Big Mother™ uses one computer on a local area network (LAN) not only to monitor and record other hosts’ web behaviors, but also to restrict online activities according to customized filtering Internet policies. Unlike other EIM (Employee Internet Management) products that are based on WinPcap (The Windows Packet Capture Library) (http://www.winpcap.org/), Big Mother™ has no hardware requirements and can be used on any LAN infrastructures such as a switched computer network.

To get the trial version of Big Mother™ evaluated and registered later if you are satisfied with the results, the engine must be installed on a PC host connected to the Internet and is able to visit our website at http://www.tupsoft.com.

The following procedure will provide instructions for installing a Big Mother™ system and configuring in its first running.

1.1 Installation Preparation

1) Download the latest version of the Big Mother™ programs from www.tupsoft.com.

2) Select a computer host with OS Windows 2000 Pro / 2000 Server / XP / 2003 to install the Big Mother™ programs.

3) The minimum hardware requirements are CPU Pentium 4 at 1 GHz/Memory 256 MB/Free Hard Disk Space 1GB. We suggest the following configurations:

² Server for 10 PC licenses: CPU 2.0 GHz/ Memory 512 MB/Storage 20 GB

² Console: CPU Pentium III 800 MHz or higher/Memory 512 MB/Storage 30 MB

1.2 Installation Package

The installation package consists of four parts:

² User’s Manual

² The main installation program BigMother.exe. It will install the engine service, console, and driver programs. The engine program is for capturing packets and controlling web accesses. It will run automatically in the background when the host PC starts. The console program is the interface for viewing captured data and managing host information.

1.3 Installation Steps

1) Back up the data and settings, i.e., select Retain data files and folders when uninstall the old version.

2) Install the newest version of Big Mother™. It consists of a server (engine) and a console. By default they are installed on the same PC host. In the installation process, the following warning pop-up window might appear several times depending on the OS version of the host PC. Since Big Mother™ is based on NDIS (Network Driver Interface Specification) as the application programming interface (API) for network interface cards (NICs), a virtual NIC has been created for its operation. Just click the “Continue Anyway” button to finish the installation.

3) On a LAN, it is allowed to install several consoles that are connected to the server at the same time.

1.4 Getting Trail Copy Authorized

After the installation, please look up whether you have got the trail authorization from http://www.tupsoft.com by selecting About from the main menu. The evaluation copy will expire in 15 days and is limited to monitoring up to 5 computers. If the trail copy is not authorized, select Register and click on Register again on the next screen. During the process, please configure the firewall in the following way (or simply temporarily shut it down):

1) Allow TCP port 80 and 11901, or allow five TCP ports from 11900-11905 only for security reasons.

2) Allow all the Big Mother™ executable files running, i.e., ArServer.exe (TUP Engine) and ArConsole.exe (BigMother).

3) If you want to monitor more than 5 computers in the trial period, please contact us at support@tupsoft.com.

1.5 Entrance to Background Services

After the installation and restart, by default the server will run automatically without the need for a user to intervene. You can manually start/shutdown the engine from Services in the Administrative Tools from Windows Control Panel, as shown below.

1.6 Low Level-Layer Start/Stop

Before shutting down the engine or restarting the PC host, you can use the “Stop” button on the console, as shown below, to halt the operation of Big Mother™. Otherwise, it might cause the disruption of Internet connection for other computers for a very short interval, usually unnoticeable.

1.7 General Settings of Big Mother™

By default, Big Mother™ automatically scans and configures in its first running. If for some reasons, the system cannot sets itself properly, you can use this option to assign manually the default gateway IP and then click the “Acquire MAC Address” button to finish the configuration.

To find out the gateway IP address, you can follow the following procedure: Start à Run à CMD, type “ipconfig,” and then press ”Return.”

In the above example, the IP address of the default gateway is 192.168.1.1.

1) Open “Options” from the main menu.

2) Input the default gateway IP address, 192.168.1.1, in this example.

3) Click “Acquire MAC address.”

4) Open “Host” to select the computer hosts to be monitored.

Big Mother™ can be installed on any PC over the whole LAN and no special LAN structures are required. When working in the side-route mode, however, no more than one set of Big Mother™ is allowed since they will interfere with each other and not work properly.

