Network traffic monitoring techniques

Techniques

Network traffic monitoring is an essential aspect of any network.  By definition, network traffic monitoring refers to the sum processes of capturing network traffic for the purpose of inspecting it, and analyzing what is taking place in a given network. Analysis of network traffic is important in order to effectively troubleshoot and resolve network issues whenever they arise. Analysis of network traffic is considered as a proactive approach. It prevents losses that are occasioned when there is a network failure or a security breach in the network.

Analysis techniques

This article will explain two techniques used for network traffic monitoring: The router based technique and the non-router based technique.

Router based monitoring technique

Router based Network traffic monitoring techniques are not flexible reason since they are hard-coded into routers. Some of the commonly used techniques used are:

• Simple network monitoring protocol (SNMP) RFC 1157- this technique allows administrators to manage a given network traffic by finding and solving network problems and also plan for the growth of the network. This is made possible by passive sensors gathering traffic statistics using passive sensors. Three components make up SNMP the agents, network management system and the managed devices.
• Remote monitoring (RMON) RFC 1757-RMON sets an alarm that monitors all the traffic based on a given criteria making it possible for administrators to manage remote sites and local networks from a central place. There are only two components of the RMON; the agent and the monitor.
• Net flow RFC 3954- it has the ability of collecting traffic as it enters an interface. It is made of three components: flow caching, data analyzer, and flow collector.

Non-router based techniques

There offer a more flexible network traffic monitoring technique. Non-router based techniques are either classified as either passive or active.

• Active techniques

Probes are monitored into the traffic so as to collect measurements between two endpoints in a network. Active measurement measures the following: availability, routes, packet delay, packet reordering, packet loss, and bandwidth measurement.

• Passive techniques

Passive network monitoring does not inject traffic or modify the traffic present in the network. In addition, unlike active monitoring, it only collects information on one path being measured rather than two endpoints. Passive monitoring deals with the following information: protocol mixes, packet rates and inter-arrival timing. Passive monitoring is the preferred network traffic monitoring technique has it does not have overhead data associated with active monitoring.