Net­work Mon­i­tor­ing with Open Source Tools

OpenSource For You - - Contents - Ref­er­ences [1] [2] https://www.thrivenet­ By: Vivek Ratan The au­thor works as Sr. au­to­ma­tion test engi­neer at Tata Tech­nolo­gies, and as a free­lance ed­u­ca­tor at Learn­erKul, Pune. He can be reached at ratan­

Net­work mon­i­tor­ing is crit­i­cal to keep com­puter net­works and ap­pli­ca­tions safe from the var­i­ous cy­ber at­tacks that are so com­mon nowa­days. This ar­ti­cle presents the ra­tio­nale for net­work mon­i­tor­ing, along with a few se­lect open source net­work mon­i­tor­ing tools.

Net­work mon­i­tor­ing is used to keep an ea­gle’s eye on dif­fer­ent com­puter net­works, look­ing out for slow and fail­ing com­po­nents. It is quite im­por­tant, es­pe­cially in case of sud­den un­ex­pected out­ages and other trou­ble. Net­work mon­i­tor­ing is con­sid­ered to be a part of net­work man­age­ment. En­ter­prise net­works have to deal with large data sets be­ing ac­cessed by var­i­ous de­vices. Such net­works have to pro­vide a re­li­able and fast ser­vice that does not add too much cost to the busi­ness.

Net­works, nowa­days, are far more com­plex than those of pre­vi­ous years. They tra­di­tion­ally act as the veins of an en­ter­prise by de­liv­er­ing ser­vices and data across the or­gan­i­sa­tion. Sev­eral tech­no­log­i­cal ad­vances like cloud com­put­ing, mo­bile de­vices and, more re­cently, the In­ter­net of Things (IoT) have com­pletely changed the na­ture of en­ter­prise net­works. The de­mands on to­day’s net­works are re­li­a­bil­ity, speed and up­time – all of which have be­come more im­por­tant than ever. Cur­rently, it is more dif­fi­cult to con­tin­u­ously mon­i­tor net­work in­fras­truc­ture due to its ex­pan­sion to cover mo­bile de­vices and ap­pli­ca­tions run­ning in the third party cloud en­vi­ron­ment.

Net­work mon­i­tor­ing in­volves dif­fer­ent meth­ods that main­tain the in­tegrity and se­cu­rity of an in­ter­nal net­work or lo­cal area net­work (LAN). Mon­i­tor­ing en­com­passes soft­ware, hard­ware, spy­ware, viruses, vul­ner­a­bil­i­ties like se­cu­rity holes and back­doors, as well as sev­eral other as­pects that can com­pro­mise the in­tegrity of a net­work.

Ba­sic goals of net­work mon­i­tor­ing

There are three ba­sic goals for net­work mon­i­tor­ing, which cover three func­tional ar­eas (out of a to­tal of five) for net­work man­age­ment, based on the Open Sys­tems In­ter­con­nec­tion (OSI) model. The re­main­ing two func­tional ar­eas are con­fig­u­ra­tion and se­cu­rity man­age­ment which are not re­lated to net­work mon­i­tor­ing. Let’s go through the goals re­lated to net­work mon­i­tor­ing. 1. Per­for­mance mon­i­tor­ing: This deals with mea­sur­ing the per­for­mance of a net­work. There are mul­ti­ple mea­sur­able pa­ram­e­ters in a net­work. But from the list of pa­ram­e­ters, rel­e­vant ones should be se­lected from the cost and per­for­mance per­spec­tive. Such pa­ram­e­ters to be mea­sured are re­ferred to as net­work in­di­ca­tors since they in­di­cate the per­for­mance at­tributes of the net­work. Some of the

at­tributes in­clude node avail­abil­ity, cir­cuit avail­abil­ity, etc. The time frame used for mon­i­tor­ing per­for­mance must be long enough to es­tab­lish a net­work model. All the in­for­ma­tion ex­tracted through per­for­mance mon­i­tor­ing is ba­si­cally used to plan fu­ture net­work ex­pan­sion and hence lo­cate cur­rent net­work us­age prob­lems.