2 Operation Guide

2.1 Starting and Running Big Mother™ System

The Big Mother™ engine is a system service program. After every restart, the engine will run automatically in the background. One can also manually select Start à Control Panel à Performance and Maintenance à Administrative Tools à Services and then right-click TupCaptureService to start.

To run the console, click on Start, All programs, Tupsoft BigMother, and select BigMother, or you can click the “BigMother” icon on the desktop to start.

The console is connected to the engine via TCP protocol with the default data connection ports 80 and 11901. If conflicts with other programs, it will automatically try to use the larger ports. For better performance, closing the IIS (Internet Information Services) on the PC hosting Big Mother™ is recommended.

After starting the Big Mother™ console, you need to connect it to the engine from the following logon window. Be default, the server is Local, user name Admin, and password blank (NULL).

If the engine and console are installed on different host machines, in the Server field locate/enter the IP address or hostname for the computer. The console can display IP addresses in the drop-down menu by automatically scanning the whole LAN.

Enter your user ID and password, and then click Logon.

After successfully logging on, the main interface will appear.

If the “Logoff” button is pressed, the system will exit.

2.2 The Main Interface

After logging on the console, the main interface will display as follows.

2.3 Internet Access Control

One important function of Big Mother™ is its ability to restrict online activities according the user’s customization.

Restriction of web access: You can use Big Mother™ to set time schedules (Internet access or specific online activities can be disabled at certain times of day for a host, group, or the whole local network) and flow limits, block/filter URLs (web-sites) by user-defined keywords, disallow Email servers, and regulate chat/game or customized tools.

The restrictions are set only by the system administrator (Admin).

2.3.1 General Settings

General settings consist of the following tasks: 1) Blocking the online activities in a specific time period; and 2) Setting data flow limits.

2.3.2 Blocking/Filtering URLs (Websites)

There are three modes to block/filter URLs: Disallow all the websites; allow part of websites by user-defined keywords (blacklist); and allow part of websites (whitelist). For every blocking/filtering mode you can set specific time schedules.

A URL black/white list can be complied by the Admin for a host, group, or the whole network.

2.3.3 Blocking Emails

This blocking/filtering function can set rules such as what kind of Email tools, for instance, FOXMAIL or OUTLOOK, are allowed and which mail server the host(s) can use for sending and/or receiving mails at certain times of day.

The customizable mail servers consist of POP3 and SMTP servers. To locate the addresses of specific POP3 and SMTP servers, you can lookup the corresponding websites for details. For example, for yahoo.com the mail servers are pop.mail.yahoo.com and smtp.mail.yahoo.com, respectively.

If there are several mail servers should be blocked, you must input them one by one.

2.3.4 Blocking Chat Sessions

You can define which chat tool is disallowed for a host, group, or the whole network by clicking the “Edit” button.

2.3.5 Blocking Game Activities

The procedure is similar to that of Blocking Chat Sessions.

2.3.6 Blocking Customized Online Tools

The procedure is similar to that of Blocking Chat Sessions.

2.3.7 Blocking Connection Ports

The availability of blocking at the connection port level of Big Mother™ gives the system administrator more flexibility for web access control.

For well-known port numbers:

Protocol	Port	Description
TCP	20	Ftp
	21	Ftp
	23	Telnet
	25	Sending Emails
	80	Viewing Webpages
	110	Receiving Emails
	443	Viewing Webpages
	1863	MSN
	5050	Yahoo Messenger
UDP	53	DNS
UDP	8000	QQ

2.4 Managing the Captured Data

The captured data include webpages, Emails, FTP files, chat sessions, and game activities, and are classified into the following categories.

2.4.1 Real-Time Logs

Select a host or workgroup from the upper left-hand corner, and then click “Real-Time Log” on the bottom left of your screen. It will display what the host is doing right now. The displayed events include URL visits, Emails sent or received, FTP files down/uploaded, game/chat or customized tools online/offline, and also MSN chat content.

2.4.2 History Records

1) From the host tree list (on the left of the main interface), select the host to be viewed.

2) By default, only the logs or records of the day are shown in the list. If you need to show the records in a time period, just check the “Find by Period” box and select the interval accordingly.

3) In the list, the unread records are in boldface type.

4) Click on an unread record, the content will appear inside the bottom right preview frame.

