![Page 1: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/1.jpg)
Network-Monitoringusing ntop and SNMP
Stephan Knabe
Student at Hochschule Harz, Wernigerode
Diploma Student at DESY Zeuthen, DV group
26. November 2003
![Page 2: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/2.jpg)
This is not only one topic:
SNMP and ntop - totally different things:
• ntop - a tool for Network-Monitoring
• SNMP - a Management-Networkprotocol
The power comes with the combination.
Network-Monitoring using ntop and SNMP 26. November 2003 1
![Page 3: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/3.jpg)
Inhalt
• Network-Monitoring using ntop
• Monitoring using SNMP
• Draft of an integrated Monitoring-Solution
Network-Monitoring using ntop and SNMP 26. November 2003 2
![Page 4: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/4.jpg)
Network-Monitoringusing ntop
Stephan Knabe
Student at Hochschule Harz, Wernigerode, FB A/I
Diploma Student at DESY Zeuthen, DV group
26. November 2003
![Page 5: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/5.jpg)
In networks you’ll get disturbances.
Possible causes are:
• Errors in hardware-, software- or configuration
• Bad design and bad scalability
• Unauthorized or not foreseen usage
Continued monitoring prevents you from this.
Network-Monitoring using ntop 26. November 2003 1
![Page 6: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/6.jpg)
ntop overview (1)
• Monitoring of small and midsize networks
• OSI-Layers 2, 3, 4 and 5
• Comfortable Web-GUI
• Integrated webserver
• Extensive tabular and graphical overviews
• Open Source (GPL)
Network-Monitoring using ntop 26. November 2003 2
![Page 7: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/7.jpg)
ntop overview (2)
• Supported media types:
Loopback, Ethernet (including 802.11Q), Token Ring,
PPP/PPPoE, FDDI, ...
• Supported Operating Systems:
FreeBSD, Linux, Solaris, IRIX, AIX, MS Windows
• Supported protocols :
IP, IPX, DecNet, AppleTalk, Netbios, OSI, DLC ...
Network-Monitoring using ntop 26. November 2003 3
![Page 8: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/8.jpg)
ntop overview (3)
• Mainly developed by Luca Deri (University of Pisa)
• Project-Homepage www.ntop.org
• CVS-Snapshots, FAQ, Forums at
snapshot.ntop.org
• Mailinglists [email protected] and
• Actual version is 2.5c
Network-Monitoring using ntop 26. November 2003 4
![Page 9: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/9.jpg)
Architecture
Packet Capture
Packet Analysis
Report Engine
Webserver
NetFlow−Plugin
...Plugins
HTTP/HTTPS
RRD−Plugin
PDA−Plugin
based on libpcap
Network-Monitoring using ntop 26. November 2003 5
![Page 10: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/10.jpg)
Basic-Features (1)Total-Data-Statistic
Network-Monitoring using ntop 26. November 2003 6
![Page 11: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/11.jpg)
Basic-Features (2)Detailed TCP/UDP-Statistic
Network-Monitoring using ntop 26. November 2003 7
![Page 12: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/12.jpg)
Basic-Features (3)Host-Statistics
Network-Monitoring using ntop 26. November 2003 8
![Page 13: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/13.jpg)
Basic-Features (4)Network-Overview
Network-Monitoring using ntop 26. November 2003 9
![Page 14: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/14.jpg)
Advanced Features
• TCP-Connection-Tracking
• Host-Matrix
• VLAN-Overview
• Basic IDS-Features
Network-Monitoring using ntop 26. November 2003 10
![Page 15: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/15.jpg)
Administration
• Access control
• Reset of counters
• Setting filters
• Export of data (TXT, XML, PHP, Perl ...)
