(3) Analyzing Network Events Flashcards
What is router based monitoring?
Router based monitoring is where a network team uses data provided by routers to give insight into what traffic is flowing through the network.
This type of traffic is useful because it can help catch bad traffic.
What type of technologies are Netflow, sFlow, and J-Flow
Netflow, sFlow, and J-Flow are router based network monitoring technologies.
They record traffic that flows through network device interfaces and then send the data to flow collectors
How does Simple Network Monitoring Protocol (SNMP) help with network related events?
SNMP is often used to get information from routers and network devices overall to provide more information about devices and what they are up to.
Explain how flows can be used proactively and reactively?
Network flows can be used proactively in that they can be used to keep an eye on network health and traffic, and reactively to look for unexpected traffic or for changes that aren’t expected in bandwidth usage
What other powerful network tool can be used to help make sense of network flows?
A Security Information and Event Management (SIEM) device can be used with network flow data to analyze what is going on on a network
What is active monitoring?
Active monitoring reaches out and collects data from remote systems. They often are the data gathering apparatus themselves (although they can also still send data to collectors)
What types of data do active monitoring systems look for?
Active monitoring systems often look for data about availability, packet delay or loss, bandwidth and others
What are two examples of active monitoring in action?
Two examples of active monitoring include:
Pings: Internet Control Message Protocol (ICMP) can be used to reach out to remote systems. It only provides basic info though
iPerf: A tool that is very useful for baselining and bandwidth testing
In terms of network capacity, what do we need to be aware of when using active monitoring technologies?
When using active monitoring technologies, we need to be aware that the monitoring checks can also competing with legitimate traffic, so we need to be careful with how much monitoring happens, especially during peak times.
What is passive monitoring?
Passive monitoring is monitoring that does not add any additional traffic to the network.
Oftentimes a device such as a network tap is placed in the line of the network flow so that traffic can be captured after it passes through.
Traffic is pushed to a collector where it is analyzed.
