Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1

Edit subtitles

0:02 - 0:04

Network administrators
have many different ways
0:04 - 0:08

that they can find out what's
happening on their networks,
0:08 - 0:09

and in this video,
we'll look at some
0:09 - 0:12

of the most popular
network monitoring tools.
0:12 - 0:15

A port scanner allows
you to gather information
0:15 - 0:18

from a device over the
network without you needing
0:18 - 0:20

any particular
username, password,
0:20 - 0:23

or any other type of
authentication to that device.
0:23 - 0:26

You simply send it some
well-crafted queries,
0:26 - 0:28

and by examining
the responses, you
0:28 - 0:32

can find out a lot of
information about that device.
0:32 - 0:34

At its most basic
level, a port scanner
0:34 - 0:36

can tell you if a
device is responding
0:36 - 0:37

to you over the network.
0:37 - 0:40

It'll send a ping or an Address
Resolution Protocol query
0:40 - 0:43

to see is that
device really alive.
0:43 - 0:46

And if it is, it
can examine and see
0:46 - 0:48

are there any open
ports on that device?
0:48 - 0:50

Does that device
have services running
0:50 - 0:54

on it that allow someone to
connect over particular port
0:54 - 0:54

numbers?
0:54 - 0:56

What are those port numbers?
0:56 - 1:00

Which ones are open and closed
on that particular device?
1:00 - 1:03

You can also find out a lot
about the operating system
1:03 - 1:06

running on that device,
even without connecting
1:06 - 1:09

to that device or querying
the operating system directly.
1:09 - 1:11

You can send some
very specific queries,
1:11 - 1:13

and depending on
what's returned,
1:13 - 1:16

you can determine what
type of operating system,
1:16 - 1:18

and in some cases, the exact
version of the operating
1:18 - 1:21

system, that's
running on that device.
1:21 - 1:23

To get even more
details, you could
1:23 - 1:28

scan the open ports to find out
how do they respond to queries?
1:28 - 1:30

And depending on
the response, you
1:30 - 1:33

can determine what
services might be running
1:33 - 1:35

and what version of
what services might
1:35 - 1:37

be running on that device.
1:37 - 1:39

If you're managing a network,
really, of any size,
1:39 - 1:42

there's going to be a need to
monitor the devices connected
1:42 - 1:43

to your network.
1:43 - 1:47

And an easy way to do that is
through interface monitoring.
1:47 - 1:50

We want to know, at a basic
level, is that device alive
1:50 - 1:51

or is it not alive?
1:51 - 1:54

Is it on the network, or is
it dropped off of the network?
1:54 - 1:58

We want to get some lights that
tell us is everything green,
1:58 - 2:00

or is a section of
the network gone red?
2:00 - 2:02

And an interface
monitor can provide you
2:02 - 2:03

with that information.
2:03 - 2:06

It can also provide you with
alerting of that information.
2:06 - 2:08

You obviously can't
look at the monitoring
2:08 - 2:11

screen for 24 hours a
day, seven days a week,
2:11 - 2:14

so we'll have the software
monitor these interfaces.
2:14 - 2:16

And if the interface
turns from green to red,
2:16 - 2:19

it can send you an email
or send you a text message.
2:19 - 2:22

Interface monitoring software
can often not only give you
2:22 - 2:24

that short term view
of what's happening,
2:24 - 2:27

but it can collect information
over a longer time frame
2:27 - 2:31

so you can see how available a
particular interface has been.
2:31 - 2:34

If you need more detail
than just is the device up
2:34 - 2:35

or is the device
down, you may want
2:35 - 2:38

to look into other monitoring
technologies like SNMP.
2:38 - 2:42

They can give you information
about interface utilization,
2:42 - 2:44

errors, and much more.
2:44 - 2:46

It's often useful to get
an understanding of exactly
2:46 - 2:48

what's running over
the network, and there
2:48 - 2:51

are a number of packet flow
monitoring technologies
