Challenges in High Performance Network Monitoring

Size: px
Start display at page:

Download "Challenges in High Performance Network Monitoring"

Transcription

1 Outline Challenges in High Performance Network Monitoring How to monitor networks that become faster and faster Fulvio Risso Introduction What is Network Monitoring Why you need Network Monitoring What to monitor Technologies How to get data Active Network Monitoring Ping, traceroute, pathchar, RIPE TT Passive Network Monitoring Polling, event reporting Sniffing, SNMP, RMON, Flow-based technologies Challenges in High Speed Networks Speed Information overload (e.g. storage) N E T G R O U P P O L I T E C N I C O D I T O R I N O 1/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 2/75 What is Network Monitoring Why Network Monitoring? Network monitoring relates to the observation and the analysis of the status and behaviour of the following managed objects: network devices end systems network links network traffic network applications Network statistics (for optimization and planning) Network mapping/inventory Network monitoring Traffic statistics Identification of routers and servers (DNS, ) Security bandwidth usage Mapping client characteristics (opened ports, ) service usage Troubleshooting Identifying unofficial services or servers Detection traffic of distribution network security (e.g. local violations vs. remote) Accounting Network Faulty Hardware Intrusion optimization Detection and hardening (to achieve responsiveness (No) Connectivity to change and growth) Keep Compromised Hosts Bottlenecks Resource logs of users and activities service availability Protecting your network from the world Throughput N E T G R O U P P O L I T E C N I C O D I T O R I N O 3/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 4/75

2 Why you need Network Monitoring (1) Why you need Network Monitoring (2) Network statistics (for optimization and planning) Network monitoring Traffic statistics (bandwidth usage, service usage, traffic distribution (e.g. local vs. remote)) Network optimization and hardening (to achieve responsiveness to change and growth) Bottlenecks Throughput Network mapping/inventory: Identification of routers and servers (DNS, ) Mapping client characteristics (opened ports, ) Security Identifying unofficial services or servers Detection of network security violations Intrusion Detection Compromised Hosts Protecting your network from the world Troubleshooting Faulty Hardware (No) Connectivity Resource and service availability Accounting Keep logs of users activities N E T G R O U P P O L I T E C N I C O D I T O R I N O 5/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 6/75 What to monitor? By far the most important! Traffic Measurements When you already know what to measure E.g. get the amount of IP traffic Generic monitors When you do not know exactly what to measure E.g. get the distribution of the network-layer protocols Traffic characterization When you want to create a model (mathematical, maybe?) of the traffic E.g. extract some valuable data from the current traffic Probes When you want to probe your network Availability (links, network resources, services, etc) Events and Alerts (e.g. traffic thresholds) Example: ntop Ntop is a simple, open source (GPL), portable traffic measurement and monitoring tool, which supports various management activities, including network optimization and planning and detection of security violations N E T G R O U P P O L I T E C N I C O D I T O R I N O 7/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 8/75

3 What ntop does (1) What ntop does (2) Traffic Measurement Data sent/received: Volume and packets, classified according to network/ip protocol Multicast Traffic TCP Session History Bandwidth Measurement and Analysis Traffic Characterisation and Monitoring Network Flows Protocol utilisation (# req, peaks/storms, positive/negative repl.) and distribution Network Traffic Matrix ARP, ICMP Monitoring Network Optimisation and Planning Passive network mapping/inventory: identification of Routers and Internet Servers (DNS, Proxy) Traffic Distribution (Local vs. Remote) Service Mapping: service usage (DNS, Routing) Anomalies Detection through some common traffic parameters ICMP ECHO request/response ratio ICMP Destination/Port Unreachable # SYN Pkts vs. # Active TCP Connections Suspicious packets (e.g. out of sequence) Fragments percentage Traffic from/to diagnostic ports TCP connections with no data exchanged N E T G R O U P P O L I T E C N I C O D I T O R I N O 9/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 10/75 What ntop does (3) Possible approaches to NM TCP/IP Stack Verification Network mapping: improper TCP three way handshaking (e.g. queso/nmap OS Detection) Portscan: stealth scanning, unexpected packets (e.g. SYN/FIN) DOS: synflood, invalid packets (ping of death, WinNuke), smurfing IDS/Firewall elusion: overlapping fragments, unexpected SYN/ACK (sequence guessing) Intruders: peak of RST packets Intrusion Detection Trojan Horses (e.g. traffic at know ports) Spoofing: Local (more MAC addresses match the same IP address) and Remote (TTL!) Network discovery (via ICMP, ARP) Viruses: # host contacts in the last 5 minutes (warning: in this respect P2P apps behave as viruses/trojans!) Active The system under monitor is probed periodically with some external signal Passive A probe (silently) collects data and infers some properties from it N E T G R O U P P O L I T E C N I C O D I T O R I N O 11/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 12/75

