NetScope Blog

Without application detection all web traffic looks the same



But not all web visibility is the same

The wrong tool may only lead to more confusion

If your monitoring tool doesn't distinguish between different types of web traffic then you have poor web visibility. Take road traffic as an example, if you see that a major city road is clogged with traffic it would be useful to see what's causing the congestion, right? If there is a bottleneck up ahead (like an accident) it would be useful to see, say, which vehicle types are causing the congestion. If there are a large number of heavy vehicles on the road then this might slow down all the light vehicles navigating the changed traffic conditions.

This analogy holds true for web traffic. The bottleneck is your Internet connection and the heavy vehicles could be video streaming or cloud storage. CRM, VoIP, Email and Office 365 traffic is represented by light vehicles. Without application detection on your web traffic it all looks like one big congested road with no more information.

With application detection you can see web traffic for what it really is, a mix of different application types, with competing priorities and importance

A social media example

Social media use be very difficult to detect

Most of us use social media these days, it is a game-changer for social interaction and the sharing of life's ups and downs. But just like in the 'olden days', you wouldn't expect your users to be taking lots of personal phone calls or social visits at the office and social media is no different. As a manager, would you want rampant social media use on your network?

Detecting social media is difficult even with web monitoring tools

As we have already discussed in this article, social media traffic is hard to distinguish from normal web use (http / https).

But I can see web activity on my proxy server!

Here we see what web traffic might look like on a web proxy server that had basic usage charts

Some useful domains but a lot of Content Delivery Networks that obscure some application types. This is typical of web traffic these days.

Lets look at the same traffic with application detection

RESULT: With application detection we can see web traffic in a more meaningful way

Now we see the application layer, lets drill down on Facebook

What does this pattern show us?

Looking at the Facebook traffic during a normal working day we can see consistent use with a peak around lunchtime. This suggests that users are continuously using Facebook throughout the day. If this is against company policy for those users then it requires investigation.

Without application detection on your Internet monitoring tool you wouldn't see web traffic split up like this

Let's take a step further and look at users

With Active Directory integration you can get even more information from the Facebook traffic pictured above. That is, you can quickly tell which particular users are using Facebook throughout the day.

RESULT: We can now drill down and see who is using Facebook

Do you want detailed web monitoring on your network?

All features talked about in this article and more are available with NetScope. If you're interested in improving your Internet monitoring capabilities we will be happy to help.

What NetScope will do for you