Network Monitoring with Open Source Tools
Network monitoring is critical to keep computer networks and applications safe from the various cyber attacks that are so common nowadays. This article presents the rationale for network monitoring, along with a few select open source network monitoring tools.
Network monitoring is used to keep an eagle’s eye on different computer networks, looking out for slow and failing components. It is quite important, especially in case of sudden unexpected outages and other trouble. Network monitoring is considered to be a part of network management. Enterprise networks have to deal with large data sets being accessed by various devices. Such networks have to provide a reliable and fast service that does not add too much cost to the business.
Networks, nowadays, are far more complex than those of previous years. They traditionally act as the veins of an enterprise by delivering services and data across the organisation. Several technological advances like cloud computing, mobile devices and, more recently, the Internet of Things (IoT) have completely changed the nature of enterprise networks. The demands on today’s networks are reliability, speed and uptime – all of which have become more important than ever. Currently, it is more difficult to continuously monitor network infrastructure due to its expansion to cover mobile devices and applications running in the third party cloud environment.
Network monitoring involves different methods that maintain the integrity and security of an internal network or local area network (LAN). Monitoring encompasses software, hardware, spyware, viruses, vulnerabilities like security holes and backdoors, as well as several other aspects that can compromise the integrity of a network.
Basic goals of network monitoring
There are three basic goals for network monitoring, which cover three functional areas (out of a total of five) for network management, based on the Open Systems Interconnection (OSI) model. The remaining two functional areas are configuration and security management which are not related to network monitoring. Let’s go through the goals related to network monitoring. 1. Performance monitoring: This deals with measuring the performance of a network. There are multiple measurable parameters in a network. But from the list of parameters, relevant ones should be selected from the cost and performance perspective. Such parameters to be measured are referred to as network indicators since they indicate the performance attributes of the network. Some of the
attributes include node availability, circuit availability, etc. The time frame used for monitoring performance must be long enough to establish a network model. All the information extracted through performance monitoring is basically used to plan future network expansion and hence locate current network usage problems.
2. Fault monitoring: This deals with detecting the problems or issues in the network. It covers the different layers of the network since a problem can occur in any one of them. It requires establishing the ‘normal’ characteristics for the network over an extended time period. There are always some errors in the network but this does not mean that the network has persistent problems. Some of the errors expected to occur include noise present in a network link that can lead to transmission errors. The network gets into major problems when the number of errors suddenly increases above its normal behaviour. Hence, a record of normal behaviour is quite important.
3. Account monitoring: This deals with how any person uses a specific network. The network keeps a complete record of all the devices on it, which are used by people and also how often they are used. This type of information is generally used for billing users for the network usage and also for predicting future network usage.
The need for network monitoring
Network monitoring continues to be crucial for different businesses—to monitor their networks in order to be more productive and to avoid possible threats due to network failures and server downtime. Here is why we really need network monitoring.
1. Network monitoring analyses the performance of a network in real-time. So if an issue is detected, network administrators can be immediately alerted about it. This means that we can be informed about network problems wherever we may be, allowing for instant corrective measures and hence minimising potential downtime.
2. To measure the response time and consistency of a network and accordingly extract reliability metrics for them. 3. To validate availability and uptime for the specified network. 4. To diagnose different issues observed in the network by monitoring its behaviour and comparing that with the usual trend. It also helps in generating data for trend analysis creating a performance benchmark for the network. It actually generates a well-structured report, which can help us identify trends and patterns in a system’s performance. 5. To allow network management applications to check the state of various parts of the network and the network devices present at remote locations. This can assist us in identifying specific areas of the network that are experiencing problems.
6. To collect useful information from different parts of the network so that the same set of information can be used to manage and control the network, going forward.
7. To keep an eye on the network traffic and bandwidth usage. It can validate whether crucial network components like routers, switches and servers, are down or up and running.
8. Some of the network monitoring packages also handle service-level agreements (SLAs) and quality of service (QoS) monitoring.
Different network monitoring methods
Network monitoring involves a wide variety of methods that are implemented by IT professionals to maintain the integrity and security of an internal network.
1. Packet sniffing: This is a network monitoring technique that inspects every packet of information that passes through the specific network. Packet sniffers can detect different unauthorised network monitoring software, which might have been installed by hackers for spying on various business activities and information processes.
2. Intrusion detection: Intrusion detection monitors different local area networks for any unauthorised access by hackers. It can be implemented manually, though a majority of IT professionals prefer intrusion detection programs that automatically detect malware and viruses, network vulnerabilities such as logic bombs, backdoors and other security threats. This detection system is also used by individual computer systems that are connected to the network and file settings.