4 Active Network Monitoring Passive Network Monitoring Often based on specific traffic / packet patterns, generated specifically for monitoring purposes Usually ICMP packets Sometimes other probes (e.g. TCP connections) Used for: Delay measurement One way, End-to-end Remote devices availability Services Examples RIPE Test Traffic Measurement Service PingER (Ping End-to-end Reporting) at Stanford University nmap The most widely used approach Preferred for its lack of intrusiveness Used for: Traffic measurement, monitoring, characterization E.g. network traffic is examined to generate alerts or statistics E.g. full packet decoding (e.g. for troubleshooting) Status and parameters of network links, network devices, E.g. traffic load on interface, link-layer signals Available technologies Packet-based approach: Packet Sniffing Generic statistics and network status: SNMP Aggregate statistics approach: RMON Flow-based approach: NetFlow, sflow, IPFIX N E T G R O U P P O L I T E C N I C O D I T O R I N O 13/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 14/75 Sniffing Passive NM: packet-based approach Sniffing: architectural choices Fast " Expensive (niche market) " Difficult to move / duplicate " ASIC: cannot be reprogrammed / updated (FPGA can, but it is not very simple) We want to capture exactly the frames that are being transferred on a wire or on some specific network segment Very detailed view (e.g. for debugging) May have limited knowledge of link-layer issues (e.g. Ethernet collisions, ) Very large amount of data to be processed Privacy concerns Performance Hardwarebased Systems Optimized Operating System May be very fast " Requires custom OS Software-based Systems Standard Operating System Cheap Easy to move / duplicate Easily updated " May be slow Very easy to setup (e.g. just install WinPcap) " Rather slow Versatility N E T G R O U P P O L I T E C N I C O D I T O R I N O 15/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 16/75

5 Sniffing: where to capture traffic (1) Sniffing: where to capture traffic (2) Old Ethernet Shared Ethernet Passive Tap Switched Network Network device-based Mirror port (per port, per port group, per vlan,) Captures everything, even physical signals Precise timestamping " Practical issues (you need an old Ethernet) Captures everything, even part of physical signals Precise timestamping " Some physical signals are not captured (e.g. collisions) " Practical issues (you need a shared Ethernet) Captures everything, even physical signals Precise timestamping " Practical issues (need a tap) " Need a faster interface (2x for tx and rx) Captures all the traffic, even from several ports, even from remote locations (such as Cisco RSPAN) " Requires a dedicated port on the switch " May need faster interfaces (at least 2x for tx and rx) " Timestamps not precise " May be problems for correlating traffic (which port originates this packet?) " Unable to detect link-layer problems Captures all the traffic, even from several ports Precise timestamps Traffic correlation easier " Requires a dedicated port on the device " May need faster interfaces (at least 2x for tx and rx) " Unable to detect link-layer problems " Technology in the early stage, not widely supported - Cisco Catalyst 9000 and some other proprietary examples - RMON is hardly usable - PSAMP is still ongoing N E T G R O U P P O L I T E C N I C O D I T O R I N O 17/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 18/75 What about sniffing in network devices? How not go to jail with Sniffing Difficult to get exactly the wanted packet trace SNMP does not allow packet capture RMON allows packet capture, but only within some standard templates E.g. poor filtering options Cisco NetFlow does not allow packet capture sflow allows packet capture, but it cannot be customized; not widely supported A new header contains the packet; however often key information are missing (e.g. originating interface, ) IETF PSAMP should be helpful Standardization rather show (began in 2000) Requires ad-hoc hardware, otherwise resources are stolen from the router main objective (forwarding and routing) Ascertain compliance with regulatory procedures Check the regulation in your country You can use sniffing for National security To prevent or detect crime To prevent or detect unauthorised use To ensure effective systems operation You have to make sure that: The identity of the sender/receiver cannot be inferred from the captured data Addresses masquerading Aggregate data N E T G R O U P P O L I T E C N I C O D I T O R I N O 19/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 20/75

6 Passive NM: the SNMP approach Architecture of SNMP components Allows retrieving generic statistics, network status, Not widely used for network configuration (although supported) Defines mechanism for remote management of network devices (routers, bridges, etc.) Fundamental principle: all device management done by simple variable value manipulation Approach: standard means for specifying quantities recognized by devices protocol for requesting, returning, notifying of changes of values An SNMP network consists of three main components: Managed Devices Agents Network Management Systems (NMS) The managed device is a node in the SNMP network and it contains the SNMP agent The NMS makes a virtual connection to the SNMP agent The agent serves the information to the NMS regarding the network status N E T G R O U P P O L I T E C N I C O D I T O R I N O 21/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 22/75 Components of the SNMP world Structure of Manag. Information (SMIv2) Protocol for exchanging data between Agents and Management Entity SNMP Definition of the objects that can be read / modified Must be know on both side (Agents and ME) MIB Syntax used to specify the Management Information Base SMIv2 SMIv2 defines the rules for creating MIBs and it is based on simple typed variables SMIv2 is based on extended subset of ASN.1 (1998) Characteristics of the variables defined by SMI Each variable has an ASN.1 datatype INTEGER, OCTET STRING, OBJECT IDENTIFIER, NULL, It does not implement complex data structures and operations on the variables Variables are either scalars (exactly one instance) or columns in a conceptual two dimensional table (zero or several variables) N E T G R O U P P O L I T E C N I C O D I T O R I N O 23/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 24/75

