to make sure that the network is functioningat top efficiency, and not to snoop into other people's lives.<H2><A NAME="HowIntranetMonitoringSoftwareWorks"><FONT SIZE=5 COLOR=#FF0000>How Intranet Monitoring Software Works</FONT></A></H2><P>Server software is available to allow for extensive monitoringof how intranet users access the Internet. Administrators mayfind it useful to know, in general, what kinds of sites are beingvisited, and may even want to track what sites individual usersare visiting. It is possible to do much more detailed analysisas well, including how much individual users access the Internet,what hours are most heavily trafficked, and much more. The softwarecan also customize how people are allowed to access the Internetand/or the intranet. All outgoing and incoming traffic must passthrough the monitoring machine.<OL><LI>The software uses packet filtering, much like filtering routers(see <A HREF="ch13.htm" >Chapter 13</A>). Both look at the data in the header of everyIP packet coming in and going out of the intranet, and every packettraveling across the intranet. However, they differ significantlyin that filtering routers make decisions about passing or droppingpackets. Monitoring software simply lets the packets pass through,and tracks information about packets. Data such as the senderand destination address; size of the packet; type of Internetservice involved (such as the Web or FTP) and time of day is capturedto a database.<LI>While all packets must pass through the server, the softwaredoes not necessarily put information about every packet into thedatabase. For example, information about HTTP packets (World WideWeb), file transfer protocol packets (FTP), e-mail packets (SMTP),newsgroup packets (NNTP), and Telnet packets might be tracked,while streaming audio packets might be ignored.<LI>Software included with the server program allows network administratorsto view and analyze intranet and Internet traffic to a remarkabledegree. It can show the total amount of network traffic by theday and the hour, for example, and show in any hour which Internetsites were being accessed and how much data was being transferred.It can even show what sites individual users on the intranet werevisiting, and the most popular sites visited in graph form.<LI>Some software goes beyond analysis, and allows intranet administratorsto change the kind of Internet access allowed to intranet users,based on traffic, usage, and other factors. For example, an intranetadministrator could allow only certain departments access to someInternet resources.<LI>The software could also allow intranet administrators to bancertain sites from being visited by the entire intranet. For example,if there are pornographic sites that analysis has shown intranetusers are visiting, the administrator could set rules that wouldban anyone from visiting those sites. The packet filtering softwarewould then not allow in any packets from those sites.</OL><HR><CENTER><P><A HREF="ch20.htm"><IMG SRC="PC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="CC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="contents.htm"><IMG SRC="HB.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch22.htm"><IMG SRC="NC.GIF" BORDER=0 HEIGHT=88 WIDTH=140></A><HR WIDTH="100%"></P></CENTER></BODY></HTML>