2.4.3 Deleting Records

1) The records of the day can be deleted by clicking the “Delete” button, or just select an individual record and then right-click the mouse to bring up a sub-menu.

2) Click Delete and then OK to complete the deletion.

Use CTRL or SHIFT key for the multiple selection of records from the list on the upper right-hand corner, or use CTRL + A to select all.

2.4.4 Saving Records or Exporting Lists

1) Select a record to be exported and right-click the mouse to bring up a sub-menu.

2) From the sub-menu, select Save or Export List as Text File/Excel File

3) In the new window, select a file path, enter a name, and then click on the “Save” button.

For those records, the webpages can be saved in the HTM format, Emails EML format, and FTP files their original ones.

2.5 Host Information and Administration

Big Mother™’s simple and straightforward administration panel makes it easy for the user to manage the data and information of hosts.

2.5.1 Managing Workgroups

Big Mother™ simplifies the management tasks by dividing hosts into meaningful groups, and you have the flexibility to select/combine hosts into different workgroups. Initially, Big Mother™ automatically sets up a workgroup called “Default” containing all the hosts on the LAN, and whenever a new host is detected, it will also add that host into the “Default.” The console program can scan and automatically display the workgroups it has detected. To disable this auto-scan function, you can uncheck the box of “The server will automatically scan PC hosts over the whole LAN” through the Host Info interface.

1) Creating a New Workgroup

You can set up a new workgroup manually by doing the following:

1. From the host tree list area, select Localnet and then right-click the mouse.

2. Select Add Workgroup, enter a name, and click on OK.

2) Transferring a Host to Another Workgroup

Whenever a new host is connected to the network, the Big Mother™ console scans automatically and moves it into a workgroup where it belongs. You can also move manually a host from one workgroup to another by doing the following:

1. From the host tree list area, highlight a host (or hosts using CTRL key) and right-click the mouse to select Move Workgroup.

2. From the sub-menu, select the destined workgroup.

3) Deleting a Workgroup

From the host tree list area, highlight the workgroup to be deleted and click on the “Delete“ button. When a workgroup is deleted, all the hosts inside the workgroup will be moved into the workgroup “Default” first. The “Default” is un-deletable by default.

2.5.2 Managing Computer Hosts

1) Scanning Computer Hosts

In its first running Big Mother™ will automatically scan computer hosts over the whole LAN. You can also manually scan the network by the following steps:

1. From the main menu, select Host and then click on the “Scan & Renew” button.

2. Input the starting and ending addresses and single-click the “Begin” button on the pop-up screen.

3. Select those hosts that you want to add from the scanned results and click on the “Confirm” button.

Note: In the following cases, the computer hosts are not detectable:

a) The machine has been turned off.

b) The computer is not connected to the network.

c) The computer and the server are not on the same network segment.

d) The firewall settings of the computer block the scanning of the server.

2) Modifying Host Information

1. Modifying hostnames

A hostname is the computer name corresponding to a specific IP address. By default, the Big Mother™ console will automatically fetch the computer name for a host.

You can decode the hostname manually by right-clicking a host in the host tree list area and select “Decode Name.” You can also do that from the “Host Info” window by selecting the host(s) and then hit the “Decode Name” button.

Due to a great variety of networking infrastructures, the console might not get the name for some reasons. If this is the case, just rename the host corresponding to the IP address by right-clicking a host in the tree list area and select “Rename” to input a name.

2. Modifying IP addresses

When an IP address is changed for a computer host on the LAN, Big Mother™ will automatically correct the IP address on the console accordingly. This process might take about 1 min.

3. Deleting Hosts

1. From the main menu, select Tools and then Host.

2. Highlight the host to be deleted and click on the “Delete Host” button.

2.6 Setting Up the Network Adapter

You can manually select the external NIC and IP address if the system cannot configure itself due to the specific LAN structure.

External NIC: The adapter for the Internet connection.

External IP: The IP address for the Internet connection.

You can select the external NIC and IP address in the following way:

(1) ADSL/Dial-In Connection: Select the virtual NIC “ADSL/Dial-In” from the General screen. Make sure the external IP address is the one corresponding to the ADSL/Dial-In NIC. Since the IP address obtained via ADSL dial-in is usually a dynamic one, the address will be different when you dial again. Big Mother™ will automatically adapt itself and correct the external IP address on the console.

