Analysis of Sniffer Data


Analysisof Sniffer Data



Analysisof Sniffer Data

Thereis growing trend on systematic surveillance as employers seek toexamine and evaluate the daily activities executed by the employeesin the workplace. This has availed the employers within theorganizations with different modes or methods and mechanisms thatthey can use to monitor the performance of the employees withouttheir knowledge. Although these activities have been constantlyraised controversial issues, the arguments presented by therespective parties differ based on their perceptions and the notionattached to their need to implement or disregard the implementationof such systems within an organization. There has been growing numberof employees who are developing and evaluating different means aimedat monitoring their employees activities based on the low cost ofmonitoring with the growing number of employees using their personalcomputers and also leaking sensitive information of the company tothe competitors or other interested parties in the industry (Bonsor,2014). The employers are forced to enact measures aimed at monitoringthe interaction between employees in the workplace with an aim ofaverting sexual harassments and also discrimination lawsuits amongemployees which emerges from inappropriate and also offensive emailsor information that circulates with the organization.

Theemployers are forced to device means from the traditional means wherethey would monitor those employees who normally exhibit suspiciousbehaviors. Instead, they are developing a continuous systematicsurveillance in the workplaces. Based on a report by, companies arediscovering the how employee’s misuses workplace computers based onthe increasing number of some of the devices implemented intoorganizations which enables the employers to monitor the activitiesconducted by employees. One of the most unique entity that enablesthe employers to trace the employees is based on the fact that thecomputers that are used by the employees normally leave behind datathat can be used to generate information to be used by the employershence enacting measures based on the employee’s computer relatedactivities generated in the information gathered. There are differenttools that employers are using to spy and monitor employees as theywork daily in their workplaces. Some of the commonly used fivemethods by employers to track the employees activities includePacket sniffers, log files, phones, desktop monitoring programs,closed circuit cameras (Bonsor, 2014). The proffered methods generatedata that can be analyzed based on the daily activities executed byan employee in their workplace on daily basis. This makes it easierto ensure organization effectiveness is maintained with the setorganizational policies, code of ethics or conduct and the values areadhered while also increasing organizational performance.


Thestipulated analysis offers a clear background on some of therespective entities under surveillance monitoring methods that aredevised by employers aimed at monitoring employee’s activities andgenerating data and information based on their daily activities.Under this scenario, the organization discovered that one of theemployees leaking information hence posing a potential securitybreach. This indicates the need to develop an effective method tomonitor whether the employee is leaking information outside thecompany which violates the company privacy policy. This also exposesthe company to marginal losses based on the implications attached.Through collaboration with security officer of the company, wedevised a packet sniffer to gather information from the suspectedemployee. After a given period of monitoring, data was generatedbased on the activities that the suspected employee was indulginginto hence need to analyze whether it is possible he or she wasleaking the information. This is aimed at generating information thatcan be used to execute disciplinary measures to the employee based onthe organization’s policy in regard to such offenses.

Thepreceding analysis offers a report based on the data generated fromthe data collected from the packet sniffer from the data collectedfrom the suspected employee leaking organization information outside.The report provides a clear insight on possible evidence and some ofthe means that can make the data acceptable hence executing therespective disciplinary hearing by the organization’s disciplinarycommittee.

Packetsniffer entails to a specific program that can be used to monitorinformation that is passing over different networks under which it isconnected to (Netscout, 2013). The packet is able to record data asit streams back and forth on the targeted network hence the programevaluating and monitoring sniffs with the packet indicating the partof a message which has been broken up. Through devising the meansproffered above, the suspected employee’s network was able to beattached to the programs hence monitoring whether the employee wassending or leaking information outside the organization. This wasachieved through programming the packet to address information beinggenerated outside the organization from the suspected employee’scomputer while ignoring other irrelevant data from the rest of thenetwork. Through the promiscuous mode of the sniffer networkinterface set, it was easy to monitor information being federatedoutside the organization. The effectiveness and the reliability ofthe data collected and information generated was ensured based on thefact that the client system or the suspected employee’s system wasisolated from other networks hence offering a small network trafficmaking it easier for the domain server to easily view theinformation. The packet sniffer used under this case was setup underthe filtered based mode hence capturing only those packets thatcontains specific data elements. The measure was aimed at ensuringthat the data captured from the suspected employee’s system alignedwith the set aim hence not setting the packet sniffer as unfilteredwhich normally captures all of the packets.

