Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Monitoring Chapter 20.

Published byAmber Susanna Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Monitoring Chapter 20."— Presentation transcript:

1 Network Monitoring Chapter 20

2 Objectives Explain how SNMP works Describe network monitoring tools
Discuss a scenario that uses management and monitoring tools

3 Introduction Modern networks require intervention from network technicians Intervention may be regular or irregular Technician responsibilities Install network management tools Deploy other tools to monitor, troubleshoot, and optimize networks over time Cross Check: CAN, MAN, LAN, WAN, WLAN (p. 580) You encountered the acronym soup of networking terms back in Chapters 2, 4, 14, 15, 17… so cross check your memory now. What do these terms mean? How do they differ? Do they all use Ethernet? How do they communicate if not?

4 Test Specific SNMP

5 SNMP Simple Network Management Protocol (SNMP) Components of SNMP
De facto protocol for TCP/IP networks Creates a managed network Components of SNMP SNMP manager Managed devices Management information bases

6 Figure 20.1 Massive list of network monitoring tools maintained by the Stanford Linear Accelerator Center (SLAC)

7 SNMP (cont’d.) SNMP manager function Network management station (NMS)
Requests and processes information from managed devices Network management station (NMS) Specialized software run by the SNMP manager Agent Specialized software run by managed devices

8 SNMP (cont’d.) Types of managed devices Printers Workstations
Video cameras Routers Switches

9 Figure 20.2 SNMP components

10 SNMP (cont’d.) Types of information collected by the SNMP manager vary
SNMP: an extensible protocol Can be adapted to accommodate different needs Uses management information bases (MIBs) to categorize the data that can be queried

11 Core Functions of SNMP SNMP has up to eight core functions
Each known as a protocol data unit (PDU) Four PDUs discussed in this chapter Get Response Set Trap

12 SNMP Query Process SNMP manager sends a Get request
Examples: GetRequest or GetNextRequest Agent sends a response with the requested information SetRequest Used to ask agent to make changes to information it queries and sends Variables

13 Figure 20.3 Simple SNMP process

14 SNMP Query Process (cont’d.)
Trap PDU Used by an agent to solicit information from an NMS Can happen with or without prior action from the SNMP manager

15 Example Query Bayland Widgets’ art department printer
Maintained by Network+ technicians Uses an SNMP management system Network management station sends a GetRequest to the printer agent Queries the number of pages printed Printer sends the Response Techs determine if the printer needs maintenance

16 Figure 20.4 The Bayland Widgets’ Art Department printer

17 Example Query (cont’d.)
Printer needs to advise techs when printer is out of toner or paper Sends a Trap to the NMS

18 Figure 20.5 Get/Response and Trap

19 SNMP (cont’d.) SNMP systems can use additional utilities
Example: snmpwalk utility tells SNMP manager to perform a series of Get commands Manager software can send SMS or alerts to network technicians Versions of SNMP SNMPv1, SNMPv2, and SNMPv3 Version 3 added robust security

20 SNMP (cont’d.) SNMP uses User Datagram Protocol ports 161 and 162 for unsecure communication Ports and when security is added via TLS Exam Tip (p. 583): SNMP managers listen on UDP ports 162 or (with TLS). Agents listen on ports 161 or (with TLS).

21 Monitoring Tools

22 Packet Sniffers Query the network interface and capture packets into a capture file Programs might reside on a computer, a router, a switch, or a dedicated hardware Connecting in promiscuous mode enables getting as much data as possible Usually packaged with a packet analyzer

23 Packet Analyzers Programs that read capture files and analyze based on monitoring needs Typical question “What is the IP and MAC address of the device sending out DHCP Offer messages and when is it doing this?” Note (p. 584): Various names are used to describe utilities that analyze packets: packet sniffer, packet analyzer, protocol analyzer, and network analyzer. There’s so much overlap here! That can be attributed to the fact that so many packet analyzers come with sniffers as well. Bottom line, don’t rely on the name of the monitoring tool to determine all it can do. Read the tech specs.

24 Packet Analyzing With Wireshark
Powerful, popular, and free protocol analyzer Process Select an interface to begin the capture Try This! Play along with Wireshark! (p. 584) It’s never too late to learn how to use packet analyzers, so try this! Download a copy of Wireshark ( and just play. There’s no danger to doing so, and it’s actually a lot of fun!

25 Figure 20.6 Wireshark default window

26 Figure 20.7 Wireshark capturing packets

27 Figure 20.8 Wireshark filter

28 Packet Flow Monitoring with NetFlow
Tool to track traffic flowing between specific source and destination devices Track desired type of traffic via user-defined flows Flow Packets flowing from one specific place to another Cached in a flow cache Note (p. 586): To use NetFlow you must enable NetFlow on that device. If the device doesn’t support NetFlow, you can use stand-alone probes that can monitor maintenance ports on the unsupported device and send the information to the NetFlow collector.

