In conventional communication networks, a traffic flow of data packets transmitted through the communication network may be captured and forwarded to a network tap device. The network tap device then forwards the traffic flow of captured network traffic to one or more external monitoring devices.
One reason for capturing network traffic is to monitor the network traffic for security purposes. Traditionally, implementation of security measures within a communication network is limited to putting firewalls or filters in place to restrict traffic flowing into and/or out of the communication network or a component of the communication network. In some cases, a network tap operating under these security procedures acts to forward traffic violating a security procedure to a monitoring device regardless of the content included within the data packet.
Conventional taps lack the capacity to analyze the content or data patterns included within data packets and direct data packets to a monitoring device accordingly. Restrictions imposed on network traffic by firewalls and filters may be over-inclusive or under-inclusive as they typically block network traffic based on features not related to the content of the data packet, such as address information or size. On some occasions, the information used to filter and or firewall the communication may not be relevant to the reason why a communication may violate a security protocol. In conventional communication networks when a firewall or filter is implemented, all communications of a particular type are limited. While this may work to provide security to a communication network in some instances, communications that may violate a security protocol but are not specifically filtered or blocked based on firewall or filter specifications may be communicated through the network. For example, an e-mail exchange between two parties may be permissible under the specifications of a conventional security measure however, the content of the e-mail may violate one or more security protocols. As may occur when one party is discussing information with another party that is not authorized to receive the information. Conventional network monitoring and or security measures are unable to locate such an unsecure communication at least because they do not analyze the content of the data packet included within the communication.