Theproffered figure below indicates the form of packet sniffer used andthe information generated. Although the proffered system indicatesthe entire system used by the organization to monitor otheremployee’s system. The respective data of the suspected employeewas generated while ensuring that the respective measures wereenacted to ensure validity and reliability of the data collectedhence the use of information to make effective decision based on theorganizational policies.

Thefindings based on the data collected from packet sniffer planted onthe suspected employee through the internet by connecting with anetwork that is maintained under the organization security ISP orInternet Service Provider (Adrian,2011).The network was able to communicate with the network hence generatinginformation based on:

  • The web sites that the employee visited

  • The information he or she gathered from the visited site

  • People that he or she sent the email to

  • The information in the email that he or she sends

  • The information that he or she downloaded from a given site

  • And the streamlining events on the suspected employee such as audio, video and also internet telephony

Aftercollecting the data from the stipulated activities that the suspectedemployee indulged into, it is evident that the suspicious activity ofleaking information outside the organization was in fact true. Thesuspected employee visited organization’s web site which failed tofall under his or her jurisdictions based on the form of duties thatmandated to them which doesn’t require them to always visit thecompany’s websites. The suggestions of these facets exemplify theemotive growth in the industry in relation to the perfection of theorganizational contexts. After visiting these sites, he or shegathered information based on the company’s strategic plans on howto venture into the markets, the marketing strategies and thefinancial information based on the organizational financialperformances.

Itis through this that a sandbox will be of high significance inensuring security of information and risk prevention. This proposalthat aims to provide a solution to data security strategies thatwould help increase the performance of the company. This will be hardto achieve, and it is an area that will need cooperation from all themanagement of the business. The change process will enable theinstitution to achieve the targets and growth that is needed. Thiswill help improve the in the flow of information through the help ofsystems.

Laterhe or she downloads the information from the respective company’ssites and attaches the information to the email which is sent to anidentified email account. Upon further inspection on receiver’semail account, discovery was made that it was not within theorganization but outside the organization belonging to a manager inone of the major competitor of the organization. The suspectedemployee also indulged into audio and video conversations with themanager using the organization’s computers where they would discusson information to send and the amount to be paid to them based on thesensitivity of the information acquired. These events and activitieswere monitored over a given period of time hence confirming thesuspicion by security officer.


Over30 emails that the suspected employee sent to the organization’sclients outside the organization and those shared with otheremployees in the organization, the packet sniffer was able to sniffthat specific email that contained sensitive information of theorganization. The suspected employee also indulged into over 10 audioand 4 video conversations with a specific audio and videoconversation taped which was made during a specific time in the daywhere other employees were executing other activities such as duringbreaks and lunch time. The offered information based on the datacollected and analyzed from the packet sniffer used against thesuspected employee confirms the suspicion that the employee was hasbeen leaking information outside the company (Mallon,2013). This is against the organization’s privacy and code ofethics while also goes against the set policies and values whereemployees are required to adhere to the set policies. Based on thefindings, the organization can be able to make disciplinary measuresbased on the hearing against the employee while also setting anexample to other employees within the organization.


AdrianH.2011,PacketSniffing Basics Linux Journal Nov14, 2011

Bonsor,Kevin.&nbsp 2014 &quotIs your workplace tracking your computeractivities?&quot&nbsp 22 August 2001.&nbsp July 2014.

Mallon,A. 2013. DataManagement:UnstructuredTextual Data in the Organization.(6thEd). New York: LynneRienner Publishers

Netscout.2013. Sniffer Multisegment analysis Troubleshoting the toughestnetworking problems data sheet Westford

Saunders,K., 2010.LinuxOperation System:BusinessIntelligence and Performance Management,(2ndEd.). San Francisco: Bass Publishers