Hummm assuming you are thinking on doing that on a suspicions base (not for everyone), I would go for one of this two solutions:

* Run a lightweight proxy (like Polipo for example) in a dedicated box (a vm for example) and configure the OS to use it. It will work for http/https/ftp traffic, but only for applications that read the proxy setting off the OS (Firefox for example doesn't)

* Configure por mirroring (or monitoring; it's the same but differs between vendors) if your switch supports it. It will duplicate all traffic on a give port to another port, where you can run a sniffer for example. This way you'll get also smartass users (or just enlighted and advanced ones ) using SSH tunneling to overcome your filtering.

I like the latest one the best