CHAPTER ONE
INTRODUCTION
- Background of the Study
Network monitoring and measurement have become more and more important in a modern complicated network. In the past, administrators might only monitor a few network devices or less than a hundred computers. The network bandwidth may be just 10 or 100Mbps (Megabit per second) ; however, now administrators have to deal with not only higher speed wired network ( more than 10Gps( Gigabit per second) and Asynchronous Transfer Mode(ATM) network) but also wireless network .They need more sophisticated network traffic monitoring and analysis tools in order to maintain the network system stability and availability such as to fix network problems on time or to avoid network failure, to ensure the network security strength, and to make good decisions for network planning, when a network failure occurs, monitoring agents have to detect, isolate, and correct malfunctions in the network and possibly recover the failure. Commonly, the agents should warm the administrators to fix the problems within a minute. With the stable network, the administrator’s jobs remain to monitor constantly if there is a threat from either inside or outside network. Moreover, they have to regularly check the network performance if the network devices are over loaded to avoid a failure occurring due to the overloaded, information about network usage can be used to make a network plan for short-term and long-term future improvement.
There are various kinds of tools use for dealing with the network monitoring and analysis; such as tools by simple network management protocol (SNMP), windows management instrumentation (WMI), sniffing and network flow monitoring and analysis. Given the data packet and network traffic flow information, administrators can understand network behavior, such as application and network usage, utilization of network resources, and network anomalies and security vulnerabilities.
1.1.1 Basic Concepts
SNMP (Simple Network Management Protocol) was introduced in 1988 and was initially designed as a short-term solution to manage Transmission Control Protocol /Access Point(TCP/AP) based networks. With SNMP’s Get, Set and Trap operations, monitoring and controlling can be realized in TCPAP networks. Since Transmission Control Protocol/Internet Protocol (TCP/IP) is dominant, implementation anddeployment of SNMP management systems are important.Because of the limitations and deficiencies in the original SNMP suite, SNMP v2 was introduced and published in 1993.To address the security and remote configuration capabilities issues, a recent set of Request for Comments (RFCs), known collectively as SNMP v3, has also been recently introduced[Snmpv3].
A network management or monitoring system must have a management station or manager.The management station serves as the interface for the human network manager into the network management system so that the network manager can monitor and control the network management processes. Another key element in network management is the management agent. Any node in the network to be managed, such as PCs, workstations, servers, bridges and routers,should be equipped with an agent so that they can be managed from a management station. The agent gathers and records management information for one or more network elements and communicates that information to the manager. The communication is implemented according to a common network management protocol which is shared by al1 the management stations and agents.