A network monitoring system (10). The system comprises a database (32) and at least one monitoring circuit (36) coupled to a network (20). Network traffic flows along the network in a form of packets. The at least one monitoring circuit is programmed to perform the steps of receiving a packet communicated along the network and determining whether data in the packet satisfies a rule set. Further, the at least one monitoring circuit is responsive to determining that data in the packet satisfies a rule set by copying information relating to the packet to be stored into the database. The system also comprises circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.