2:51 - 2:52

that can do exactly that.
2:52 - 2:55

A very popular way to do
this is with a technology
2:55 - 2:56

called NetFlow.
2:56 - 2:59

NetFlow version 5
and NetFlow version 9
2:59 - 3:01

are the most common
ones that you'll see,
3:01 - 3:03

and it's designed to look
at these traffic flows
3:03 - 3:05

across the network
and provide you
3:05 - 3:07

with detailed metrics about
exactly what's running
3:07 - 3:09

over your network links.
3:09 - 3:11

You'll generally use
two different components
3:11 - 3:12

to make NetFlow work.
3:12 - 3:14

The first component is a probe.
3:14 - 3:17

You're going to put a probe
on the network at every place
3:17 - 3:19

where you want to collect data.
3:19 - 3:22

The probe is going to watch
the raw traffic going by,
3:22 - 3:24

and it's going to create
these summary records.
3:24 - 3:26

And it's going to send
those summary records back
3:26 - 3:28

to a single collector.
3:28 - 3:30

That way you can have
multiple probes on the network,
3:30 - 3:32

but all of the
summary information
3:32 - 3:34

is being sent to
one central point,
3:34 - 3:36

and that is the
NetFlow collector.
3:36 - 3:38

It's at this collector
where we're generally
3:38 - 3:41

going to be able to run
a number of reports
3:41 - 3:44

because all of the data is
contained on that collector.
3:44 - 3:46

There's usually a
separate application
3:46 - 3:48

you would run that
queries the collector,
3:48 - 3:51

looks through all of
the summary records,
3:51 - 3:53

and provides you with
information about what's
3:53 - 3:55

flowing over the network.
3:55 - 3:58

Looking at this view
of NetFlow statistics,
3:58 - 4:00

you can see this
summary of metadata
4:00 - 4:02

can actually provide you
with a lot of details.
4:02 - 4:04

Here's the top 10
nodes by response time.
4:04 - 4:07

You can see these top
three are having loss,
4:07 - 4:09

and so they're having some
very long response times.
4:09 - 4:12

You can see the exact nodes
that are having the packet loss.
4:12 - 4:14

Here's the devices,
the top 10 that
4:14 - 4:16

are having high
utilization, so you
4:16 - 4:20

can concentrate on trying to
find out why those devices see
4:20 - 4:22

so much traffic going by.
4:22 - 4:24

And of course, there's
other reporting mechanisms.
4:24 - 4:27

Here's a report that shows
the top 20 applications.
4:27 - 4:30

There's World Wide Web HTTP,
SQL Server, Oracle SQL,
4:30 - 4:32

domain name server.
4:32 - 4:34

So you can really
get a lot of detail
4:34 - 4:37

about exactly what's
happening, and it's very common
4:37 - 4:39

to be able to run the
short and long term reports
4:39 - 4:42

so that you can start doing some
troubleshooting of your network
4:42 - 4:43

flows.
4:43 - 4:46

Another technology
you can use to gather
4:46 - 4:50

detailed metrics from your
infrastructure devices is SNMP.
4:50 - 4:53

SNMP stands for Simple
Network Management Protocol,
4:53 - 4:57

and it uses a very standardized
database and structure called
4:57 - 5:00

a MIB, a management
information base,
5:00 - 5:02

to be able to use
a standard query
5:02 - 5:05

and get a standard
response from your devices.
5:05 - 5:08

As you start working
with SNMP software
5:08 - 5:12

and with SNMP configurations
in your infrastructure devices,
5:12 - 5:14

there may be different
versions that are referenced.
5:14 - 5:17

There's three major SNMP
versions you'll run into.
5:17 - 5:19

SNMP version one
was the original.
5:19 - 5:22

It is the one where we had
a device on the network,
5:22 - 5:24

it would make a
request, for instance,
5:24 - 5:27

how many bytes have gone
into a particular interface,
5:27 - 5:29

and that device would
respond back with a number.
5:29 - 5:32

That's a very basic SNMP query.
5:32 - 5:33

It's all done in the clear.
5:33 - 5:35

There's no encryption
or special security,
5:35 - 5:38

and it's done one
query at a time.
