-
Network administrators
have many different ways
-
that they can find out what's
happening on their networks,
-
and in this video,
we'll look at some
-
of the most popular
network monitoring tools.
-
A port scanner allows
you to gather information
-
from a device over the
network without you needing
-
any particular
username, password,
-
or any other type of
authentication to that device.
-
You simply send it some
well-crafted queries,
-
and by examining
the responses, you
-
can find out a lot of
information about that device.
-
At its most basic
level, a port scanner
-
can tell you if a
device is responding
-
to you over the network.
-
It'll send a ping or an Address
Resolution Protocol query
-
to see is that
device really alive.
-
And if it is, it
can examine and see
-
are there any open
ports on that device?
-
Does that device
have services running
-
on it that allow someone to
connect over particular port
-
numbers?
-
What are those port numbers?
-
Which ones are open and closed
on that particular device?
-
You can also find out a lot
about the operating system
-
running on that device,
even without connecting
-
to that device or querying
the operating system directly.
-
You can send some
very specific queries,
-
and depending on
what's returned,
-
you can determine what
type of operating system,
-
and in some cases, the exact
version of the operating
-
system, that's
running on that device.
-
To get even more
details, you could
-
scan the open ports to find out
how do they respond to queries?
-
And depending on
the response, you
-
can determine what
services might be running
-
and what version of
what services might
-
be running on that device.
-
If you're managing a network,
really, of any size,
-
there's going to be a need to
monitor the devices connected
-
to your network.
-
And an easy way to do that is
through interface monitoring.
-
We want to know, at a basic
level, is that device alive
-
or is it not alive?
-
Is it on the network, or is
it dropped off of the network?
-
We want to get some lights that
tell us is everything green,
-
or is a section of
the network gone red?
-
And an interface
monitor can provide you
-
with that information.
-
It can also provide you with
alerting of that information.
-
You obviously can't
look at the monitoring
-
screen for 24 hours a
day, seven days a week,
-
so we'll have the software
monitor these interfaces.
-
And if the interface
turns from green to red,
-
it can send you an email
or send you a text message.
-
Interface monitoring software
can often not only give you
-
that short term view
of what's happening,
-
but it can collect information
over a longer time frame
-
so you can see how available a
particular interface has been.
-
If you need more detail
than just is the device up
-
or is the device
down, you may want
-
to look into other monitoring
technologies like SNMP.
-
They can give you information
about interface utilization,
-
errors, and much more.
-
It's often useful to get
an understanding of exactly
-
what's running over
the network, and there
-
are a number of packet flow
monitoring technologies
-
that can do exactly that.
-
A very popular way to do
this is with a technology
-
called NetFlow.
-
NetFlow version 5
and NetFlow version 9
-
are the most common
ones that you'll see,
-
and it's designed to look
at these traffic flows
-
across the network
and provide you
-
with detailed metrics about
exactly what's running
-
over your network links.
-
You'll generally use
two different components
-
to make NetFlow work.
-
The first component is a probe.
-
You're going to put a probe
on the network at every place
-
where you want to collect data.
-
The probe is going to watch
the raw traffic going by,
-
and it's going to create
these summary records.
-
And it's going to send
those summary records back
-
to a single collector.
-
That way you can have
multiple probes on the network,
-
but all of the
summary information
-
is being sent to
one central point,
-
and that is the
NetFlow collector.
-
It's at this collector
where we're generally
-
going to be able to run
a number of reports
-
because all of the data is
contained on that collector.
-
There's usually a
separate application
-
you would run that
queries the collector,
-
looks through all of
the summary records,
-
and provides you with
information about what's
-
flowing over the network.
-
Looking at this view
of NetFlow statistics,
-
you can see this
summary of metadata
-
can actually provide you
with a lot of details.
-
Here's the top 10
nodes by response time.
-
You can see these top
three are having loss,
-
and so they're having some
very long response times.
-
You can see the exact nodes
that are having the packet loss.
-
Here's the devices,
the top 10 that
-
are having high
utilization, so you
-
can concentrate on trying to
find out why those devices see
-
so much traffic going by.
-
And of course, there's
other reporting mechanisms.
-
Here's a report that shows
the top 20 applications.
-
There's World Wide Web HTTP,
SQL Server, Oracle SQL,
-
domain name server.
-
So you can really
get a lot of detail
-
about exactly what's
happening, and it's very common
-
to be able to run the
short and long term reports
-
so that you can start doing some
troubleshooting of your network
-
flows.
-
Another technology
you can use to gather
-
detailed metrics from your
infrastructure devices is SNMP.
-
SNMP stands for Simple
Network Management Protocol,
-
and it uses a very standardized
database and structure called
-
a MIB, a management
information base,
-
to be able to use
a standard query
-
and get a standard
response from your devices.
-
As you start working
with SNMP software
-
and with SNMP configurations
in your infrastructure devices,
-
there may be different
versions that are referenced.
-
There's three major SNMP
versions you'll run into.
-
SNMP version one
was the original.
-
It is the one where we had
a device on the network,
-
it would make a
request, for instance,
-
how many bytes have gone
into a particular interface,
-
and that device would
respond back with a number.
-
That's a very basic SNMP query.
-
It's all done in the clear.
-
There's no encryption
or special security,
-
and it's done one
query at a time.
-
SNMP version two was an
upgrade to version one.
-
It added some additional
data enhancements,
-
and it provided for
bulk data transfer,
-
so we could ask for 10
different pieces of information
-
and get a single response
with all 10 of those answers.
-
This made for a much
more efficient way
-
to query our devices, but it
was still in-the-clear data.
-
If you had a packet
analyzer, you'd
-
be able to see all of
this SNMP information.
-
So we created SNMP
version three.
-
This is really the
latest standard for SNMP,
-
and it provides message
integrity, authentication,
-
and encryption to verify
that the information going
-
across the network is
going to be secure.
-
Whenever you're querying
infrastructure devices,
-
you're gathering
metrics and details
-
that other people
could use against you.
-
So it's important to keep
this data as safe as possible.
-
If you are using SNMP, you
want to use SNMP version three
-
if at all possible.
-
If it's not possible,
you want to have
-
all of that data contained
on a private network.
-
SNMP can give you a lot
of detail about what's
-
happening on your network.
-
Here's a query of
one of my switches,
-
and you can see every
second I'm getting
-
an update of utilization
and traffic throughput
-
that's going through
my particular switch.
-
You can take this
and not only get
-
a short term view
of what's happening,
-
you can also expand this out
and get a much longer term view
-
so that you can get an idea of
how your network is performing
-
throughout the day, the
week, or even the month.
-
Here's another SNMP
tool you might use.
-
This one is not
quite as graphical,
-
but it can provide you with
a lot of details about what's
-
happening inside of a device.
-
This is a MIB browser,
or a MIB walker,
-
that Management
Information Base which
-
uses the standard structure
for gathering details
-
from these devices.
-
You can see the MIBs are
here on the left side.
-
There's a standard interface
MIB, we call this a MIB two,
-
and I can see things like the
interfaces on this device.
-
This particular software allows
me to walk through the MIB
-
to gather details.
-
I'm going to choose an
interface entry here,
-
and I'm simply going to
tell my device I would like
-
to perform a SNMP MIB walk.
-
And now it goes through
in a very specific format
-
and gathers all of the
details from every interface
-
on this particular switch.
-
And then I can, of
course, through SNMP, even
-
modify configuration
details if I have the rights
-
and permissions on that device.
-
That's why we
mentioned SNMP as being
-
such a powerful management
tool because you're
-
able to see and modify any
of the infrastructure devices
-
on your network.