The Art of Network Monitoring: Figure 1: Problem Solving With Network Monitoring (Network Probe, 2006)
The Art of Network Monitoring: Figure 1: Problem Solving With Network Monitoring (Network Probe, 2006)
The Art of Network Monitoring: Figure 1: Problem Solving With Network Monitoring (Network Probe, 2006)
Abstract
This research paper focuses on different types of Network Monitoring techniques and putting
micro level details on various elements that contribute to a good network monitoring platform.
There are thousand of network monitoring systems available in the market; it is hard to
conclude which system is best to requirements and what elements needs consideration when
making a choice, some good monitoring systems has been discussed in this research paper.
Keywords
Network Monitoring, Network Monitoring Tools
1. Introduction
Network monitoring systems can be seen as a complete solution to constantly
monitor the network performance against any failures, bottlenecks or unusual
activities that can result in slowdowns or breakdowns of computer networks. Today
network monitoring systems are working along with security applications to prevent
computer network from outside world and any vulnerability within the organization.
A recent study conducted by computer security institute (Flukenetworks.com, n.d.)
and FBI revealed that out of 264 companies surveyed 53% of the companies detected
un-authorized usage of the companys network and approximately 50% of un-
authorized usage was reported within the organization. These figures are very
alarming as companies now just do not have to secure themselves from the outside
world but also within the organization.
Modern network monitoring systems are more responsive then they were ever
before, they analyze network usage and study different behavior on the network at all
the times and solve problems which they can or have ability to alert it to network
administrator immediately incase of any security breach. It is also important to
understand that intruders have access to complicated technology, so if any company
or an organization wants there networks up and running they have to be secure in a
better way; it is also important to point out that company employees always find a
100
Section 1 Network Systems Engineering
way to breach security policies, any malicious software being installed by any
employee can leak out companys data to outside world.
Active network monitoring works by injecting packets into the network or send it to
workstations, servers, applications etc to measure network performance. The
problem lies in sending extra packets which sometimes create an extra traffic, but
usually little amount of packets can be used to attain desired information. In addition
active network monitoring allows a full control over additional packets that are
required to be sent over the network, these can be sent whenever required by any
specific monitoring application hence are more flexible.
by good monitoring packages. There are different types of network monitoring which
are as following:
Performance monitoring collects data at various points from where the traffic is
being passed; it monitors the packets flow, packets being successfully transferred and
packet loss, availability, CPU load, memory and disk space utilization. This would
allow network administrator to look for any slow node or any point where network
performance is not up to mark. Network performance monitor software can interface
with SNMP and supply information about nodes that are on network.
Network security monitoring (Ferraro, 2003) works closely with Intrusion detection
system (IDS) and collects event logs, session logs and historical data and identifies
any intrusion. Network security monitoring is usually event driven, and alerts when
any event occurs to breach security,
Application monitoring can help network administrators to solve any problems well
before time by looking at each application behavior, and how application is
performing technically. Application monitoring can help to distinguish nature of the
problem caused by applications on the network, can help to restart the application if
they are causing any problems. Application monitoring (Polozoff, 2003) works by
analyzing large amount of system and event logs and its frequency of occurrences;
102
Section 1 Network Systems Engineering
this enables to analyze problems at very earlier stage before things start getting to
worst.
Packet capturing and (Packet sniffer, n.d.) protocol analyzers are the software or
hardware that has ability to intercept the traffic that is passing through a particular
network point, this enables to study network behavior including any problems
solving, knowing more about network, network usage etc. Capturing packet allows
working on many more application of network monitoring, there are various
implementation being used by various applications to transfer packets (approved by
RFC) which can help to analyze what applications client are using but it is however
considered as less secure and data integrity is damaged by any such of the
monitoring device or software.
Web site monitoring includes accessing a web page (Network Monitoring Tools,
n.d.) and domain name servers (DNS) resolution after specific interval of time. A
query is made to resolve an internet address, incase of a no response administrator
are alerted. Email server use SMTP to send and receive emails, mail server
monitoring includes SMTP handshaking with specified mail server by sending an
email and receiving an automated response. In case if there is a no response of
handshake network administrators are alerted about the problem.
Third party web and email monitoring solutions make use of various check points
around the globe and they use various methods to ensure that your network is
accessible around the world by testing it from various places.
103
Advances in Networks, Computing and Communications 4
when choosing a network monitoring system such as level of detail being analyzed
for resource discovery, alert time, number of devices being supported by and number
of networks that can be monitored over a large geographical area; some of the good
networks monitoring systems equipped with such technologies are discussed below:
5. Conclusion
Network monitoring tools are key elements for survival of any computer network,
although there are lots of network monitoring tools available but there is a further
research available on various methods such as Hybrid network monitoring. Also
Hybrid network monitoring is gaining momentum as the new generation of networks
is a combination of wired and wireless clients. This particular area needs researchers
attention and new hybrid monitoring platforms are needed to be developed for local
and remote networks. It is also important to mention here that the next generation of
computer networks will involve VoIP applications thus current network monitoring
tools has to expand there functionalities to VoIP applications monitoring.
6. References
Ciuffoletti, A. (2006).Architecture of Network Monitoring Elements. Retrieved August 1,
2006, from web site: www.coregrid.net/mambo/images/stories/TechnicalReports/tr-0033.pdf
Cottrell, L. (2001). Passive vs. Active Monitoring. Retrieved August 1, 2006, from web site:
http://www.slac.stanford.edu/comp/net/wan-mon/passive-vs-active.html
Ferraro, C. (2003). Network security monitoring. Retrieved August 1, 2006, from web site:
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci922007,00.html
Flukenetworks.com (n.d.). The cost of network security failure. Retrieved August 1, 2006,
from web site: http://www.flukenetworks.com/fnet/en-us/findit?Document=2422673
Landfeldt, B. (2000). The case for a Hybrid Passive/Active network monitoring scheme in
wireless internet. Retrieved August 1, 2006, from web site:
http://www.cs.usyd.edu.au/~bjornl/research/papers/icon2000_landfeldt.pdf
Network Monitoring Tools. (n.d.) Retrieved August 1, 2006, from web site:
http://www.dotcom-monitor.com/network-monitoring.asp
104
Section 1 Network Systems Engineering
Paessler.com. (n.d.). Bandwidth and Network Usage Monitoring Made Easy. Retrieved August
1, 2006, from web site: http://www.paessler.com/prtg
Polozoff, A. (2003). Proactive Application Monitoring. Retrieved August 1, 2006, from web
site: http://www.ibm.com/developerworks/websphere/library/techarticles/0304_polozoff/
polozoff.html
TCP/IP Remote Network Monitoring. (2005) Retrieved August 1, 2006, from web site:
http://www.tcpipguide.com/free/t_TCPIPRemoteNetworkMonitoringRMON.htm
Timm, K. (2003). Passive Network Traffic Analysis. Retrieved August 1, 2006, from web site:
http://www.securityfocus.com/infocus/1696
105