Network Monitoring Basics

Your company network is the connective tissue in the body of your enterprise. Although the technology of networking is stable and reliable, you can’t just leave your network to work by itself unmonitored. There are organized protocols that specifically aid the monitoring of networks and so much of your network management tasks can be automated.

Network equipment

Although there are now many types of networks, it doesn’t matter whether you use a cabled LAN, a wifi router, or connect your staff over the internet; your main network monitoring tasks will occur by querying your network equipment. All of the traffic in your network passes through a router or a switch. The information available at those devices tells you all that you need to know about the traffic flows on your system.

Hosts

You will have a number of computers connected to your network and they will probably have either the Windows, Linux, or macOS operating system. You probably also have servers that have the Windows Server or Linux operating system. The availability of operating systems on your computer is important because network monitoring software has to run on a specific platform. There are more monitoring packages available for Windows Server than for any other operating system.

Network monitoring systems

The network monitoring methodologies that are most frequently-used today require data-originating equipment and data collecting systems. Fortunately, you do not need to go to every piece of network equipment and install the agent software because it is installed on the devices before they are shipped from the factory.

The network tools and protocols that will assist you the most when monitoring your network are:

These three systems do not have the same granularity. Whereas Ping and Traceroute are two command-line utilities with options, SNMP is an entire network monitoring system.

Simple Network Management Protocol

SNMP is a public standard and is widely implemented. Every switch and router that you buy already has an element of the SNMP system installed on it. Some manufacturers prefer to ship their equipment with SNMP turned off, so you might need to access the management system of each device to get the software working.

The SNMP system includes three elements:

  • Network Manager
  • Device Agent
  • Management Information Base (MIB)

You can read more about each of these below:

Management Information Base

The Management Information Base (MIB) is actually a tree structure format that relies on inheritance to create brevity. A code that signifies a status refers to different elements of the device depending on its position in the coding structure. There is no rule that specifies how the MIB should be stored; it is usually implemented in a file.

Reporting transmissions that circulate around the network use the MIB coding format, although any computer can intercept these messages. They are incomprehensible because of the obscurity of the reporting format. The code tree meaning is freely available. However, it would take hours of cross-referencing to decode them. There are MIB interpreters available for free. If you don’t want to install any network management software, an interpreter is the minimum utility that you would need in order to make sense of the SNMP notifications from your routers and switches.

Device Agent

The SNMP agent is the software that runs on your networking equipment. It monitors the statuses on its devices and compiles its MIB copy accordingly. When the agent receives a request for information it responds with a current copy of that MIB. If an alert condition arises, the agent sends out a “trap” message without waiting for a data request. If SNMP is activated on your network equipment, the agent will already be sending out traps even though you haven’t set up a collector to listen for them.

SNMP Network Manager

The Network Manager is the one element of SNMP that is missing from your set up of a new network. This is the software that you need to buy so that you can monitor your network effectively. The Network Manager sends out requests for statuses, provoking all contactable device agents to send back a response. The Network Manager will also listen for traps and interpret these as alerts.

Responses from the device agents get consolidated by the Network Manager into a centralized MIB. The Network Administrator makes the decision through the user interface of the Network Manager on for how long MIB data should be stored. Over time, this MIB information will give you a good perspective on the trend changes in network traffic and you will be able to see throughput levels for different hours of the day. The Network Manager also alerts you to error conditions such as equipment failure or traffic overloading, enabling you to take remedial action.

Ping

Ping is a command line utility that was originally written for Unix but now runs on any operating system that is connected to a network. The tool checks the round trip time and packet loss on connections to a given destination. The utility is widely-used and has many options that modify its behavior. As this tool is so well-regarded, many network monitoring tools integrate its functionality; you can also get standalone GUI versions of the utility.

A ping sweep is a batch execution of Ping that will work through a list of IP addresses, pinging each of them. This method is a quick way to test which addresses are in use – a necessary task if you deploy DHCP for address allocation.

Traceroute

Traceroute is closely-related to Ping and is equally useful. Like Ping, this tool was initially created for Unix but is now available everywhere. Also, like Ping, Traceroute exploits the information procedures defined in the Internet Control Message Protocol (ICMP) to perform connection tests. The purpose of Traceroute is to report on the hops that a connection passes through to get from the computer where the command was launched to a destination address that is given as a parameter to the command.

One problem with Traceroute is that it can’t tell you exactly what happened on a previous connection; you can only try to see if problems still exist when getting to a specific destination. On local networks with little path redundancy, that shortfall isn’t much of a hindrance to an investigation. However, over the internet, paths change on the fly, so you have no guarantee of hitting exactly the same path to a destination over several connections.

Network setup and maintenance

The task of monitoring a network can be greatly simplified by the way you create the network in the first place. Getting the physical layout of a LAN right is a major issue and if you are taking over an existing network, your first monitoring task will be to map it. Network topology mapping is made a great deal easier by the utilities built into SNMP. Every time that the SNMP Network Manager sends out a request for agent reports, it also discovers what devices are connected to the network. This report helps you build a map of the network and some monitoring tools will perform that task for you automatically.

Address allocation is a major issue that can impact network performance and you need to monitor the allocation of IP addresses around the network. You need to start off by subnetting the network and then keeping track of address pool utilization. The Dynamic Host Configuration Protocol is a widely-used method for allocating addresses temporarily to devices on the network.

Monitoring addresses is an important task. On a simple network, you could probably get away with issuing a ping sweep. On progressively more complicated networks, you should consider investing in more comprehensive tools, such as IP address trackers. A full address monitor is called an IP address manager, or IPAM.

It is common practice to run a network-based DNS server (Domain Name System). This resolves between hostnames and IP addresses on the network and needs to be coordinated with your DHCP server and IP address manager. All of these addressing functions need to be monitored.

Advanced Network Monitoring

Once you have the basics of network monitoring under your belt, you will be ready to progress to advanced network monitoring issues. It is advisable to invest in network administration tools so that the basic tasks of network monitoring don’t take up all of your day.

Advanced topics for network administration particularly focus on access rights, data integrity, intrusion detection, and network traffic analysis. As technology advances, threats to your network increase. A poorly-managed network will impede the growth of your business or even ruin your enterprise. Getting to grips with network monitoring is an essential business function.

Image: Monitor Binary from Pixabay. Public domain.