29 Packet Flow Monitoring with NetFlow (cont’d.)
Flow cache information Destination and source address Destination and source ports Source on the device running that flow Total number of bytes of that flow Enables administrators to optimize the network

30 NetFlow Collectors Store information from a device’s NetFlow cache
Different tools available Example: LiveAction

31 Figure 20.9 LiveAction in action!

32 Interface Monitors Track bandwidth and utilization of one or more interfaces on one or more devices Interface monitoring components Speed and duplex Utilization Packet drops Errors and interface resets Discards

33 Interface Monitors (cont’d.)
Started as manufacturer-specific tools Still common Other tools work on multiple platforms Example: Cisco Network Assistant (CNA) Monitors Cisco routers and switches Note (p. 588): Limiting the description of CNA to an “interface monitor” completely sells the software short. It can monitor individual ports on a switch, but you can use the program to setup, manage, maintain, and troubleshoot all the functions of the switch. It’s much more powerful a tool than just an interface monitor.

34 Figure 20.10 Percent of utilization of switch port 1

35 Figure 20.11 Hmm…looks pretty clean

36 Figure 20.12 Ouch. That’s a lot of errors!

37 Performance Monitors Tracks the performance of some aspect of a system over time Alerts you if something is not normal Usually tied to a particular operating system or application Common tools Windows Performance Monitor (PerfMon) Linux’s syslog Tech Tip: Performance Monitor (p. 589) The term performance monitor is not an industry term but instead just a handy way to discuss several utilities with similar functions that are listed in the CompTIA Network+ objectives. Also, PerfMon is a unique Linux tool for performance monitoring. It just happens to share the same name as Window’s Performance Monitor.

38 Logs Files that store performance information about a particular aspect of the system Read, filtered, or created by performance monitors

39 Baselines Log of performance indicators give you a picture of your network and servers when they are working correctly Examples: CPU usage, network utilization, and other values A major change in these values can indicate problems Common tool: Windows’ Performance Monitor utility

40 Log Management Security and maintenance
Major issues pertaining to logs Log files will typically grow to fill the allocated space Common practice is to make them cyclical—overwrite the oldest files Utilities allow creation of log files on a convenient schedule

41 Putting It All Together

42 Example Network Monitoring Application
Bayland Widgets’ CAN See Figure for layout Each building is wired with 10Gb Ethernet Buildings interconnect with 10Gb fiber into access switches Campus-wide Wi-Fi network Router gives Internet access

43 Figure 20.13 Diagram of Bayland Widgets’ campus area network

44 Example Network Monitoring Application (cont’d.)
Types of networked devices Routers (wired and wireless) Switches Wireless access points Servers Workstations Printers Phones

45 Example Network Monitoring Application (cont’d.)
Dedicate an area in the main office as a network operations center (NOC) Centralized location for network management Use various programs to query devices Graphing program (e.g., Cacti) could create graphs of information received

46 Figure 20.14 Cacti showing switch utilization graphs
Exam Tip (p. 592): Programs like Cacti enable you to see very quickly essential facts about your network hardware. You can see available storage, network device CPU usage, network device memory usage, and more. With wireless-aware tools, you can quickly spot problems with wireless channel usage or channel saturation. These tools are a tech’s friend! Figure Cacti showing switch utilization graphs

47 Figure 20.15 Cacti showing file server storage utilization graph

48 Example Network Monitoring Application (cont’d.)
Example categories to monitor Network device CPU utilization Memory usage Traffic Link status Bottlenecks

49 Example Network Monitoring Application (cont’d.)
Top talkers and top listeners can be identified May help track down a malware problem Wireshark could be used if moving the network to IPv6 Multiple tools are often needed for complex troubleshooting scenarios

50 Security Information and Event Management (SIEM)
An approach to monitoring and managing a network A mashup of two processes: Security event management (SEM) has the task of collecting and centralizing the log files Security information management (SIM) involves reviewing and analyzing the information

Download ppt "Network Monitoring Chapter 20."

Similar presentations

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
Chapter 15 Chapter 15: Network Monitoring and Tuning.

Chapter 15 Chapter 15: Network Monitoring and Tuning.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.

Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.
Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 

Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 
Agenda SNMP Review SNMP Manager Management Information Base (MIB)

Agenda SNMP Review SNMP Manager Management Information Base (MIB)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.

Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Introduction to SNMP AfNOG 11, Kigali/Rwanda.

Introduction to SNMP AfNOG 11, Kigali/Rwanda.
Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.

Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.
Ch. 31 Q and A CS332 Spring 2014. Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.

Ch. 31 Q and A CS332 Spring Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.
Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.

Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

Similar presentations

Ads by Google