2. Fault mon­i­tor­ing: This deals with de­tect­ing the prob­lems or is­sues in the net­work. It cov­ers the dif­fer­ent lay­ers of the net­work since a prob­lem can oc­cur in any one of them. It re­quires es­tab­lish­ing the ‘nor­mal’ char­ac­ter­is­tics for the net­work over an ex­tended time pe­riod. There are al­ways some er­rors in the net­work but this does not mean that the net­work has per­sis­tent prob­lems. Some of the er­rors ex­pected to oc­cur in­clude noise present in a net­work link that can lead to trans­mis­sion er­rors. The net­work gets into ma­jor prob­lems when the num­ber of er­rors sud­denly in­creases above its nor­mal be­hav­iour. Hence, a record of nor­mal be­hav­iour is quite im­por­tant.

3. Ac­count mon­i­tor­ing: This deals with how any per­son uses a spe­cific net­work. The net­work keeps a com­plete record of all the de­vices on it, which are used by peo­ple and also how of­ten they are used. This type of in­for­ma­tion is gen­er­ally used for billing users for the net­work us­age and also for pre­dict­ing fu­ture net­work us­age.

The need for net­work mon­i­tor­ing

Net­work mon­i­tor­ing con­tin­ues to be cru­cial for dif­fer­ent busi­nesses—to mon­i­tor their net­works in or­der to be more pro­duc­tive and to avoid pos­si­ble threats due to net­work fail­ures and server down­time. Here is why we re­ally need net­work mon­i­tor­ing.

1. Net­work mon­i­tor­ing analy­ses the per­for­mance of a net­work in real-time. So if an is­sue is de­tected, net­work ad­min­is­tra­tors can be im­me­di­ately alerted about it. This means that we can be in­formed about net­work prob­lems wher­ever we may be, al­low­ing for in­stant cor­rec­tive mea­sures and hence min­imis­ing po­ten­tial down­time.

2. To mea­sure the re­sponse time and con­sis­tency of a net­work and ac­cord­ingly ex­tract re­li­a­bil­ity met­rics for them. 3. To val­i­date avail­abil­ity and up­time for the spec­i­fied net­work. 4. To di­ag­nose dif­fer­ent is­sues ob­served in the net­work by mon­i­tor­ing its be­hav­iour and com­par­ing that with the usual trend. It also helps in gen­er­at­ing data for trend anal­y­sis cre­at­ing a per­for­mance bench­mark for the net­work. It ac­tu­ally gen­er­ates a well-struc­tured re­port, which can help us iden­tify trends and pat­terns in a sys­tem’s per­for­mance. 5. To al­low net­work man­age­ment ap­pli­ca­tions to check the state of var­i­ous parts of the net­work and the net­work de­vices present at re­mote lo­ca­tions. This can as­sist us in iden­ti­fy­ing spe­cific ar­eas of the net­work that are ex­pe­ri­enc­ing prob­lems.

6. To col­lect use­ful in­for­ma­tion from dif­fer­ent parts of the net­work so that the same set of in­for­ma­tion can be used to man­age and con­trol the net­work, go­ing for­ward.

7. To keep an eye on the net­work traf­fic and band­width us­age. It can val­i­date whether cru­cial net­work com­po­nents like routers, switches and servers, are down or up and run­ning.

8. Some of the net­work mon­i­tor­ing pack­ages also han­dle ser­vice-level agree­ments (SLAs) and qual­ity of ser­vice (QoS) mon­i­tor­ing.

Dif­fer­ent net­work mon­i­tor­ing meth­ods

Net­work mon­i­tor­ing in­volves a wide va­ri­ety of meth­ods that are im­ple­mented by IT pro­fes­sion­als to main­tain the in­tegrity and se­cu­rity of an in­ter­nal net­work.

1. Packet sniff­ing: This is a net­work mon­i­tor­ing tech­nique that in­spects every packet of in­for­ma­tion that passes through the spe­cific net­work. Packet snif­fers can de­tect dif­fer­ent unau­tho­rised net­work mon­i­tor­ing soft­ware, which might have been in­stalled by hack­ers for spy­ing on var­i­ous busi­ness ac­tiv­i­ties and in­for­ma­tion pro­cesses.

