< Return to Video

Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1

  • 0:02 - 0:04
    Network administrators
    have many different ways
  • 0:04 - 0:08
    that they can find out what's
    happening on their networks,
  • 0:08 - 0:09
    and in this video,
    we'll look at some
  • 0:09 - 0:12
    of the most popular
    network monitoring tools.
  • 0:12 - 0:15
    A port scanner allows
    you to gather information
  • 0:15 - 0:18
    from a device over the
    network without you needing
  • 0:18 - 0:20
    any particular
    username, password,
  • 0:20 - 0:23
    or any other type of
    authentication to that device.
  • 0:23 - 0:26
    You simply send it some
    well-crafted queries,
  • 0:26 - 0:28
    and by examining
    the responses, you
  • 0:28 - 0:32
    can find out a lot of
    information about that device.
  • 0:32 - 0:34
    At its most basic
    level, a port scanner
  • 0:34 - 0:36
    can tell you if a
    device is responding
  • 0:36 - 0:37
    to you over the network.
  • 0:37 - 0:40
    It'll send a ping or an Address
    Resolution Protocol query
  • 0:40 - 0:43
    to see is that
    device really alive.
  • 0:43 - 0:46
    And if it is, it
    can examine and see
  • 0:46 - 0:48
    are there any open
    ports on that device?
  • 0:48 - 0:50
    Does that device
    have services running
  • 0:50 - 0:54
    on it that allow someone to
    connect over particular port
  • 0:54 - 0:54
    numbers?
  • 0:54 - 0:56
    What are those port numbers?
  • 0:56 - 1:00
    Which ones are open and closed
    on that particular device?
  • 1:00 - 1:03
    You can also find out a lot
    about the operating system
  • 1:03 - 1:06
    running on that device,
    even without connecting
  • 1:06 - 1:09
    to that device or querying
    the operating system directly.
  • 1:09 - 1:11
    You can send some
    very specific queries,
  • 1:11 - 1:13
    and depending on
    what's returned,
  • 1:13 - 1:16
    you can determine what
    type of operating system,
  • 1:16 - 1:18
    and in some cases, the exact
    version of the operating
  • 1:18 - 1:21
    system, that's
    running on that device.
  • 1:21 - 1:23
    To get even more
    details, you could
  • 1:23 - 1:28
    scan the open ports to find out
    how do they respond to queries?
  • 1:28 - 1:30
    And depending on
    the response, you
  • 1:30 - 1:33
    can determine what
    services might be running
  • 1:33 - 1:35
    and what version of
    what services might
  • 1:35 - 1:37
    be running on that device.
  • 1:37 - 1:39
    If you're managing a network,
    really, of any size,
  • 1:39 - 1:42
    there's going to be a need to
    monitor the devices connected
  • 1:42 - 1:43
    to your network.
  • 1:43 - 1:47
    And an easy way to do that is
    through interface monitoring.
  • 1:47 - 1:50
    We want to know, at a basic
    level, is that device alive
  • 1:50 - 1:51
    or is it not alive?
  • 1:51 - 1:54
    Is it on the network, or is
    it dropped off of the network?
  • 1:54 - 1:58
    We want to get some lights that
    tell us is everything green,
  • 1:58 - 2:00
    or is a section of
    the network gone red?
  • 2:00 - 2:02
    And an interface
    monitor can provide you
  • 2:02 - 2:03
    with that information.
  • 2:03 - 2:06
    It can also provide you with
    alerting of that information.
  • 2:06 - 2:08
    You obviously can't
    look at the monitoring
  • 2:08 - 2:11
    screen for 24 hours a
    day, seven days a week,
  • 2:11 - 2:14
    so we'll have the software
    monitor these interfaces.
  • 2:14 - 2:16
    And if the interface
    turns from green to red,
  • 2:16 - 2:19
    it can send you an email
    or send you a text message.
  • 2:19 - 2:22
    Interface monitoring software
    can often not only give you
  • 2:22 - 2:24
    that short term view
    of what's happening,
  • 2:24 - 2:27
    but it can collect information
    over a longer time frame
  • 2:27 - 2:31
    so you can see how available a
    particular interface has been.
  • 2:31 - 2:34
    If you need more detail
    than just is the device up
  • 2:34 - 2:35
    or is the device
    down, you may want
  • 2:35 - 2:38
    to look into other monitoring
    technologies like SNMP.
  • 2:38 - 2:42
    They can give you information
    about interface utilization,
  • 2:42 - 2:44
    errors, and much more.
  • 2:44 - 2:46
    It's often useful to get
    an understanding of exactly