(2) Dial-Up Connection: Also use the ADSL/Dial-In NIC and make sure the external IP address is the correct one.

(3) Connection via Router: In the case of single NIC, simply select the adapter as the external NIC and corresponding IP allowed by the router as the external IP. In the case of dual NIC, select the one connected to the router and use the corresponding IP allowed by the router.

Note: In the first running, Big Mother™ will auto-scan and usually choose the proper external NIC. However, you should make sure by checking up from "Config," especially when the server uses ADSL dial-in for Internet connection.

2.7 Filtering Options

1. From the main menu, select Filter to bring up the following screen.

2. You can select to neglect a specific host for a specific activity.

Note: Only the system administrator has the authority to configure the settings.

2.8 Setting Up Systems

The system options of Big Mother™ are used to set up the server and the console, and its operation mode. They are done through the console.

2.8.1 Configuring the Server

You can use the options to set URL types to be captured and decide whether to decode the titles. By default, only part of URLs are monitored and no tiles decoded.

If you wish to get the live updates from one of our servers, mark the “Fetch live updates from the Tupsoft server daily” box.

2.8.2 Configuring the Console

The configuration includes setting up display parameters such as the maximum number of logs or graphics to display. Each console can be set independently.

2.8.3 Manually Assigning Gateway IP

If for some reasons the system cannot sets itself properly, you can manually input Gateway IP and then click the “Acquire MAC address” button.

3 Frequently Asked Questions

1. When I install Big Mother™, a warning window pops up stating that the software has not passed Windows Logo testing to verify its compatibility.

Big Mother™ is based on NDIS (Network Driver Interface Specification) as the application programming interface (API) for network interface cards (NICs), and a virtual NIC has been created for its operation. Just single-click the “Continue Anyway” button each time the “Hardware Installation” warning appears until the end of installation.

2. Why the data captured by Big Mother™ are from/for my local host but other computers?

If for some reasons the system cannot configure it self properly due to the specific LAN structure, you can manually input the router IP address to Gateway IP on the “Options” window, and click on Acquire MAC Address.

3. After the computer hosts to be monitored are selected in the side-route mode, they are not able to visit the Internet.

You should check whether the external NIC and IP address are correctly selected.

1) Logon the console as the system administrator.

2) Open Operation View from the left bottom corner on the console.

3) Single-click Config.

4) Check whether the external NIC and IP address are correctly selected.

NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway	NAT Gateway
Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server	Proxy Server
NAT Router	NAT Router	NAT Router	NAT Router	NAT Router	NAT Router	NAT Router	NAT Router	NAT Router	NAT Router
DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding	DNS Forwarding
Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping	Port Mapping
Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy	Reverse Proxy
Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing	Internet Connection Sharing
Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring	Internet Activity Monitoring
Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring	Parental Internet Monitoring
Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering	Internet Filtering
Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics	Internet Activity Statistics
Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management	Employee Internet Management
Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control	Web Access Control
Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction	Online Restriction
Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring	Network Monitoring
URL Block	URL Block	URL Block	URL Block	URL Block	URL Block	URL Block	URL Block	URL Block	URL Block
Email Capture	Email Capture	Email Capture	Email Capture	Email Capture	Email Capture	Email Capture	Email Capture	Email Capture	Email Capture
Chat Log	Chat Log	Chat Log	Chat Log	Chat Log	Chat Log	Chat Log	Chat Log	Chat Log	Chat Log
MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder	MSN Recorder
Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer	Yahoo Messenger Sinffer
Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger	Skype Logger
Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log	Computer Activity Log
Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring	Real Time Monitoring
Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking	Screen Tracking
Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance	Software Compliance
Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security	Data Protection Security
Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing	Acceptable Computing
Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation	Employee Investigative Operation
Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer	Switch Sniffer
Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing	Packet Sniffing
Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture	Ethernet Capture
Network Tap	Network Tap	Network Tap	Network Tap	Network Tap	Network Tap	Network Tap	Network Tap	Network Tap	Network Tap
MITM	MITM	MITM	MITM	MITM	MITM	MITM	MITM	MITM	MITM
ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning	ARP Poisoning
ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling	ARP Spooling
MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding	MAC Flooding
Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode	Promiscuous Mode