Network Monitoring Flashcards
What is the difference between network monitoring and network traffic monitoring?
Monitoring can be split into two main tasks: network monitoring and network traffic monitoring. On the one hand, network monitoring involves keeping track of network devices for availability and faults. In contrast, network traffic monitoring is monitoring what protocols and data are moving around a network and monitoring for performance and security threats.
Why does monitoring bandwith matter?
Monitoring bandwidth
Bandwidth is an important concept when it comes to network traffic monitoring and performance. It’s a term you might be familiar with because when you look for an internet provider, you generally want the fastest connection you can afford, meaning bandwidth is your first priority. That’s because it determines the rate at which data moves across a network. This is not usually a problem if only a few people and applications use a network. But things can get pretty busy, and some applications are more demanding than others. Just take video conferencing as an example; it takes up a lot more bandwidth than just visiting a web page. Bandwidth is much like the road in the illustration below: you can only accommodate a certain number of cars before the road becomes blocked. That’s why monitoring what is using a lot of bandwidth is critical.
How do you monitor a user?
When monitoring your network, you also want to track users to check what applications they use and what their regular day-to-day activity is. Doing this can create an audit trail, but more importantly, it reveals patterns so you can better understand the network traffic behavior on a day-to-day basis. Knowing how your network behaves makes it easier to spot when something isn’t quite right.
What are the steps in monitoring network traffic?
To monitor network traffic, you need to determine the best source. This monitoring can be split into two categories: packet capture and flow analysis.
Packet capturing
This is a way of collecting copies of packets that are moving around a network. You can decide to do this at different points across the network using a computer to run the packet capture software and a mirrored port. A mirrored port is created to copy any data that runs through it to your computer port and the connected packet capturing software. An application called Wireshark has traditionally been the go-to choice for performing this activity.
Flow analysis
Flow analysis is supported on many network devices and is typically a built-in feature. Two protocols that can do this are called Netflow and Sflow. Netflow is a Cisco proprietary protocol that runs on Cisco routers and switches. SFlow was developed to work on many platforms. Netflow collects IP traffic only, but SFlow can collect and analyze data from layers 2 to 7 of the OSI model. This type of analysis does not copy data from one port to another, so it’s very flexible as the data can be collected centrally.
Step 2: Selecting the correct component
Devices on the network that can support traffic monitoring include servers, switches, routers, and firewalls. You can even monitor specific interfaces and their applications as well as devices. However, you don’t want to capture everything happening everywhere on your network, as this will generate a lot of data to analyze. You need to pick key areas of the network that oversee communication. On Sam’s network, the central router would be the best place as traffic flows to and from that device.
Step 3: Using monitoring tools
When a network grows, so does the amount of data flow that you will need to analyze, and this is when you need third-party software that can collect all the flow traffic. There are many different traffic monitoring tools out there that are very capable of analyzing flows and putting the data into an easy-to-read format. They usually also include tools for alerting a network manager of problems or anomalies on the network.