7 Management Information Base (1) Management Information Base (2) "The set of managed objects within a system, together with their attributes, constitutes that system's management information base." (ISO ) MIBs are created using the SMIv2 syntax MIBs are controlled by the SNMP agent The information in the MIB is organized hierarchically MIB consists of managed objects Managed objects that are identified by two names: Object Name Object Identifier MIB have private branches Variables recognized by device supplied in MIB (Management Information Base) text file giving variables and data structures defined using ASN.1 standard variable sets often provided as RFC s device-specific sets provided by vendors Management stations parse MIB s to determine variables available for management obtain both data structure and management information Example -- the Interfaces group ifnumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of network interfaces present on this system." ::= { interfaces 1 } N E T G R O U P P O L I T E C N I C O D I T O R I N O 25/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 26/75 ASN.1 Object Identifiers SNMP Message Encoding Variables identified by globally unique strings of digits Example: name space is hierarchical in above, 1 stands for iso, 3 stands for org, 6 stands for dod, 1 stands for internet, 4 stands for private, etc. Variable names are aliases for digit strings (within MIB) Example: ifnumber ::= { interfaces 1 } interfaces was previously defined in MIB as , so: ifnumber = Encode message as byte stream using ASN.1 BER (Abstract Syntax Notation 1 Basic Encoding Rules) Quantities encoded as Type, Length, Value triples Types Subset of basic ASN.1 types used in SNMP: integer, octet string, object identifier ( variable name ), sequence SNMP-defined types: gauge, counter, IP address, etc. Values weirdly encoded!! (see ASN.1 specs) N E T G R O U P P O L I T E C N I C O D I T O R I N O 27/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 28/75

8 SNMP Encapsulation SNMPv1 Protocol UDP Manager Get Agent It can be used for reading one or more variables Agent: port 161 Management Entity: port 162 (for traps) Response Delivery of management information is particularly important in moment of high loss Congestion Improper operation GetNext Response It retrieves the object name and the value of the next instance. This operation is used to discover MIB structures and read tables Using multiple/successive GetNext operations it is possible to read the complete MIB without knowing its structure TCP is not suitable (although supported, particularly for SNMPv3 due to its write operations) Set It writes values in one or more MIB instances Response It is the only operation Agent # Manager; it is an asynchronous event Trap With the trap operation an agent can emit an event and inform a manager. However, the receipt of a trap operation is not acknowledged, thus the message can be lost Therefore, even if traps are used, polling is still necessary (for instance the agent might be down) N E T G R O U P P O L I T E C N I C O D I T O R I N O 29/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 30/75 SNMPv3 SNMP and Network Monitoring SNMP increasingly used for CONTROL In addition to monitor Write operations (SET) SNMPv3 adds security Scarcely deployed, mostly due to security concerns and implementation problems Possibility to capture and create data values from properly targeted and formatted traps; the information gathered using SNMP can be used for network monitoring E.g. packet arrival and departure rates, packet drop rates, packet error rates, system load, modem availability etc. Examples of network monitoring tools: MRTG HP OpenView (not only monitoring) MRTG uses the data collected from SNMP agents to generate graphical representations of it almost real time N E T G R O U P P O L I T E C N I C O D I T O R I N O 31/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 32/75

9 Some SNMP Issues Passive NM: RMON Often, the most valuable data is exported only through proprietary MIBs Often, units are differents (Kbps for one vendor, bps for another, ) Difficult to manage a multivendor network Cannot add a new MIB within an agent Cannot customize the variable which are needed to monitor the network The opposite (add a new MIB in the Management Station) is pretty simple Defines a remote network monitoring MIB Is an addition to the basic set of SNMP standards Why RMON? With MIB-II the network manager can obtain information that is purely local to the individual devices What about information pertaining to traffic on the LAN as a whole? Collision domain concept Features Is used to passively monitor data transmitted over LAN segments Provides interoperability between SNMP-based management consoles and remote monitors N E T G R O U P P O L I T E C N I C O D I T O R I N O 33/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 34/75 RMON Goals RMON-1 MIB (RFC 1757, RFC 1513) (1) Off-line operation RMON MIB allows a probe to be configured to perform diagnostics even in the absence of communication with the management station Proactive monitoring A monitor can continuously run diagnostics and log network performance. In the event of a failure, the monitor can supply this information to the management station Problem detection and reporting The monitor can be configured to recognize error conditions, continuously check for them and notify the management station in the event of one Value added data A remote monitoring device can add value to the data it collects by highlighting those hosts that generate the most traffic or errors Multiple Managers An organization can have multiple management stations for different units. The monitor can be configured to deal with more than one management station concurrently Not all implementations fulfill all these goals Statistics (1) Contains extent of utilisation and error statistics for the Ethernet and Token Ring network segments. It shows packets, collisions, octets, broadcasts, multicasts, errors, and keeps track of packet size distribution (< 64, , > 1518 octets) History (2) Enables to copy periodically the values from the Statistics group into a circular buffer Alarm (3) Implements the monitoring of MIB instances threshold values, based on the ASN.1 datatype INTEGER. An alarm (SNMP Trap) is produced when a threshold is exceeded Host (4) Maintains the association of IP, MAC addresses, bytes sent/received (and more) for the observed traffic N E T G R O U P P O L I T E C N I C O D I T O R I N O 35/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 36/75

