As from time to time we come along a web analytics solution that makes use of Packet (or IP) Sniffing, I took the opportunity during the Emetrics Summit 2006 in London to ask the different vendors that were present what they thought about this quite new technology, as the opinions were all on the same line.
For those who don't know about this technique, packet sniffing is designed for the purpose of monitoring network traffic in order to recognize and decode certain packets of interest. It makes use of a black box which is installed in the network.
Packet sniffing is also widely used by hackers and crackers to gather information illegally about networks they intend to break into. Using a packet sniffer it is possible to capture data like passwords, IP addresses, protocols being used on the network and other information that will help the attacker infiltrate the network.
And lately it is being used for web analytics reporting as well.
So what was the outcome of the nice little discussion I started during Emetrics:
- The technique is very useful if you want to see detailed IT related reports such as pages and server error reporting, time to serve, bandwidth usage, etc.
Although these reports are important, they should be seen separately from pure web analytics. These days, web analytics is about campaign reports, about segmentation, about conversion, about integration with other data sources. In other words it has become a marketing/business tool, and it is no longer a tool for IT to see the technical info and the number of visitor and page views, as it was up until 2 years ago.
That is also the reason why at OX2 we have partnered up with K-Performance. With their application IT can automatically monitor, load test and improve the performance of their network and applications.
- Packet Sniffing makes use of a black box that is put in the network. But what if you don’t have 1 centralized network? This means that you have to put a black box in each network, which will become rather expensive.
And at that point consultancy isn’t even included yet! The hard part using a packet sniffing tool for Web Analytics is the configuration of all the raw data that is coming in. This is something that goes much faster using tagging or standard log files as this data is much more structured.
- In most packet sniffing implementation for web analytics, tagging is still needed to acquire the necessary reports. This was confirmed by John Marshall, CEO of ClickTracks, which offers both log file analysis, client side tagging as packet sniffing. John also said that packet sniffing isn’t that flexible after all, and only a very small percentage of his clients makes use of it.
In fact most vendors which offer packet sniffing also offer the client side tagging solution.
- And then of course we have the privacy issue. Packet sniffing captures all info that is send over the network, so also logins and passwords and all other personal data that could be required when you have to register on a site or when you buy online.
Most of the company policies don’t allow this kind of data capturing, and even some countries don’t allow it.
I think we can conclude that packet sniffing is still a very good tool for IT, and in some case also for web analytics, but as Jim Sterne said: “It isn’t a standard in web analytics, and it won’t become one either.” Or as the representative of Omniture described it vividly: "A pretty dress on an ugly elephant!"
For the time being we keep on using the client side tagging solution!