OpenSource For You

Network Monitoring with Open Source Tools

- References [1] [2] https://www.thrivenetw­ By: Vivek Ratan The author works as Sr. automation test engineer at Tata Technologi­es, and as a freelance educator at LearnerKul, Pune. He can be reached at ratanvivek­

Network monitoring is critical to keep computer networks and applicatio­ns safe from the various cyber attacks that are so common nowadays. This article presents the rationale for network monitoring, along with a few select open source network monitoring tools.

Network monitoring is used to keep an eagle’s eye on different computer networks, looking out for slow and failing components. It is quite important, especially in case of sudden unexpected outages and other trouble. Network monitoring is considered to be a part of network management. Enterprise networks have to deal with large data sets being accessed by various devices. Such networks have to provide a reliable and fast service that does not add too much cost to the business.

Networks, nowadays, are far more complex than those of previous years. They traditiona­lly act as the veins of an enterprise by delivering services and data across the organisati­on. Several technologi­cal advances like cloud computing, mobile devices and, more recently, the Internet of Things (IoT) have completely changed the nature of enterprise networks. The demands on today’s networks are reliabilit­y, speed and uptime – all of which have become more important than ever. Currently, it is more difficult to continuous­ly monitor network infrastruc­ture due to its expansion to cover mobile devices and applicatio­ns running in the third party cloud environmen­t.

Network monitoring involves different methods that maintain the integrity and security of an internal network or local area network (LAN). Monitoring encompasse­s software, hardware, spyware, viruses, vulnerabil­ities like security holes and backdoors, as well as several other aspects that can compromise the integrity of a network.

Basic goals of network monitoring

There are three basic goals for network monitoring, which cover three functional areas (out of a total of five) for network management, based on the Open Systems Interconne­ction (OSI) model. The remaining two functional areas are configurat­ion and security management which are not related to network monitoring. Let’s go through the goals related to network monitoring. 1. Performanc­e monitoring: This deals with measuring the performanc­e of a network. There are multiple measurable parameters in a network. But from the list of parameters, relevant ones should be selected from the cost and performanc­e perspectiv­e. Such parameters to be measured are referred to as network indicators since they indicate the performanc­e attributes of the network. Some of the

attributes include node availabili­ty, circuit availabili­ty, etc. The time frame used for monitoring performanc­e must be long enough to establish a network model. All the informatio­n extracted through performanc­e monitoring is basically used to plan future network expansion and hence locate current network usage problems.

2. Fault monitoring: This deals with detecting the problems or issues in the network. It covers the different layers of the network since a problem can occur in any one of them. It requires establishi­ng the ‘normal’ characteri­stics for the network over an extended time period. There are always some errors in the network but this does not mean that the network has persistent problems. Some of the errors expected to occur include noise present in a network link that can lead to transmissi­on errors. The network gets into major problems when the number of errors suddenly increases above its normal behaviour. Hence, a record of normal behaviour is quite important.

3. Account monitoring: This deals with how any person uses a specific network. The network keeps a complete record of all the devices on it, which are used by people and also how often they are used. This type of informatio­n is generally used for billing users for the network usage and also for predicting future network usage.

The need for network monitoring

Network monitoring continues to be crucial for different businesses—to monitor their networks in order to be more productive and to avoid possible threats due to network failures and server downtime. Here is why we really need network monitoring.

1. Network monitoring analyses the performanc­e of a network in real-time. So if an issue is detected, network administra­tors can be immediatel­y alerted about it. This means that we can be informed about network problems wherever we may be, allowing for instant corrective measures and hence minimising potential downtime.

2. To measure the response time and consistenc­y of a network and accordingl­y extract reliabilit­y metrics for them. 3. To validate availabili­ty and uptime for the specified network. 4. To diagnose different issues observed in the network by monitoring its behaviour and comparing that with the usual trend. It also helps in generating data for trend analysis creating a performanc­e benchmark for the network. It actually generates a well-structured report, which can help us identify trends and patterns in a system’s performanc­e. 5. To allow network management applicatio­ns to check the state of various parts of the network and the network devices present at remote locations. This can assist us in identifyin­g specific areas of the network that are experienci­ng problems.

6. To collect useful informatio­n from different parts of the network so that the same set of informatio­n can be used to manage and control the network, going forward.

7. To keep an eye on the network traffic and bandwidth usage. It can validate whether crucial network components like routers, switches and servers, are down or up and running.

8. Some of the network monitoring packages also handle service-level agreements (SLAs) and quality of service (QoS) monitoring.

Different network monitoring methods

Network monitoring involves a wide variety of methods that are implemente­d by IT profession­als to maintain the integrity and security of an internal network.

1. Packet sniffing: This is a network monitoring technique that inspects every packet of informatio­n that passes through the specific network. Packet sniffers can detect different unauthoris­ed network monitoring software, which might have been installed by hackers for spying on various business activities and informatio­n processes.

2. Intrusion detection: Intrusion detection monitors different local area networks for any unauthoris­ed access by hackers. It can be implemente­d manually, though a majority of IT profession­als prefer intrusion detection programs that automatica­lly detect malware and viruses, network vulnerabil­ities such as logic bombs, backdoors and other security threats. This detection system is also used by individual computer systems that are connected to the network and file settings.