10 RMON-1 MIB (RFC 1757, RFC 1513) (2) RMON-1 MIB (RFC 1757, RFC 1513) (3) hosttopn (5) Analyzes (i.e. sorts) the data entered in the Hosts group Matrix (6) Contains data over communication relations which are defined by pairs by MAC addresses. Useful for what if analysis, and for detecting intruders Filter (7) Used to select individual packets. A filter expression (bit patterns only) assigns packages to a channel. The channel determines whether the packet is only counted or whether an event is produced on packet receipt Capture (8) Provides a scratchpad memory where are stored all the packets received by a channel Event (9) The Event group regulates the handling of internal events: it defines the various events that cause the emission of SNMPv1 traps sent to management applications or be stored in a log. tokenring (10) Historical All the groups on RMON MIB are optional There are some dependencies: The Alarm group requires the implementation of Event group The HostTopN group requires the implementation of Host group The packet Capture group requires the implementation of Filter group N E T G R O U P P O L I T E C N I C O D I T O R I N O 37/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 38/75 RMONv1 vs. RMON v2 RMON-2 MIB (RFC 2021, RFC 2074) (1) RMONv1 has been designed for low level protocols below IP RMONv2 has been designed to monitor high layer protocols RMONv2 extends RMONv1 by adding nine new groups Protocol directory group Describes the protocols detected by the probe including the protocol parameter (e.g. UDP port numbers). All protocols above the network layer are supported (e.g. http, ftp) Protocol distribution group Produces basic statistics for selected protocols (number of byte, number of packages) Address mapping group Provides a mapping of MAC addresses (flown through the probe) in network addresses Network layer host group Provides statistics for the network layer classified according to network addresses Network layer matrix group Supplies statistics for communication relations (host communications matrix) at network level N E T G R O U P P O L I T E C N I C O D I T O R I N O 39/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 40/75

11 RMON-2 MIB (RFC 2021, RFC 2074) (2) RMONv2 Time Filter Application layer host group Provides statistics for an application layer protocol according to network addresses Application layer matrix group Is similar to Network Layer Matrix group with the exception that in this case statistics are calculated on an application layer protocol layer User history group Permits an automatic generation of statistics stored into so-called Buckets. The number of available buckets is configurable Probe configuration group Enables the configuration of the probe and covers among other things: Configuration of serial access (Modems) IP network configuration Configuration of serial connections (SLIP) for Trap delivery Configuration of parameters for Traps delivery A table can contain a very large number of values E.g. traffic from each host to any other host on the network Retrieving the whole table can be expensive The TimeFilter allows getting only the values that changed after time T (specified in the GET operation) N E T G R O U P P O L I T E C N I C O D I T O R I N O 41/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 42/75 Some RMON Issues Passive NM: Flow-based approaches Implementation of RMON agents and management station is very complex RMON is usually done through ad-hoc blades in high-end network devices Customizability Cannot add new feature to the existing MIBs Often, users need just some simple functions, but they are forced to but expensive equipment to get them done, althoug the most part of the features are useless in their view Not widely used The most part of the data trasfer in a data network involves some transport-layer protocol TCP, UDP The flow-based approach analyzes transport-layer sessions, and uses this data as the basis for the network monitor Flow information IP source, destination Transport protocol Port source, destination Additional fields, not strictly related to the session E.g. IP flags, N E T G R O U P P O L I T E C N I C O D I T O R I N O 43/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 44/75

