TamoSoft: Network Analysis Tools & Security Software
Contents

Network Content Monitor - NetResident

NetResident Help Documentation Next Page
 

Arranging the Data

NetResident is a powerful network monitoring application that presents a detailed picture of user network activities. On a busy network, you may see hundreds of thousands of network events such as e-mail messages, Web pages, instant messages, etc. Arranging the data in a way that enables you to find the events you are looking for is essential when using NetResident. We have implemented several filtering options that will allow you to display only the data you are interested in.

 

NetResident has Explorer and Group views that group the network events differently. We suggest that you look at both of those and choose the one that is most convenient for your needs.

 

The Group View section on the left side of the program's main window allows you to filter the network events by date, network communication party, or network host.

 

interface

 

Dates – check the boxes next to the dates when the network events that you are interested in occurred. The events that occurred during other dates will be ignored and will not be displayed in the Event View section. Please note that unchecking the boxes in the Group View section will not delete the data from the database. You can always reconfigure the Group View section to display other events that have been logged.

 

Protocols – check the box next to the protocols that you are interested to view. If you would like to view e-mail messages only, please select only the Mail protocol.

 

Party A / Party B – allows you to filter the network events by the party to the network communication. You may find the particular network hosts under Party A or Party B and check/uncheck the boxes next to them, if you are only interested in monitoring the network events generated by these hosts.

 

Please note that you can combine the filters: For instance, if you would like to view only the Web pages downloaded from a particular server during a certain day, please select the date in the Dates section, select Web in the Protocols section, and specify the host in the Party B section. All other events that do not match the criteria will be ignored.

 

A more flexible date filter is available in the Events => Filter menu or by clicking on the Filter toolbar button. You can specify a predefined period:

 

Today – shows the network events that occurred today.
Last Two Days – shows the network events that occurred during the last two days.
Last Week – shows the network events that occurred during the last week.
Last Month – shows the network events that occurred during the last month.

 

 

Selecting All Days from the menu will make the program display events for the entire monitoring period. You can also specify the date range under the Custom Period menu item by selecting From and To dates in the corresponding drop-down lists.

 

filter

 

More advanced filtering options are available under the Events => Filter => Advanced menu. You can additionally filter the events by network protocol plugins and by stations.

 

filter_plugins

 

The Plugins page displays all currently installed plugins. Active plugins have checked boxes next to their names.  If you need only certain plugins (for instance, you need to view web pages and e-mails only), disable the unnecessary plugins by unchecking the corresponding boxes. If the specified plugin supports additional event filtering, you can change this filter by clicking on the Change button in the corresponding column. Please refer to the Plugins chapter for detailed plugin description.

 

filter_stations

 

NetResident allows you to display the data received only from selected stations (computers, routers, or other devices connected to your LAN). In that case, NetResident will only show the data from/to computers listed in the table in the stations section. You can add other stations by selecting Display only stations listed in the table below, clicking the Add button and specifying the IP address, IP addresses range, or MAC address of the station. If you have previously assigned aliases to hosts, you can click the Pick Alias button and choose a station from the list of aliases. You can also enter an optional description for each added station. Edit a station by selecting it and clicking the Edit button. If you'd like to remove a station from the list, select it and click on the Delete button.

 

Click OK to save the filter configuration or click Cancel to discard the settings.

 

If you would like to disable the filter temporarily without discarding the filter settings, uncheck the Enable Filter checkbox.

 

Important: The filter settings only affect the data displayed in the program's main window.  The filter settings do not change the data collection or data storage behavior of the program. Data collection settings are described in the Configuring NetResident chapter of the present manual, and the data storage options are described in the Database Management chapter.

 

The Explorer View section on the left side of the program's main window allows you to filter network events by network protocols.

 

explorer

 

Expand the desired nodes by clicking the plus sign (+) to the left of the node. If you would like to view web pages, expand the Web node. The expanded node allows you to see network events of the specified protocol grouped by date. If you would like to see network events that occurred on a specific day, select the desired group on the left and view the network events themselves on the right. The Explorer View is similar to the Group View except for the way it groups network events.