The present invention is directed to a method and system for enabling surveillance and monitoring of networks communications by analysis of data traversing therethrough.
A huge amount of traffic is flowing through today's computer networks, not all of which is benign. Thus, an owner or supervisor of a given network may be most interested lo be able to track or “listen in” in real time in order to effectively monitor an/or secure the network. Such monitoring or surveillance can be achieved by connecting a probe to the network in order to monitor data traveling between two of more nodes (e.g., user workstations) on the network.
In a system where communication between two nodes is in a form of discrete packets, the network probe can “read” a packet of data in order to gather information, such as regarding the sources and the destination addresses of the packet, or the protocol of the packet In addition, statistical and related information can be computed such as the average or total amount of traffic of a certain protocol type during a given period of time, or the total number of packets being sent to or from a node. This information may be reported to a system administrator in real-time, or may be stored for later analysis.
Various attempts have already been made in this direction. For example, Clear View Network Window, a software program available from Clear Communications Corporation, of Lincolnshire, Ill., U.S.A, allegedly offers predictive/proactive maintenance, intelligent root-cause analysis, and proof-of-quality reports. However, the output is designed for network fault management, which is not the same as “tapping” into a communication between nodes in the network. Thus, the Clearview system does not allow monitoring of data transferred between two nodes In the network With regard to contents or characteristics.
Livermore National Laboratory, Livermore, Calif., U.S.A, developed a group of computer programs to protect the computers of the U.S. Department of Energy by “sniffing” data packets that travel across a local area network, The United States Navy used one of these programs, known as the “iWatch” program, in order to wiretap on communications of a suspected computer hacker who had been breaking into computer systems at the U.S. Department of Defense and NASA. The iWatch program uses a network probe to read all packets that travel over a network and then “stores” this information in a common database. A simple computer program can then be written to read through the stored data, and to display only predefined “interesting” pieces of information.
Whenever an interesting piece of information is found, the stored data is rescanned and a specific number of characters located at both sides of the “interesting” piece are reported. These interesting characters are then reviewed in order to determine the content of the message and used as, a guide to future monitoring activity,
This system is restricted to history analyze of user activities and does not enable complete “tapping” of all user activities and full simulation of the users surfing activity.
Three major problems are encountered in the way of achieving continuous and reliable tracking:                (a) Individual browsers do not report all the activities performed to a web server. For example, when a browser loads web pages from its browser cache space or from a proxy server, it does not send requests to any “remote” web server through the cyberspace autostrade;        (b) Application programs designed to perform certain features by web browser of one manufacturer are usually not compatible with those manufactured by another vendor because browser interface mechanisms are different and proprietary to each one of them; and        (c) Individual browsers send their requests to web servers in a non-systematic order in other words, with regard to a given web server, a preceding request has no relation to a subsequent request. In processing of requests, a web site has no control over the sequences of the requests.        
In an attempt to overcome these problems, U.S. Pat. No. 5,951,643 refers to a mechanism for dependably organizing and managing information for web synchronization and tracking among multiple consumer browsers.
However, this solution is limited to tracking activities of identified users, who agreed to be “tapped” and willingly cooperated and be connected to the host with designated application.
It is thus the prime object of the invention to provide a monitoring and surveillance method and system enabling network communication suppliers to tap any user connected to the network.
It is a further object of the invention to provide a tapping methodology enabling network communication suppliers to watch in real time all user activities while communicating a network.
It is a still further object of the invention to enable web-site owner to monitor and tap users contacting their web site