12 Mostly used architecture Flow-based NM: characteristics FlowInfo (80) $ (1081), TCP (80) $ (2163), TCP Exporter Captures packets, processes them and creates a flow table internally The flow table is (partially) periodically exported to the collector Exporting modes depend on the technology involved Very high requirements in terms of CPU and memory Flow Table TimeFirst 10: : TimeLast 10: : Bytes Collector Minimal processing requirement Problems may arise if the flow table must be saved for future reference (e.g. in a database) Advantages Reduces the amount of information to process (flow information are smaller than packet information) More scalable Problems Cannot deal with some of the aspects related to packet level E.g. ICMP probes, routing protocols, Most important technologies Cisco NetFlow Uses data (partially) available for CEF (Cisco Express Forwarding) IETF IPFIX sflow N E T G R O U P P O L I T E C N I C O D I T O R I N O 45/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 46/75 Cisco NetFlow Exporting Flows Open standard for network traffic measurement defined by Cisco Systems By far, the most used technology Very small interaction between collector and exporter SNMP may be used to configure the probe and (occasionally) to get data back Data is exported by means of a UDP stream, with proper headers Packet sampling in order to decrease the processing Flows are exported to collector when: the flow ends (e.g. a TCP packet with the FIN or RST bits) the flow has been inactive for a certain period of time, i.e. if no packets belonging to it have been observed for a given timeout (usually 15 sec) the flow is still active, but a given timeout (usually 30 min) is expired; this is useful for exporting long-lasting flows at regular basis the probe experiences internal constraints (e.g. counters wrapping or low memory); in this case, a flow may be forced to expire prematurely N E T G R O U P P O L I T E C N I C O D I T O R I N O 47/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 48/75

13 NetFlow problems IETF IPFIX Different methods for exporting a flow Makes processing harder Flow records span several bins The concept of bins is not well defined in NetFlow (at least, bins are 30min) The collector cannot now, at time T, which are the flows seen, because some active flows may have not been exported (yet) Targeted for TCP/IP networks only No support for link-layer headers Impossible to add new information (e.g. protocol fields) in the exported flow record Packet Sampling Unsuitable for some kind of applications IP Flow Information Export Basically, NetFlow with the IETF stamp Limited differences Transport protocol (SCTP; optional TCP or UDP) Limited customizability of the fields that are exported within each flow record (e.g.. MPLS label, BGP Autonomous System, ) N E T G R O U P P O L I T E C N I C O D I T O R I N O 49/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 50/75 Realtime Traffic Flow Measurement sflow IETF Working Group (RTFM) Proposal is more advanced than NetFlow Simple Ruleset Language Provides a way to customize flow definition (which can be a generic group of packet with some common characteristics, e.g. the packets from source A to destination B) action (byte count, and more) Flows are bidirectional makes easier to check the two directions of a connection Interaction between probe and collector is done through SNMP queries Probe must store flow records in memory until the collector ask for them Not supported in commercial devices Only the public-domain NeTraMet tool Packet Sampling (like Cisco NetFlow) Can export either: Sampled packets (although limited to the first few hundred bytes) Flow information Excellent technology, but not supported by Cisco N E T G R O U P P O L I T E C N I C O D I T O R I N O 51/75 N E T G R O U P P O L I T E C N I C O D I T O R I N O 52/75

14 Scalability of the proposed approaches Scalability SNMP RMON Flowbased Packetbased SNMP and RMON show excellent scalability properties But they usually work on traffic aggregate RMON may need to compute more precise statistics (e.g. traffic sent by each host, or traffic matrix) Flow-based and Packet-based are the most critical technologies from this point of view So, let s investigate how to mitigate the problems of flow-based and packetbased technologies N E T G R O U P P O L I T E C N I C O D I T O R I N O 53/75

The ntop Project: Open Source Network Monitoring

The ntop Project: Open Source Network Monitoring The ntop Project: Open Source Network Monitoring Luca Deri 1 Agenda 1. What can ntop do for me? 2. ntop and network security 3. Integration with commercial protocols 4. Embedding ntop 5. Work in

More information

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring

More information

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller 52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller Payoff The Remote Monitoring (RMON) Management Information Base (MIB) is a set of object definitions that extend the capabilities

More information

Network Management & Security (CS 330) RMON

Network Management & Security (CS 330) RMON Network Management & Security (CS 330) RMON Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan November 08, 2013 CS 330 RMON 1/13 1 / 13 Outline Remote Network

More information

SNMP and Beyond: A Survey of Network Performance Monitoring Tools

SNMP and Beyond: A Survey of Network Performance Monitoring Tools http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, paul.moceri@gmail.com Abstract The growing

More information

Introduction to Simple Network Management Protocol (SNMP)

Introduction to Simple Network Management Protocol (SNMP) Introduction to Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is an application layer protocol for collecting information about devices on the network. It is part

More information

Monitoring high-speed networks using ntop. Luca Deri

Monitoring high-speed networks using ntop. Luca Deri <deri@ntop.org> Monitoring high-speed networks using ntop Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

Network Management Functions RMON1, RMON2. Network Management

Network Management Functions RMON1, RMON2. Network Management Network Management Functions RMON1, RMON2 Network Management 30.5.2013 1 Lectures Schedule Week Week 1 Topic Computer Networks - Network Management Architectures & Applications Week 2 Network Management