• Plugin-Configuration
Network-Monitoring using ntop 26. November 2003 11
![Page 16: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/16.jpg)
Plugins
• NetFlow - Im- and export of Connection-Parameters
• rrdPlugin - Storage of data and creation of timebased trend
graphics
• ICMP-Watch - Detailed monitoring of ICMP-Packets
• NFS-Watch - NFS-Statistics
• LastSeen - Stores time of first and last host activities
Network-Monitoring using ntop 26. November 2003 12
![Page 17: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/17.jpg)
rrdPlugin (1)
• Medium-term archiving of collected data is necessary
• RDBMS needs manual service because of lots of data
• Alternatives are Round Robin Databases
00:0
5:00
00:0
4:30
00:0
4:00
00:0
3:30
00:03:00 00:02:30
00:02:00
00:01:3000:01:00
00:00:30
00:00:0000:05:30
12
1110
2
34
58
9
67
1
Network-Monitoring using ntop 26. November 2003 13
![Page 18: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/18.jpg)
rrdPlugin (2)
• Based on rrdtools from mrtg
• Wide spread on Unix systems
• Packet includes graphic tool
• API’s for Perl and C
• Interfaces to other tools
Network-Monitoring using ntop 26. November 2003 14
![Page 19: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/19.jpg)
rrdPlugin (3)
• Configuration of storage path, data amount, data detail
• Creates graphical stats of host- and network-data
Network-Monitoring using ntop 26. November 2003 15
![Page 20: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/20.jpg)
NetFlow-Plugin (1)
• In large networks and Switch-Environments
distributed monitoring is a solution
• RMON/SMON only give insufficient data
HubHub
Switch
ntop−Probe
ntop−Host
netFlow−Export
ntop−Probe
!Power
COL 1 2 3 4 5 6 7 8 1 2 3 6 25 50 8012
100
10
Ether 10/100
!Power
COL 1 2 3 4 5 6 7 8 1 2 3 6 25 50 8012
100
10
Ether 10/100
�� �� � � � ��� � � � � ��� ��� � �� �� �� �� �� � � �� ���� ���
Workgroup Switch
Catalyst
Router
CiscoSystems
Network-Monitoring using ntop 26. November 2003 16
![Page 21: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/21.jpg)
NetFlow-Plugin (2)
• Plugin for im- and exporting of Flow-Data
• ntop supports NetFlow v5, sFlow, nFlow and
NetFlow v9
• Interfaces to other applications are easy to implement
netFlow−Clientntop RDBMSnetFlow SQL
Network-Monitoring using ntop 26. November 2003 17
![Page 22: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/22.jpg)
Summary
• Universal tool for daily practical use
• Works also with bigger networks
• Lot of interfaces to external (own) applications
• For long time data storage better use external tools
• No replacement for IDS or protocol analyzers
Network-Monitoring using ntop 26. November 2003 18
![Page 23: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/23.jpg)
Ressources
• Project-Homepage www.ntop.org /
snapshot.ntop.org
• Information about flow protocols:
www.cisco.com, www.sflow.org
• RRD-Infos www.mrtg.org,
www.rrdtool.org
• Feedback to [email protected]
Network-Monitoring using ntop 26. November 2003 19
![Page 24: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/24.jpg)
Monitoring using SNMP
Stephan Knabe
Student at Hochschule Harz, Wernigerode, FB A/I
Diploma Student at DESY Zeuthen, DV group
November 26, 2003
![Page 25: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/25.jpg)
In networks you’ll get disturbances.
Possible causes are:
• Errors in hardware-, software- or configuration
• Bad design and bad scalability
• Unauthorized or not foreseen usage
Continued monitoring prevents you from this.
Monitoring using SNMP November 26, 2003 1
![Page 26: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/26.jpg)
SNMP is good
• Platform-independent
• Open specification
• In fact THE standard for networking devices
For a PC you can built your own protocol (i.e. like
Big Brother, Scout).
The more protocols you use, the more stress you’ll get
(licensing, interfaces, security).
Monitoring using SNMP November 26, 2003 2
![Page 27: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/27.jpg)
SNMP-Basics (1)
• Message-orientated networking protocol for managing
distributed ressources
• SNMPv1: 1988, definition of basic operations
• SNMPv2: ca. 1996, 64Bit-Counters, support of IPX
and AppleTalk, locking mechanisms
• SNMPv3: ca. 1999, security-features (i.e. authenti-
cation, encryption and better access control)
Monitoring using SNMP November 26, 2003 3
![Page 28: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/28.jpg)
SNMP-Basics (2)
get−request
get−response
get−response
get−request
get−next−request
set−request
trap
UD
P:1
61
UD
P:1
62 SNMP−Agent
SNMP−Manager
Monitoring using SNMP November 26, 2003 4
![Page 29: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/29.jpg)
SNMP-Basics (3)Management Information Bases
• Describe SNMP-Variables, using SMI-syntax
• Hierarchically structured
• Numerical and alphanumerical notation
• Registration of self made MIB’s at IANA
(www.iana.org
Monitoring using SNMP November 26, 2003 5
![Page 30: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/30.jpg)
SNMP-Basics (4)
.root
iso
stnd reg−auth mb
dod
org
ccitt join−iso−ccitt
internet
.0 .2 .1
.0 .1 .2 .3
.6
.1
iso.org.dod.internet = .1.3.6.1
Monitoring using SNMP November 26, 2003 6
![Page 31: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/31.jpg)
Management-Tools
• NetSNMP • scotty/tkinet
• cheops • mrtg
• cricket • nagios
Monitoring using SNMP November 26, 2003 7
![Page 32: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/32.jpg)
NetSNMP (1)
• Former UCD-SNMP
• Supports trend-setting featueres (SNMPv3,
Kerberos,...)