  • 2:46 - 2:48
    what's running over
    the network, and there
  • 2:48 - 2:51
    are a number of packet flow
    monitoring technologies
  • 2:51 - 2:52
    that can do exactly that.
  • 2:52 - 2:55
    A very popular way to do
    this is with a technology
  • 2:55 - 2:56
    called NetFlow.
  • 2:56 - 2:59
    NetFlow version 5
    and NetFlow version 9
  • 2:59 - 3:01
    are the most common
    ones that you'll see,
  • 3:01 - 3:03
    and it's designed to look
    at these traffic flows
  • 3:03 - 3:05
    across the network
    and provide you
  • 3:05 - 3:07
    with detailed metrics about
    exactly what's running
  • 3:07 - 3:09
    over your network links.
  • 3:09 - 3:11
    You'll generally use
    two different components
  • 3:11 - 3:12
    to make NetFlow work.
  • 3:12 - 3:14
    The first component is a probe.
  • 3:14 - 3:17
    You're going to put a probe
    on the network at every place
  • 3:17 - 3:19
    where you want to collect data.
  • 3:19 - 3:22
    The probe is going to watch
    the raw traffic going by,
  • 3:22 - 3:24
    and it's going to create
    these summary records.
  • 3:24 - 3:26
    And it's going to send
    those summary records back
  • 3:26 - 3:28
    to a single collector.
  • 3:28 - 3:30
    That way you can have
    multiple probes on the network,
  • 3:30 - 3:32
    but all of the
    summary information
  • 3:32 - 3:34
    is being sent to
    one central point,
  • 3:34 - 3:36
    and that is the
    NetFlow collector.
  • 3:36 - 3:38
    It's at this collector
    where we're generally
  • 3:38 - 3:41
    going to be able to run
    a number of reports
  • 3:41 - 3:44
    because all of the data is
    contained on that collector.
  • 3:44 - 3:46
    There's usually a
    separate application
  • 3:46 - 3:48
    you would run that
    queries the collector,
  • 3:48 - 3:51
    looks through all of
    the summary records,
  • 3:51 - 3:53
    and provides you with
    information about what's
  • 3:53 - 3:55
    flowing over the network.
  • 3:55 - 3:58
    Looking at this view
    of NetFlow statistics,
  • 3:58 - 4:00
    you can see this
    summary of metadata
  • 4:00 - 4:02
    can actually provide you
    with a lot of details.
  • 4:02 - 4:04
    Here's the top 10
    nodes by response time.
  • 4:04 - 4:07
    You can see these top
    three are having loss,
  • 4:07 - 4:09
    and so they're having some
    very long response times.
  • 4:09 - 4:12
    You can see the exact nodes
    that are having the packet loss.
  • 4:12 - 4:14
    Here's the devices,
    the top 10 that
  • 4:14 - 4:16
    are having high
    utilization, so you
  • 4:16 - 4:20
    can concentrate on trying to
    find out why those devices see
  • 4:20 - 4:22
    so much traffic going by.
  • 4:22 - 4:24
    And of course, there's
    other reporting mechanisms.
  • 4:24 - 4:27
    Here's a report that shows
    the top 20 applications.
  • 4:27 - 4:30
    There's World Wide Web HTTP,
    SQL Server, Oracle SQL,
  • 4:30 - 4:32
    domain name server.
  • 4:32 - 4:34
    So you can really
    get a lot of detail
  • 4:34 - 4:37
    about exactly what's
    happening, and it's very common
  • 4:37 - 4:39
    to be able to run the
    short and long term reports
  • 4:39 - 4:42
    so that you can start doing some
    troubleshooting of your network
  • 4:42 - 4:43
    flows.
  • 4:43 - 4:46
    Another technology
    you can use to gather
  • 4:46 - 4:50
    detailed metrics from your
    infrastructure devices is SNMP.
  • 4:50 - 4:53
    SNMP stands for Simple
    Network Management Protocol,
  • 4:53 - 4:57
    and it uses a very standardized
    database and structure called
  • 4:57 - 5:00
    a MIB, a management
    information base,
  • 5:00 - 5:02
    to be able to use
    a standard query
  • 5:02 - 5:05
    and get a standard
    response from your devices.
  • 5:05 - 5:08
    As you start working
    with SNMP software
  • 5:08 - 5:12
    and with SNMP configurations
    in your infrastructure devices,
  • 5:12 - 5:14
    there may be different
    versions that are referenced.
  • 5:14 - 5:17
    There's three major SNMP
    versions you'll run into.
  • 5:17 - 5:19
    SNMP version one
    was the original.
  • 5:19 - 5:22
    It is the one where we had
    a device on the network,
  • 5:22 - 5:24
    it would make a
    request, for instance,
  • 5:24 - 5:27
    how many bytes have gone
    into a particular interface,