3. Vulnerability scanning: This involves a process wherein a vulnerability scanner periodically scans the network for different weaknesses that open up the potential for an exploit. This network monitoring methodology is different from intrusion detection since it detects a weakness before the actual attack has taken place, whereas intrusion detection identifies various unauthorised entries after the hacker breaches the network.
4. Penetration testing: This is usually carried out by IT professionals by implementing methods that are used by hackers to breach a network. Such tests satisfy clients that the network can handle all the techniques used by hackers and that their network will not allow hackers to enter it. The ultimate purpose of this type of testing is to take the network security to another level by discovering various vulnerabilities that hackers may be aware of but have not yet been detected by other monitoring methods.
5. Firewall monitoring: Firewalls monitor the traffic that’s coming in and going out of the network. They track all the activities of the firewall to ensure that the screening process for incoming and outgoing connections is working properly and securely.
Different open source tools used for network monitoring
Network monitoring tools eliminate the requirement for a physical systems administrator; organisations implementing these tools can save a lot of time and money. Let’s take a quick look at three such tools.
TeemIP is basically a change management database system that combines the IP address management system with a trouble-ticketing system, so that different network devices and IP addresses can be managed in the context of organisations, locations, users and their roles. It also tracks change requests and user trouble.
1. It’s a Web application that runs on any AMP stack (e.g., Apache/IIS with PHP 5.3.6+ and MySQL 5.5.3+), on Linux, Windows, MacOS and Solaris, with all of the major browsers.
2. It can handle IPv4 and IPv6 address registrations, range planning and subnet. It supports capacity tracking and management with support for nesting as well, in order to allow delegation of IP spaces.
3. It has got the ability to integrate different external data sources like device discovery, and can import a huge set of data from CSV files. We can also export data to CSV, XML and HTML formats using Object Query Language. 4. It has an integrated change-ticketing and troubleshooting system. We can define ticketing-system users to be configuration managers, administrators, document authors, portal power users, helpdesk agents, or even a combination of all these roles.
1. It has high scalability.
2. It provides consistent and comprehensive documentation of our network IP resources.
3. As its open source, it is available free of cost.
Node-RED is another open source network monitoring tool that is developed by IBM. It is basically a flow-based programming system that monitors different networks.
2. Node-RED instances are being offered by a couple of cloud services including IBM Bluemix, SenseTecnic FRED, Amazon Web Services and Microsoft Azure.
3. It is a useful general-purpose application platform providing ad hoc and quick solutions for network monitoring. This makes it an invaluable addition to our digital toolkit.
4. It is completely browser-based, and uses the metaphor of wiring different nodes together.
5. Node-RED is available with many built-in nodes that take care of social connections, general input and output, and utility based functions.
6. The Node-RED site comprises a library of user contribution nodes, which currently include 817 flows and 1,360 nodes.
7. Node-RED has a dashboard that can help us create user interfaces with graphs, switches, sliders, buttons and so on.
1. Node-Red is a versatile tool.
2. It plays a vital role in IoT solutions.
3. It is indispensable for quick and effective solutions to a wide variety of problems, and even as a platform for our IoT projects.
4. There is no licence cost associated with it.
ProcessMaker is a free, open source and Web based workflow development as well as deployment system. It is fairly easy to learn and use. It keeps track of the different workflows of the network by evaluating all the possible final outcomes of that workflow. Bitnami offers different ready-made installers for all the major operating systems to make the use of ProcessMaker easier. It just needs a cloud installer and a virtual machine.
1. It runs on all the major platforms such as Linux,Windows, MacOS, OpenShift, Google Cloud, and Cloud Foundry, as well as on several Java EE application servers. 2. ProcessMaker also comes in premium editions with extra features and support available in it. But if we consider it for internal purposes and testing, then the community edition is quite useful and powerful. 3. We can access ProcessMaker applications through a Web browser, and all of its content is automatically mobile-ready. 4. If we want to make a form available through a link, we can embed it in a custom Web page. ProcessMaker provides the detailed documentation on how we can do this.
5. It also supports conditional routing of the workflow. 6. ProcessMaker provides dashboards on which we can install widgets to report different key performance indicators.
1. ProcessMaker is fairly easy to learn and use.
2. Its efficiency can be increased manifold by programming.
3. It can save us a lot of time while solving workflow problems.
Figure 1: Functional architecture of a network monitoring system (Image source: googleimages.com)
Figure 2: Basic workflow for a network monitoring system (Image source: googleimages.com)
Figure 3: Pyramid diagram for a software monitored network (Image source: googleimages.com)