-
SCNM is a monitoring tool that uses a combination of active and passive measurements to collect information at layer 3 ingress and egress routers and at other significant points within the network being monitored. The SCNM environment consists of both hardware and software components.
The hardware is installed at critical points in the network. It is responsible for passively collecting the packet headers. The software runs on the endpoints of the network. Figure 7 below shows the software components of the SCNM environment.
-
Figure 7: SCNM Software Components [Agarwal03]
The software is responsible for creating and sending the activation packets that are used to start the monitoring of the network. A user will send an activation packet out into the network containing the details about the packets they want to monitor and gather. The user does not need to know the location of the SCNM hosts due to the fact that all hosts listen for packets. Based on the information that is within the activation packet a filter is set up within a data collection daemon that is also running on an endpoint. The network and transport layer headers of packets that correspond to the filter are collected. The filter will automatically time out after a specified amount of time unless it receives another application packet. The packet capture daemon which runs on the SCNM host uses a tcpdump like packet capture program in order to receive requests and to record the traffic that corresponds to the requests.
When a problem is detected by the passive monitoring tools, traffic can be generated using the active tools, allowing one to collect additional data to further study the problem. By having these monitors deployed at every router along the path, we can study only the section of network that seems to be having the problem. [Tierney04].
SCNM [Agarwal03] is intended to be installed and used mainly by network administrators; however average users can use a subset of its functionality. Although average users are capable of using part of the SCNM monitoring environment they are only allowed to monitor their own data.
-
NOTE
When choosing a particular tool to use for monitoring, an Admin must first decide if they would like to use a more proven system or a newer system. If the proven system is the direction that feels more comfortable, NetFlow is the most beneficial tool to use since a data analysis package can be used in conjunction with it to present the data in a user friendly environment; however if an Admin is willing to try out a newer system, a combinational monitoring approach such as WREN or SCNM is the best direction to proceed.
Being able to monitor and analyze networks is vital in the job of Network Administrators. They must strive to keep the networks they oversee in good health as to not disrupt productivity within a company and to not disrupt any essential public services. As summarized throughout this paper several router based and non-router based techniques are available to assist Network Administrators in the day to day monitoring and analysis of their networks. SNMP, RMON, and Cisco’s NetFlow are a few of the router based techniques that are briefly reviewed. The non-router based techniques that were discussed were Active, Passive, and Combinational monitoring tools.
Leave a Reply
You must be logged in to post a comment.