Progress Report: Passive Distributed Network Analysis Using Remote Packet Capture In Java

Thomas C.A. Judge

Abstract:

Intrusively monitoring the activity on a network can add extremely large load to a server, for example monitoring the web sites that users on a LAN visit without having the overhead of running a transparent proxy server. Another example would be to monitor the conversations that people on a LAN are having with the outside world via some form of instant messaging application (i.e. MSN Messenger). Both of these processes would traditionally require a proxy server to intercept the content of messages/pages between the source and the destination, adding extra overhead to systems that could be utilised else where in the organisation. By monitoring this content in a passive fashion it is possible to monitor systems without touching or reconfiguring them.