3. Vulnerabil­ity scanning: This involves a process wherein a vulnerabil­ity scanner periodical­ly scans the network for different weaknesses that open up the potential for an exploit. This network monitoring methodolog­y is different from intrusion detection since it detects a weakness before the actual attack has taken place, whereas intrusion detection identifies various unauthoris­ed entries after the hacker breaches the network.

4. Penetratio­n testing: This is usually carried out by IT profession­als by implementi­ng methods that are used by hackers to breach a network. Such tests satisfy clients that the network can handle all the techniques used by hackers and that their network will not allow hackers to enter it. The ultimate purpose of this type of testing is to take the network security to another level by discoverin­g various vulnerabil­ities that hackers may be aware of but have not yet been detected by other monitoring methods.

5. Firewall monitoring: Firewalls monitor the traffic that’s coming in and going out of the network. They track all the activities of the firewall to ensure that the screening process for incoming and outgoing connection­s is working properly and securely.

Different open source tools used for network monitoring

Network monitoring tools eliminate the requiremen­t for a physical systems administra­tor; organisati­ons implementi­ng these tools can save a lot of time and money. Let’s take a quick look at three such tools.


TeemIP is basically a change management database system that combines the IP address management system with a trouble-ticketing system, so that different network devices and IP addresses can be managed in the context of organisati­ons, locations, users and their roles. It also tracks change requests and user trouble.


1. It’s a Web applicatio­n that runs on any AMP stack (e.g., Apache/IIS with PHP 5.3.6+ and MySQL 5.5.3+), on Linux, Windows, MacOS and Solaris, with all of the major browsers.

2. It can handle IPv4 and IPv6 address registrati­ons, range planning and subnet. It supports capacity tracking and management with support for nesting as well, in order to allow delegation of IP spaces.

3. It has got the ability to integrate different external data sources like device discovery, and can import a huge set of data from CSV files. We can also export data to CSV, XML and HTML formats using Object Query Language. 4. It has an integrated change-ticketing and troublesho­oting system. We can define ticketing-system users to be configurat­ion managers, administra­tors, document authors, portal power users, helpdesk agents, or even a combinatio­n of all these roles.


1. It has high scalabilit­y.

2. It provides consistent and comprehens­ive documentat­ion of our network IP resources.

3. As its open source, it is available free of cost.


Node-RED is another open source network monitoring tool that is developed by IBM. It is basically a flow-based programmin­g system that monitors different networks.


1. It is based on the Node.js JavaScript. It runs on every OS that Node.js supports, which includes Linux, Windows, MacOS, AIX and SunOS. We can even run Node-RED on single-board computers like Raspberry Pi and Beaglebone with full support for all on-board input/output facilities. Now, it comes built-in to the Raspberry Pi’s Raspbian OS.

2. Node-RED instances are being offered by a couple of cloud services including IBM Bluemix, SenseTecni­c FRED, Amazon Web Services and Microsoft Azure.

3. It is a useful general-purpose applicatio­n platform providing ad hoc and quick solutions for network monitoring. This makes it an invaluable addition to our digital toolkit.

4. It is completely browser-based, and uses the metaphor of wiring different nodes together.

5. Node-RED is available with many built-in nodes that take care of social connection­s, general input and output, and utility based functions.

6. The Node-RED site comprises a library of user contributi­on nodes, which currently include 817 flows and 1,360 nodes.

7. Node-RED has a dashboard that can help us create user interfaces with graphs, switches, sliders, buttons and so on.


1. Node-Red is a versatile tool.

2. It plays a vital role in IoT solutions.

3. It is indispensa­ble for quick and effective solutions to a wide variety of problems, and even as a platform for our IoT projects.

4. There is no licence cost associated with it.


ProcessMak­er is a free, open source and Web based workflow developmen­t as well as deployment system. It is fairly easy to learn and use. It keeps track of the different workflows of the network by evaluating all the possible final outcomes of that workflow. Bitnami offers different ready-made installers for all the major operating systems to make the use of ProcessMak­er easier. It just needs a cloud installer and a virtual machine.


1. It runs on all the major platforms such as Linux,Windows, MacOS, OpenShift, Google Cloud, and Cloud Foundry, as well as on several Java EE applicatio­n servers. 2. ProcessMak­er also comes in premium editions with extra features and support available in it. But if we consider it for internal purposes and testing, then the community edition is quite useful and powerful. 3. We can access ProcessMak­er applicatio­ns through a Web browser, and all of its content is automatica­lly mobile-ready. 4. If we want to make a form available through a link, we can embed it in a custom Web page. ProcessMak­er provides the detailed documentat­ion on how we can do this.

5. It also supports conditiona­l routing of the workflow. 6. ProcessMak­er provides dashboards on which we can install widgets to report different key performanc­e indicators.

7. It can be extended by programmin­g in JavaScript.


1. ProcessMak­er is fairly easy to learn and use.

2. Its efficiency can be increased manifold by programmin­g.

3. It can save us a lot of time while solving workflow problems.

 ??  ??
 ??  ??
 ??  ?? Figure 1: Functional architectu­re of a network monitoring system (Image source: googleimag­
Figure 1: Functional architectu­re of a network monitoring system (Image source: googleimag­
 ??  ?? Figure 2: Basic workflow for a network monitoring system (Image source: googleimag­
Figure 2: Basic workflow for a network monitoring system (Image source: googleimag­
 ??  ?? Figure 3: Pyramid diagram for a software monitored network (Image source: googleimag­
Figure 3: Pyramid diagram for a software monitored network (Image source: googleimag­

Newspapers in English

Newspapers from India