More information

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004 Cisco NetFlow TM Briefing Paper Release 2.2 Monday, 02 August 2004 Contents EXECUTIVE SUMMARY...3 THE PROBLEM...3 THE TRADITIONAL SOLUTIONS...4 COMPARISON WITH OTHER TECHNIQUES...6 CISCO NETFLOW OVERVIEW...7

More information

Simple Network Management Protocol

Simple Network Management Protocol 56 CHAPTER Chapter Goals Discuss the SNMP Management Information Base. Describe SNMP version 1. Describe SNMP version 2. Background The (SNMP) is an application layer protocol that facilitates the exchange

More information

SNMP Basics BUPT/QMUL 2015-05-12

SNMP Basics BUPT/QMUL 2015-05-12 SNMP Basics BUPT/QMUL 2015-05-12 Agenda Brief introduction to Network Management Brief introduction to SNMP SNMP Network Management Framework RMON New trends of network management Summary 2 Brief Introduction

More information

Packet Sampling and Network Monitoring

Packet Sampling and Network Monitoring Packet Sampling and Network Monitoring CERN openlab Monthly Technical Meeting 13 th November, 2007 Milosz Marian Hulboj milosz.marian.hulboj@cern.ch Ryszard Erazm Jurga ryszard.jurga@cern.ch What is Network

More information

SNMP. Simple Network Management Protocol

SNMP. Simple Network Management Protocol SNMP Simple Network Management Protocol Introduction SNMP Simple Network Management Protocol A set of standards for network management Protocol Database structure specification Data objects A set of standardized

More information

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 1 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Mohammad S. Hasan Agenda 2 Looking at Today What is a management protocol and why is it needed Addressing a variable within SNMP Differing versions Ad-hoc Network

More information

PANDORA FMS NETWORK DEVICE MONITORING

PANDORA FMS NETWORK DEVICE MONITORING NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

PANDORA FMS NETWORK DEVICES MONITORING

PANDORA FMS NETWORK DEVICES MONITORING NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,

More information

Performance Management

Performance Management Performance Management Performance Management Overview Network Monitoring RMON RMON II 6-1 Performance Management Choosing the performance metrics to monitor is difficult Too many to choose from Difficult

More information

Open Source in Network Administration: the ntop Project

Open Source in Network Administration: the ntop Project Open Source in Network Administration: the ntop Project Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

A Summary of Network Traffic Monitoring and Analysis Techniques

A Summary of Network Traffic Monitoring and Analysis Techniques http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html 1 of 9 A Summary of Network Traffic Monitoring and Analysis Techniques Alisha Cecil, acecil19@yahoo.com Abstract As company intranets

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

SolarWinds Certified Professional. Exam Preparation Guide

SolarWinds Certified Professional. Exam Preparation Guide SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how

More information

MANAGING NETWORK COMPONENTS USING SNMP

MANAGING NETWORK COMPONENTS USING SNMP MANAGING NETWORK COMPONENTS USING SNMP Abubucker Samsudeen Shaffi 1 Mohanned Al-Obaidy 2 Gulf College 1, 2 Sultanate of Oman. Email: abobacker.shaffi@gulfcollegeoman.com mohaned@gulfcollegeoman.com Abstract:

More information

NetFlow/IPFIX Various Thoughts

NetFlow/IPFIX Various Thoughts NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application

More information

Outline of the SNMP Framework

Outline of the SNMP Framework 2 SNMP--A Management Protocol and Framework Rolf Stadler School of Electrical Engineering KTH Royal Institute of Technology stadler@ee.kth.se September 2008 Outline of the SNMP Framework Management Program

More information

Network Data Monitoring and Analysis. Computer Networks Lecture's Seminar Lecturer:Assoc.Prof.Turgay ĠBRĠKÇĠ Prepared by Çağla TERLĠKCĠOĞULLARI

Network Data Monitoring and Analysis. Computer Networks Lecture's Seminar Lecturer:Assoc.Prof.Turgay ĠBRĠKÇĠ Prepared by Çağla TERLĠKCĠOĞULLARI Network Data Monitoring and Analysis Computer Networks Lecture's Seminar Lecturer:Assoc.Prof.Turgay ĠBRĠKÇĠ Prepared by Çağla TERLĠKCĠOĞULLARI 1 2 Presentation Contents What Is Network Monitoring? Importance

More information

52-20-16 Using RMON to Manage Remote Networks Gilbert Held

52-20-16 Using RMON to Manage Remote Networks Gilbert Held 52-20-16 Using RMON to Manage Remote Networks Gilbert Held Payoff By standardizing the management information base (MIB) for Ethernet and Token Ring LANs, a network administrator can use the management

More information

Appendix A Remote Network Monitoring

Appendix A Remote Network Monitoring Appendix A Remote Network Monitoring This appendix describes the remote monitoring features available on HP products: Remote Monitoring (RMON) statistics All HP products support RMON statistics on the

More information

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) CHAPTER 52 Simple Network Management Protocol (SNMP) Background The Simple Network Management Protocol(SNMP)is an application-layer protocol that facilitates the exchange of management information between