2. In­tru­sion de­tec­tion: In­tru­sion de­tec­tion mon­i­tors dif­fer­ent lo­cal area net­works for any unau­tho­rised ac­cess by hack­ers. It can be im­ple­mented man­u­ally, though a ma­jor­ity of IT pro­fes­sion­als pre­fer in­tru­sion de­tec­tion pro­grams that au­to­mat­i­cally de­tect mal­ware and viruses, net­work vul­ner­a­bil­i­ties such as logic bombs, back­doors and other se­cu­rity threats. This de­tec­tion sys­tem is also used by in­di­vid­ual com­puter sys­tems that are con­nected to the net­work and file set­tings.

3. Vul­ner­a­bil­ity scan­ning: This in­volves a process wherein a vul­ner­a­bil­ity scan­ner pe­ri­od­i­cally scans the net­work for dif­fer­ent weak­nesses that open up the po­ten­tial for an ex­ploit. This net­work mon­i­tor­ing method­ol­ogy is dif­fer­ent from in­tru­sion de­tec­tion since it de­tects a weak­ness be­fore the ac­tual at­tack has taken place, whereas in­tru­sion de­tec­tion iden­ti­fies var­i­ous unau­tho­rised en­tries af­ter the hacker breaches the net­work.

4. Pen­e­tra­tion test­ing: This is usu­ally car­ried out by IT pro­fes­sion­als by im­ple­ment­ing meth­ods that are used by hack­ers to breach a net­work. Such tests sat­isfy clients that the net­work can han­dle all the tech­niques used by hack­ers and that their net­work will not al­low hack­ers to en­ter it. The ul­ti­mate pur­pose of this type of test­ing is to take the net­work se­cu­rity to an­other level by dis­cov­er­ing var­i­ous vul­ner­a­bil­i­ties that hack­ers may be aware of but have not yet been de­tected by other mon­i­tor­ing meth­ods.

5. Fire­wall mon­i­tor­ing: Fire­walls mon­i­tor the traf­fic that’s com­ing in and go­ing out of the net­work. They track all the ac­tiv­i­ties of the fire­wall to en­sure that the screen­ing process for in­com­ing and out­go­ing con­nec­tions is work­ing prop­erly and se­curely.

Dif­fer­ent open source tools used for net­work mon­i­tor­ing

Net­work mon­i­tor­ing tools elim­i­nate the re­quire­ment for a phys­i­cal sys­tems ad­min­is­tra­tor; or­gan­i­sa­tions im­ple­ment­ing these tools can save a lot of time and money. Let’s take a quick look at three such tools.


TeemIP is ba­si­cally a change man­age­ment data­base sys­tem that com­bines the IP ad­dress man­age­ment sys­tem with a trou­ble-tick­et­ing sys­tem, so that dif­fer­ent net­work de­vices and IP ad­dresses can be man­aged in the con­text of or­gan­i­sa­tions, lo­ca­tions, users and their roles. It also tracks change re­quests and user trou­ble.


1. It’s a Web ap­pli­ca­tion that runs on any AMP stack (e.g., Apache/IIS with PHP 5.3.6+ and MySQL 5.5.3+), on Linux, Win­dows, MacOS and So­laris, with all of the ma­jor browsers.

2. It can han­dle IPv4 and IPv6 ad­dress reg­is­tra­tions, range plan­ning and sub­net. It sup­ports ca­pac­ity track­ing and man­age­ment with sup­port for nest­ing as well, in or­der to al­low del­e­ga­tion of IP spa­ces.

3. It has got the abil­ity to in­te­grate dif­fer­ent ex­ter­nal data sources like de­vice dis­cov­ery, and can im­port a huge set of data from CSV files. We can also ex­port data to CSV, XML and HTML for­mats us­ing Ob­ject Query Lan­guage. 4. It has an in­te­grated change-tick­et­ing and trou­bleshoot­ing sys­tem. We can de­fine tick­et­ing-sys­tem users to be con­fig­u­ra­tion man­agers, ad­min­is­tra­tors, doc­u­ment au­thors, por­tal power users, helpdesk agents, or even a com­bi­na­tion of all these roles.


1. It has high scal­a­bil­ity.

2. It pro­vides con­sis­tent and com­pre­hen­sive doc­u­men­ta­tion of our net­work IP re­sources.

3. As its open source, it is avail­able free of cost.


Node-RED is an­other open source net­work mon­i­tor­ing tool that is de­vel­oped by IBM. It is ba­si­cally a flow-based pro­gram­ming sys­tem that mon­i­tors dif­fer­ent net­works.


