Using the recorded Network connection activity you may decide to block Internet access to TCP ports or domains, remove offending applications from computers, or tighten your company Internet use policy.
Spector CNE
|
|
Administrator's Guide |
Spector will record information about all Network connections made on the Client computer. You will be able to see which applications are connecting to the Internet, when the connections are made, the Internet address they connected to, what TCP ports they use, and the amount of network bandwidth consumed by those connections.
|
|
Using the recorded Network connection activity you may decide to block Internet access to TCP ports or domains, remove offending applications from computers, or tighten your company Internet use policy. |
The recording of Network connection activity can provide valuable insight into:
Which users may be violating company policy by consuming network bandwidth with streaming media, file downloads, or other Internet activity.
Applications connecting to the internet which you may not have been aware of and which could have security implications.
Which Internet resources are most often connected to which may not be reflected in other Spector recording tools.
The amount of network activity captured can be very large, so we provide several efficiencies (combining connections for a single visit/session and user inactivity) and filtering options to reduce and combine this information.
The Client records the following information for each network activity:
Program - Indicates the name of the program that established the network connection - you can include or exclude programs to be recorded.
Start Time - Indicates the time the first connection to that address was established.
Protocol - Only TCP network traffic is captured.
Domain Name - Indicates domain name the network connection is made to.
IP - Indicates IP address of the computer you are connected to.
Port - Indicates the IP port use for the network connection.
Connections - Indicates total number of connections for that event.
Sent - Indicates total bytes sent for all connections made during that event. Can estimate amount of bandwidth the connections used.
Recv - Indicates number of bytes received for all connections made during that event.
Duration - Indicates total connection time from the beginning of the first connection to the end of the last connection in that event.
End Time - Indicates time the last connection ended in that event.
Start Time is not always the actual time the network connection started. Network connections events that begin capture and one day and then continue their activity past midnight into the next day, will be broken up into two separate events. The second network connection event will show the network connection event starting at midnight of the second day and the first event ending at midnight of the first day.
Example If a connection lasts for two days, the first start time is when the Network Activity begins recording and ends at 11:59:59pm. The second Network Activity connection will start at 12:00:00am and end either end again at 11:59:59pm or when the connections ends.
All network connections have IP:Port information. The IP is the address of the computer the network connection was established with. The port is used to distinguish multiple connections to the same remote computer. Ports are like phone extensions to a single phone number. Some port numbers are ""well known" meaning they are standard Internet port connections. For example, port 25 is almost always used for SMTP email and Port 80 is almost always used for the web.
There may be multiple connections to the same network address and port. This is controlled by the Advanced Inactivity setting. Note that connection to the same network address but different port numbers will be recorded as separate network connection events.