More information

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow MIB feature provides

More information

SNMP Network Management Concepts

SNMP Network Management Concepts SNMP Network Management Concepts Chu-Sing Yang Department of Electrical Engineering National Cheng Kung University Outline Background Basic Concepts Summary The Origins of TCP/IP Starts at 1969, and founded

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

Simple Network Management Protocol

Simple Network Management Protocol CHAPTER 32 Simple Network Management Protocol Background Simple Network Management Protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between

More information

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network

More information

Traffic monitoring with sflow and ProCurve Manager Plus

Traffic monitoring with sflow and ProCurve Manager Plus An HP ProCurve Networking Application Note Traffic monitoring with sflow and ProCurve Manager Plus Contents 1. Introduction... 3 2. Prerequisites... 3 3. Network diagram... 3 4. About the sflow protocol...

More information

Network Management and Monitoring Software

Network Management and Monitoring Software Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED Network LLDP and LLDP- MED Prof. Vahida Z. Attar College of Engineering, Pune Wellesely Road, Shivajinagar, Pune-411 005. Maharashtra, INDIA Piyush chandwadkar College of Engineering, Pune Wellesely Road,

More information

(Refer Slide Time: 1:17-1:40 min)

(Refer Slide Time: 1:17-1:40 min) Computer Networks Prof. S. Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture # 37 Network management Good day, so today we will talk about network management.

More information

Network Management Functions - Performance. Network Management

Network Management Functions - Performance. Network Management Network Management Functions - Performance Network Management 1 Lectures Schedule Week Week 1 Topic Computer Networks - Network Management Architectures & Applications Week 2 Network Management Standards

More information

Gaining Operational Efficiencies with the Enterasys S-Series

Gaining Operational Efficiencies with the Enterasys S-Series Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction

More information

Inside ntop: An Open Source Network Monitoring Tool

Inside ntop: An Open Source Network Monitoring Tool Inside ntop: An Open Source Network Monitoring Tool Luca Deri 1 Agenda 1. Project history 2. What can ntop do for me? 3. ntop and network security 4. Integration with commercial protocols 5. Embedding

More information

NetFlow-Lite offers network administrators and engineers the following capabilities:

NetFlow-Lite offers network administrators and engineers the following capabilities: Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require

More information

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science. 21. maaliskuuta 2016

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science. 21. maaliskuuta 2016 Jaakko Kotimäki Department of Computer Science Aalto University, School of Science Outline Introduction SNMP architecture Management Information Base SNMP protocol Network management in practice Niksula

More information

Data Mining Techniques for Effective Flow-based Analysis of Multi-Gigabit Network Traffic

Data Mining Techniques for Effective Flow-based Analysis of Multi-Gigabit Network Traffic Data Mining Techniques for Effective Flow-based Analysis of Multi-Gigabit Network Traffic Mario Baldi, Elena Baralis, Fulvio Risso Computer Engineering Department Politecnico di Torino, Italy E-mail: {mario.baldi,

More information

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED Network LLDP and LLDP- MED Prof. Vahida Z. Attar College of Engineering, Pune Wellesely Road, Shivajinagar, Pune-411 005. Maharashtra, INDIA Piyush chandwadkar College of Engineering, Pune Wellesely Road,

More information

ITEC310 Computer Networks II

ITEC310 Computer Networks II ITEC310 Computer Networks II Chapter 28 Network Management: Department of Information Technology Eastern Mediterranean University Objectives 2/60 After completing this chapter you should be able to do

More information

EKT 332/4 COMPUTER NETWORK

EKT 332/4 COMPUTER NETWORK UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

More information

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6 (Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means

More information

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

More information

Study of Network Performance Monitoring Tools-SNMP

Study of Network Performance Monitoring Tools-SNMP 310 Study of Network Performance Monitoring Tools-SNMP Mr. G.S. Nagaraja, Ranjana R.Chittal, Kamod Kumar Summary Computer networks have influenced the software industry by providing enormous resources

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Assignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition)

Assignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition) Assignment One ITN534 Network Management Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition) Unit Co-coordinator, Mr. Neville Richter By, Vijayakrishnan Pasupathinathan

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

Observer Probe Family

Observer Probe Family Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

SNMP and Network Management

SNMP and Network Management SNMP and Network Management Nixu Oy Nixu Ltd PL 21 (Mäkelänkatu 91) 00601 Helsinki, Finland tel. +358 9 478 1011 fax. +358 9 478 1030 info@nixu.fi http://www.nixu.fi Contents Network Management MIB naming

More information

Chapter 18. Network Management Basics

Chapter 18. Network Management Basics Network Management Basics > FCAPS Model Chapter 18. Network Management Basics This chapter covers the following topics: FCAPS Model Network Management Architecture Network Management Protocols An Introduction

More information

Lecture 5: Foundation of Network Management

Lecture 5: Foundation of Network Management Lecture 5: Foundation of Network Management Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4395 5-1 Network Management Standards OSI: Common Management Information