1. It is based on the Node.js JavaScript. It runs on every OS that Node.js sup­ports, which in­cludes Linux, Win­dows, MacOS, AIX and SunOS. We can even run Node-RED on sin­gle-board com­put­ers like Rasp­berry Pi and Bea­gle­bone with full sup­port for all on-board in­put/out­put fa­cil­i­ties. Now, it comes built-in to the Rasp­berry Pi’s Rasp­bian OS.

2. Node-RED in­stances are be­ing of­fered by a cou­ple of cloud ser­vices in­clud­ing IBM Bluemix, SenseTec­nic FRED, Ama­zon Web Ser­vices and Mi­crosoft Azure.

3. It is a use­ful gen­eral-pur­pose ap­pli­ca­tion plat­form pro­vid­ing ad hoc and quick so­lu­tions for net­work mon­i­tor­ing. This makes it an in­valu­able ad­di­tion to our dig­i­tal tool­kit.

4. It is com­pletely browser-based, and uses the metaphor of wiring dif­fer­ent nodes to­gether.

5. Node-RED is avail­able with many built-in nodes that take care of so­cial con­nec­tions, gen­eral in­put and out­put, and util­ity based func­tions.

6. The Node-RED site com­prises a li­brary of user con­tri­bu­tion nodes, which cur­rently in­clude 817 flows and 1,360 nodes.

7. Node-RED has a dash­board that can help us cre­ate user in­ter­faces with graphs, switches, slid­ers, but­tons and so on.


1. Node-Red is a ver­sa­tile tool.

2. It plays a vital role in IoT so­lu­tions.

3. It is in­dis­pens­able for quick and ef­fec­tive so­lu­tions to a wide va­ri­ety of prob­lems, and even as a plat­form for our IoT projects.

4. There is no li­cence cost as­so­ci­ated with it.


Pro­cessMaker is a free, open source and Web based work­flow de­vel­op­ment as well as de­ploy­ment sys­tem. It is fairly easy to learn and use. It keeps track of the dif­fer­ent work­flows of the net­work by eval­u­at­ing all the pos­si­ble fi­nal out­comes of that work­flow. Bit­nami of­fers dif­fer­ent ready-made in­stall­ers for all the ma­jor op­er­at­ing sys­tems to make the use of Pro­cessMaker eas­ier. It just needs a cloud in­staller and a vir­tual ma­chine.


1. It runs on all the ma­jor plat­forms such as Linux,Win­dows, MacOS, OpenShift, Google Cloud, and Cloud Foundry, as well as on sev­eral Java EE ap­pli­ca­tion servers. 2. Pro­cessMaker also comes in pre­mium edi­tions with ex­tra fea­tures and sup­port avail­able in it. But if we con­sider it for in­ter­nal pur­poses and test­ing, then the com­mu­nity edi­tion is quite use­ful and pow­er­ful. 3. We can ac­cess Pro­cessMaker ap­pli­ca­tions through a Web browser, and all of its con­tent is au­to­mat­i­cally mo­bile-ready. 4. If we want to make a form avail­able through a link, we can em­bed it in a cus­tom Web page. Pro­cessMaker pro­vides the de­tailed doc­u­men­ta­tion on how we can do this.

5. It also sup­ports con­di­tional rout­ing of the work­flow. 6. Pro­cessMaker pro­vides dash­boards on which we can in­stall wid­gets to re­port dif­fer­ent key per­for­mance in­di­ca­tors.

7. It can be ex­tended by pro­gram­ming in JavaScript.


1. Pro­cessMaker is fairly easy to learn and use.

2. Its ef­fi­ciency can be in­creased man­i­fold by pro­gram­ming.

3. It can save us a lot of time while solv­ing work­flow prob­lems.

Fig­ure 1: Func­tional ar­chi­tec­ture of a net­work mon­i­tor­ing sys­tem (Im­age source: googleim­

Fig­ure 2: Ba­sic work­flow for a net­work mon­i­tor­ing sys­tem (Im­age source: googleim­

Fig­ure 3: Pyra­mid di­a­gram for a soft­ware mon­i­tored net­work (Im­age source: googleim­

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.