  • 5:27 - 5:29
    and that device would
    respond back with a number.
  • 5:29 - 5:32
    That's a very basic SNMP query.
  • 5:32 - 5:33
    It's all done in the clear.
  • 5:33 - 5:35
    There's no encryption
    or special security,
  • 5:35 - 5:38
    and it's done one
    query at a time.
  • 5:38 - 5:41
    SNMP version two was an
    upgrade to version one.
  • 5:41 - 5:43
    It added some additional
    data enhancements,
  • 5:43 - 5:45
    and it provided for
    bulk data transfer,
  • 5:45 - 5:48
    so we could ask for 10
    different pieces of information
  • 5:48 - 5:51
    and get a single response
    with all 10 of those answers.
  • 5:51 - 5:53
    This made for a much
    more efficient way
  • 5:53 - 5:57
    to query our devices, but it
    was still in-the-clear data.
  • 5:57 - 5:59
    If you had a packet
    analyzer, you'd
  • 5:59 - 6:01
    be able to see all of
    this SNMP information.
  • 6:01 - 6:04
    So we created SNMP
    version three.
  • 6:04 - 6:06
    This is really the
    latest standard for SNMP,
  • 6:06 - 6:09
    and it provides message
    integrity, authentication,
  • 6:09 - 6:12
    and encryption to verify
    that the information going
  • 6:12 - 6:14
    across the network is
    going to be secure.
  • 6:14 - 6:17
    Whenever you're querying
    infrastructure devices,
  • 6:17 - 6:19
    you're gathering
    metrics and details
  • 6:19 - 6:21
    that other people
    could use against you.
  • 6:21 - 6:25
    So it's important to keep
    this data as safe as possible.
  • 6:25 - 6:29
    If you are using SNMP, you
    want to use SNMP version three
  • 6:29 - 6:30
    if at all possible.
  • 6:30 - 6:32
    If it's not possible,
    you want to have
  • 6:32 - 6:35
    all of that data contained
    on a private network.
  • 6:35 - 6:38
    SNMP can give you a lot
    of detail about what's
  • 6:38 - 6:39
    happening on your network.
  • 6:39 - 6:41
    Here's a query of
    one of my switches,
  • 6:41 - 6:43
    and you can see every
    second I'm getting
  • 6:43 - 6:47
    an update of utilization
    and traffic throughput
  • 6:47 - 6:49
    that's going through
    my particular switch.
  • 6:49 - 6:51
    You can take this
    and not only get
  • 6:51 - 6:53
    a short term view
    of what's happening,
  • 6:53 - 6:56
    you can also expand this out
    and get a much longer term view
  • 6:56 - 6:59
    so that you can get an idea of
    how your network is performing
  • 6:59 - 7:02
    throughout the day, the
    week, or even the month.
  • 7:02 - 7:04
    Here's another SNMP
    tool you might use.
  • 7:04 - 7:06
    This one is not
    quite as graphical,
  • 7:06 - 7:09
    but it can provide you with
    a lot of details about what's
  • 7:09 - 7:10
    happening inside of a device.
  • 7:10 - 7:13
    This is a MIB browser,
    or a MIB walker,
  • 7:13 - 7:15
    that Management
    Information Base which
  • 7:15 - 7:18
    uses the standard structure
    for gathering details
  • 7:18 - 7:19
    from these devices.
  • 7:19 - 7:22
    You can see the MIBs are
    here on the left side.
  • 7:22 - 7:26
    There's a standard interface
    MIB, we call this a MIB two,
  • 7:26 - 7:29
    and I can see things like the
    interfaces on this device.
  • 7:29 - 7:32
    This particular software allows
    me to walk through the MIB
  • 7:32 - 7:33
    to gather details.
  • 7:33 - 7:36
    I'm going to choose an
    interface entry here,
  • 7:36 - 7:39
    and I'm simply going to
    tell my device I would like
  • 7:39 - 7:41
    to perform a SNMP MIB walk.
  • 7:41 - 7:44
    And now it goes through
    in a very specific format
  • 7:44 - 7:47
    and gathers all of the
    details from every interface
  • 7:47 - 7:49
    on this particular switch.
  • 7:49 - 7:51
    And then I can, of
    course, through SNMP, even
  • 7:51 - 7:55
    modify configuration
    details if I have the rights
  • 7:55 - 7:57
    and permissions on that device.
  • 7:57 - 7:59
    That's why we
    mentioned SNMP as being
  • 7:59 - 8:01
    such a powerful management
    tool because you're
  • 8:01 - 8:05
    able to see and modify any
    of the infrastructure devices
  • 8:05 - 8:07
    on your network.
Title:
Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1
Description:

more » « less
Video Language:
English
Duration:
08:08

English subtitles

Revisions Compare revisions