More information

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html Citation: Veeramani, S. and Gopal, Lenin. 2008. Network monitoring tool, in Curtin University of Technology (ed), Curtin University of Technology Science and Engineering International Conference CUTSE

More information

Introduction to Netflow

Introduction to Netflow Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Configuring Flexible NetFlow

Configuring Flexible NetFlow CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

UKCMG Industry Forum November 2006

UKCMG Industry Forum November 2006 UKCMG Industry Forum November 2006 Capacity and Performance Management of IP Networks Using IP Flow Measurement Agenda Challenges of capacity and performance management of IP based networks What is IP

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper ANALYZING FULL-DUPLEX NETWORKS There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports),

More information

RUGGEDCOM NMS. Monitor Availability Quick detection of network failures at the port and

RUGGEDCOM NMS. Monitor Availability Quick detection of network failures at the port and RUGGEDCOM NMS is fully-featured enterprise grade network management software based on the OpenNMS platform. Specifically for the rugged communications industry, RNMS provides a comprehensive platform for

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 29 Network Management Design A good design can help an organization achieve

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Network congestion control using NetFlow

Network congestion control using NetFlow Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

NetFlow Subinterface Support

NetFlow Subinterface Support NetFlow Subinterface Support Feature History Release Modification 12.2(14)S This feature was introduced. 12.2(15)T This feature was integrated into Cisco IOS Release 12.2 T. This document describes the

More information

Internet Management and Measurements Measurements

Internet Management and Measurements Measurements Internet Management and Measurements Measurements Ramin Sadre, Aiko Pras Design and Analysis of Communication Systems Group University of Twente, 2010 Measurements What is being measured? Why do you measure?

More information

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment Voice over IP Demonstration 1: VoIP Protocols Network Environment We use two Windows workstations from the production network, both with OpenPhone application (figure 1). The OpenH.323 project has developed

More information

A Guide to Understanding SNMP

A Guide to Understanding SNMP A Guide to Understanding SNMP Read about SNMP v1, v2c & v3 and Learn How to Configure SNMP on Cisco Routers 2013, SolarWinds Worldwide, LLC. All rights reserved. Share: In small networks with only a few

More information

TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT. Aiko Pras pras@cs.utwente.nl

TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT. Aiko Pras pras@cs.utwente.nl TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT 9 July 1996 Aiko Pras pras@cs.utwente.nl http://wwwtios.cs.utwente.nl/~pras http://wwwtios.cs.utwente.nl/ http://wwwsnmp.cs.utwente.nl/ Copyright

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

A Brief Introduction to Internet Network Management and SNMP. Geoff Huston NTW Track 4

A Brief Introduction to Internet Network Management and SNMP. Geoff Huston NTW Track 4 A Brief Introduction to Internet Network Management and SNMP Geoff Huston NTW Track 4 What are we talking about? Network Management Tasks fault management configuration management performance management

More information

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS Mestrado em Engenharia de Redes de Comunicações TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS 2008-2009 Gestão de Redes e Serviços, Segurança - Networks and Services Management, Security 1 Outline

More information

8. 網路流量管理 Network Traffic Management

8. 網路流量管理 Network Traffic Management 8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

More information

A Powerful Combination

A Powerful Combination NetFlow and ngenius Performance Manager A Powerful Combination Introduction While an easily accessible, high-performing and always-available network is essential to a company's business, visibility into

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

SNMP Monitoring: One Critical Component to Network Management

SNMP Monitoring: One Critical Component to Network Management Network Instruments White Paper SNMP Monitoring: One Critical Component to Network Management Although SNMP agents provide essential information for effective network monitoring and troubleshooting, SNMP

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Wireshark Developer and User Conference

Wireshark Developer and User Conference Wireshark Developer and User Conference Using NetFlow to Analyze Your Network June 15 th, 2011 Christopher J. White Manager Applica6ons and Analy6cs, Cascade Riverbed Technology cwhite@riverbed.com SHARKFEST

More information

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

CMA5000 SPECIFICATIONS. 5710 Gigabit Ethernet Module

CMA5000 SPECIFICATIONS. 5710 Gigabit Ethernet Module CMA5000 5710 Gigabit Ethernet Module SPECIFICATIONS General Description The CMA5710 Gigabit Ethernet application is a single slot module that can be used in any CMA 5000. The Gigabit Ethernet test module

More information

Firewalls Netasq. Security Management by NETASQ

Firewalls Netasq. Security Management by NETASQ Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed

More information

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:

More information

NETWORK LAYER/INTERNET PROTOCOLS

NETWORK LAYER/INTERNET PROTOCOLS CHAPTER 3 NETWORK LAYER/INTERNET PROTOCOLS You will learn about the following in this chapter: IP operation, fields and functions ICMP messages and meanings Fragmentation and reassembly of datagrams IP

More information