simpleweb homepage: the source for snmp

 

PREVIOUS NEXT

5 Alternative Approaches to Monitoring

Simple alternatives to network monitoring are packet tracers and decoders, often-called network sniffers. Examples are tcpdump [11] and snoop [15]. These tools are responsible for capturing packets from the network and often require off-line analysis tools to correlate captured data and identify network flows. Sniffers usually provide details on packet activity and lack information on the network as a whole [8]. Protocol analysers, such as Ethereal [2], typically focus on the content of single network packets and not on global network activities. These solutions lack high-level support to management activities.

More appropriate and advanced alternatives include RMON (Remote Network Monitoring) management platforms [16]. Those platforms promote a decoupling between probes and managers. Probes are devices that collect data from the network and managers are applications that provide useful higher level information for the human operator. RMON managers can be seen as data analysers, but will also configure probes and retrieve relevant collected data (via SNMP). In RMON, flexibility was achieved through modularity and standardization. RMON's MIB (Management Information Base) and architecture have been defined in RFCs [16].

The RMON standards define the way in which a manager can retrieve information from probes and which pieces of information are available. In an RMON configuration, a manager can collect data from several probes. Therefore, it is possible to monitor several subnets from one central manager. This possibility is also available for the latest version of ntop. Despite the fact that ntop runs as a single application, including the probe and the analyser, it provides an API for remote programs to read (and in a future version modify) traffic information. This API is called the remote interface. The remote interface has to be ported to client-side platforms that would like to interact with ntop "probes" (it is currently available in a limited number of programming languages and platforms). This restricts the usage of ntop's remote interface to the platforms supported. The RMON standards, on the other hand, specify a communication protocol between manager and probes. This standardization opens the path to multi-vendor management solutions. RMON-ready managers can interact with probes implemented in any platforms and RMON-ready probes can interact with managers implemented in any platforms.

With ntop, specialized functions are typically implemented via new versions and optional plug-ins. As RMON is defined in a standard, it is possible to create specialized managers for different purposes (for instance, a security failure detection manager) or to use different applications for data analysis that will inter-operate with probes from different vendors.

RMON-base solutions are quite powerful but unfortunately need sophisticated SNMP managers that are able to configure the probes properly, and analyse collected network statistics. Due to the complexity and costs of RMON solutions, those are basically used by advanced network managers in large institutions.

Tools for network monitoring such as NeTraMet [1] and NFR [12] offer advanced programming languages for analysing network flows and building statistical event records. These languages are useful for experienced network operators. They have been designed as instrumentable network daemons more suitable for monitoring networks in a mid/long time period [8].

ntop has shown to be a valuable tool for quick access to network monitoring, with a simple to use integrated web interface, minimal requirements and lightweight CPU utilization. It is available for network administrator with minimal (installing, learning) effort and cost, as opposed to expensive and complex (yet sophisticated and flexible) management platforms.

PREVIOUS NEXT