5:38 - 5:41

SNMP version two was an
upgrade to version one.
5:41 - 5:43

It added some additional
data enhancements,
5:43 - 5:45

and it provided for
bulk data transfer,
5:45 - 5:48

so we could ask for 10
different pieces of information
5:48 - 5:51

and get a single response
with all 10 of those answers.
5:51 - 5:53

This made for a much
more efficient way
5:53 - 5:57

to query our devices, but it
was still in-the-clear data.
5:57 - 5:59

If you had a packet
analyzer, you'd
5:59 - 6:01

be able to see all of
this SNMP information.
6:01 - 6:04

So we created SNMP
version three.
6:04 - 6:06

This is really the
latest standard for SNMP,
6:06 - 6:09

and it provides message
integrity, authentication,
6:09 - 6:12

and encryption to verify
that the information going
6:12 - 6:14

across the network is
going to be secure.
6:14 - 6:17

Whenever you're querying
infrastructure devices,
6:17 - 6:19

you're gathering
metrics and details
6:19 - 6:21

that other people
could use against you.
6:21 - 6:25

So it's important to keep
this data as safe as possible.
6:25 - 6:29

If you are using SNMP, you
want to use SNMP version three
6:29 - 6:30

if at all possible.
6:30 - 6:32

If it's not possible,
you want to have
6:32 - 6:35

all of that data contained
on a private network.
6:35 - 6:38

SNMP can give you a lot
of detail about what's
6:38 - 6:39

happening on your network.
6:39 - 6:41

Here's a query of
one of my switches,
6:41 - 6:43

and you can see every
second I'm getting
6:43 - 6:47

an update of utilization
and traffic throughput
6:47 - 6:49

that's going through
my particular switch.
6:49 - 6:51

You can take this
and not only get
6:51 - 6:53

a short term view
of what's happening,
6:53 - 6:56

you can also expand this out
and get a much longer term view
6:56 - 6:59

so that you can get an idea of
how your network is performing
6:59 - 7:02

throughout the day, the
week, or even the month.
7:02 - 7:04

Here's another SNMP
tool you might use.
7:04 - 7:06

This one is not
quite as graphical,
7:06 - 7:09

but it can provide you with
a lot of details about what's
7:09 - 7:10

happening inside of a device.
7:10 - 7:13

This is a MIB browser,
or a MIB walker,
7:13 - 7:15

that Management
Information Base which
7:15 - 7:18

uses the standard structure
for gathering details
7:18 - 7:19

from these devices.
7:19 - 7:22

You can see the MIBs are
here on the left side.
7:22 - 7:26

There's a standard interface
MIB, we call this a MIB two,
7:26 - 7:29

and I can see things like the
interfaces on this device.
7:29 - 7:32

This particular software allows
me to walk through the MIB
7:32 - 7:33

to gather details.
7:33 - 7:36

I'm going to choose an
interface entry here,
7:36 - 7:39

and I'm simply going to
tell my device I would like
7:39 - 7:41

to perform a SNMP MIB walk.
7:41 - 7:44

And now it goes through
in a very specific format
7:44 - 7:47

and gathers all of the
details from every interface
7:47 - 7:49

on this particular switch.
7:49 - 7:51

And then I can, of
course, through SNMP, even
7:51 - 7:55

modify configuration
details if I have the rights
7:55 - 7:57

and permissions on that device.
7:57 - 7:59

That's why we
mentioned SNMP as being
7:59 - 8:01

such a powerful management
tool because you're
8:01 - 8:05

able to see and modify any
of the infrastructure devices
8:05 - 8:07

on your network.

Title:: Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1
Description:: more » « less
Video Language:: English
Duration:: 08:08

	OEVIDEOS edited English subtitles for Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1
	OEVIDEOS edited English subtitles for Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1

English subtitles

Revisions Compare revisions

Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	2	OEVIDEOS
	1	OEVIDEOS

Network Monitoring Tools - CompTIA Network+ N10-006 - 2.1

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)