Network Monitoring

Download Report

Transcript Network Monitoring

Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Monitoring
Chapter 20
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Objectives
• Explain how SNMP works
• Describe network monitoring tools
• Discuss a scenario that uses management and
monitoring tools
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Introduction
• Modern networks require intervention from
network technicians
– Intervention may be regular or irregular
• Technician responsibilities
– Install network management tools
– Deploy other tools to monitor, troubleshoot, and
optimize networks over time
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Test Specific
SNMP
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP
• Simple Network Management Protocol
(SNMP)
– De facto protocol for TCP/IP networks
– Creates a managed network
• Components of SNMP
– SNMP manager
– Managed devices
– Management information bases
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.1 Massive list of network monitoring tools maintained
by the Stanford Linear Accelerator Center (SLAC)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP (cont’d.)
• SNMP manager function
– Requests and processes information from
managed devices
• Network management station (NMS)
– Specialized software run by the SNMP manager
• Agent
– Specialized software run by managed devices
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP (cont’d.)
• Types of managed devices
– Printers
– Workstations
– Video cameras
– Routers
– Switches
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.2 SNMP components
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP (cont’d.)
• Types of information collected by the SNMP
manager vary
• SNMP: an extensible protocol
– Can be adapted to accommodate different needs
– Uses management information bases (MIBs) to
categorize the data that can be queried
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Core Functions of SNMP
• SNMP has up to eight core functions
– Each known as a protocol data unit (PDU)
• Four PDUs discussed in this chapter
– Get
– Response
– Set
– Trap
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP Query Process
• SNMP manager sends a Get request
– Examples: GetRequest or GetNextRequest
• Agent sends a response with the requested
information
• SetRequest
– Used to ask agent to make changes to information
it queries and sends
• Variables
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.3 Simple SNMP process
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP Query Process (cont’d.)
• Trap PDU
– Used by an agent to solicit information from an
NMS
– Can happen with or without prior action from the
SNMP manager
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Query
• Bayland Widgets’ art department printer
– Maintained by Network+ technicians
– Uses an SNMP management system
• Network management station sends a
GetRequest to the printer agent
– Queries the number of pages printed
– Printer sends the Response
– Techs determine if the printer needs maintenance
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.4 The Bayland Widgets’ Art Department printer
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Query (cont’d.)
• Printer needs to advise techs when printer is
out of toner or paper
– Sends a Trap to the NMS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.5 Get/Response and Trap
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP (cont’d.)
• SNMP systems can use additional utilities
– Example: snmpwalk utility tells SNMP manager to
perform a series of Get commands
• Manager software can send SMS or email
alerts to network technicians
• Versions of SNMP
– SNMPv1, SNMPv2, and SNMPv3
• Version 3 added robust security
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SNMP (cont’d.)
• SNMP uses User Datagram Protocol ports 161
and 162 for unsecure communication
– Ports 10161 and 10162 when security is added
via TLS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Monitoring Tools
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Packet Sniffers
• Query the network interface and capture
packets into a capture file
• Programs might reside on a computer, a
router, a switch, or a dedicated hardware
• Connecting in promiscuous mode enables
getting as much data as possible
• Usually packaged with a packet analyzer
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Packet Analyzers
• Programs that read capture files and analyze
based on monitoring needs
• Typical question
– “What is the IP and MAC address of the device
sending out DHCP Offer messages and when is it
doing this?”
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Packet Analyzing With Wireshark
• Wireshark
– Powerful, popular, and free protocol analyzer
• Process
– Select an interface to begin the capture
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.6 Wireshark default window
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.7 Wireshark capturing packets
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.8 Wireshark filter
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Packet Flow Monitoring with NetFlow
• NetFlow
– Tool to track traffic flowing between specific
source and destination devices
– Track desired type of traffic via user-defined flows
• Flow
– Packets flowing from one specific place to another
– Cached in a flow cache
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Packet Flow Monitoring with NetFlow
(cont’d.)
• Flow cache information
– Destination and source address
– Destination and source ports
– Source on the device running that flow
– Total number of bytes of that flow
• Enables administrators to optimize the
network
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
NetFlow Collectors
• Store information from a device’s NetFlow
cache
• Different tools available
– Example: LiveAction
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.9 LiveAction in action!
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Interface Monitors
• Track bandwidth and utilization of one or
more interfaces on one or more devices
• Interface monitoring components
– Speed and duplex
– Utilization
– Packet drops
– Errors and interface resets
– Discards
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Interface Monitors (cont’d.)
• Started as manufacturer-specific tools
– Still common
– Other tools work on multiple platforms
• Example: Cisco Network Assistant (CNA)
– Monitors Cisco routers and switches
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.10 Percent of utilization of switch port 1
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.11 Hmm…looks pretty clean
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.12 Ouch. That’s a lot of errors!
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Performance Monitors
• Tracks the performance of some aspect of a
system over time
– Alerts you if something is not normal
• Usually tied to a particular operating system
or application
• Common tools
– Windows Performance Monitor (PerfMon)
– Linux’s syslog
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Logs
• Files that store performance information
about a particular aspect of the system
• Read, filtered, or created by performance
monitors
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Baselines
• Log of performance indicators give you a
picture of your network and servers when
they are working correctly
– Examples: CPU usage, network utilization, and
other values
• A major change in these values can indicate problems
• Common tool: Windows’ Performance
Monitor utility
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Log Management
• Security and maintenance
– Major issues pertaining to logs
• Log files will typically grow to fill the allocated
space
– Common practice is to make them cyclical—
overwrite the oldest files
• Utilities allow creation of log files on a
convenient schedule
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Putting It All Together
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Network Monitoring
Application
• Bayland Widgets’ CAN
– See Figure 20.13 for layout
– Each building is wired with 10Gb Ethernet
– Buildings interconnect with 10Gb fiber into access
switches
– Campus-wide Wi-Fi network
– Router gives Internet access
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.13 Diagram of Bayland Widgets’ campus area network
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Network Monitoring
Application (cont’d.)
• Types of networked devices
– Routers (wired and wireless)
– Switches
– Wireless access points
– Servers
– Workstations
– Printers
– Phones
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Network Monitoring
Application (cont’d.)
• Dedicate an area in the main office as a
network operations center (NOC)
– Centralized location for network management
• Use various programs to query devices
– Graphing program (e.g., Cacti) could create graphs
of information received
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.14 Cacti showing switch utilization graphs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 20.15 Cacti showing file server storage utilization graph
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Network Monitoring
Application (cont’d.)
• Example categories to monitor
– Network device CPU utilization
– Memory usage
– Traffic
– Link status
– Bottlenecks
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Example Network Monitoring
Application (cont’d.)
• Top talkers and top listeners can be identified
– May help track down a malware problem
• Wireshark could be used if moving the
network to IPv6
• Multiple tools are often needed for complex
troubleshooting scenarios
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Security Information and Event
Management (SIEM)
• An approach to monitoring and managing a
network
• A mashup of two processes:
– Security event management (SEM) has the task of
collecting and centralizing the log files
– Security information management (SIM) involves
reviewing and analyzing the information
Copyright © 2015 by McGraw-Hill Education. All rights reserved.