• SNMP- and SNMP-Trap Agent
• management-tools
• SNMP Agent-API, C Library, Perl Modules
• Efficient UCD/NetSNMP-MIB
• Runs on Unix, MS Windows
Monitoring using SNMP November 26, 2003 8
![Page 33: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/33.jpg)
NetSNMP (2)NetSNMP-Agent
• Access control with VACM and USM
• Support of PC specific MIB2-Variables
• UCD/NetSNMP MIB for extended features (load,
memory-usage, script-output etc.)
• Easy implementation of self implemented plugins
(statically and dynamically loadable)
Monitoring using SNMP November 26, 2003 9
![Page 34: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/34.jpg)
NetSNMP (3)Management-Tools (command-line)
• snmptranslate - Management of different
OID-Notations
• snmpget - Requests for single MIB-Variables
• snmpwalk - Browsing the MIB-Trees
• snmptable - Displaying tables
• snmptrap - Sending traps
...
Monitoring using SNMP November 26, 2003 10
![Page 35: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/35.jpg)
scotty/tkined (1)
• Open Source Framework for Network-Management
• TCL based
TNM TCL-Extensions
• Extensions for accessing network ressources
• TCL-API for SNMP (v1 and v2, v3 soon)
• Functions for diagnosis of network services (ICMP, DNS, ...)
• Base for self implemented Management-Applications
(syslog interface, netdb)
Monitoring using SNMP November 26, 2003 11
![Page 36: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/36.jpg)
scotty/tkined (2)tkined
• GUI-Tool for Network-Overview and -Monitoring
• Monitoring of availability and ressource usage
• Diagnosis und frontend for network services
• MIB-Browser
• Continuous or static SNMP-Monitor
• Own extensions, using TNM, possible
Monitoring using SNMP November 26, 2003 12
![Page 37: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/37.jpg)
scotty/tkined (3)
• Comfortable GUI for designing graphical overviews
Monitoring using SNMP November 26, 2003 13
![Page 38: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/38.jpg)
cheops
• Based on (old) GTK, uses NetSNMP-API
• Functionset similar to tkinetd
Monitoring using SNMP November 26, 2003 14
![Page 39: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/39.jpg)
mrtg (1)
• Multi Router Traffic Grapher
• Runs on Unix and MS Windows
• Creates graphics for time-based trend views
• Output of HTML-Code, GIF- or PNG-Graphics
• Own SNMP-Implementation (v2)
• Datenbases are Round Robin Databases (RRD)
• CGI-API uses Embedded Perl
Monitoring using SNMP November 26, 2003 15
![Page 40: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/40.jpg)
mrtg (2)
• Formerly used for network statistics
• Monitoring of any other data is possible
Monitoring using SNMP November 26, 2003 16
![Page 41: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/41.jpg)
cricket
• Functionset like mrtg
• Better Performance
• Creates more complex graphics
Monitoring using SNMP November 26, 2003 17
![Page 42: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/42.jpg)
nagios (1)
• Complex Network-, Host- and Service-Monitoring
• Open Source (GPL)
• Formerly known as ”netsaint”
• Web-GUI with extensive statistics and diagrams
• Core only consists of Report-Engine
• Tests are implemented as Plugins
• API for implementing own Plugins
Monitoring using SNMP November 26, 2003 18
![Page 43: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/43.jpg)
nagios (2)nagios is already in use at DESY Zeuthen:
http://euterpe.ifh.de/Nagios
Monitoring using SNMP November 26, 2003 19
![Page 44: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/44.jpg)
Summary (1)
• SNMP is a powerful, open Management-Protocol.
• (Serious) security-features can only be found in
SNMPv3.
• Version 3 is not supported by every application.
• Integration into own solutions (i.e. SSH-Tunnel) is an
alternative.
Monitoring using SNMP November 26, 2003 20
![Page 45: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/45.jpg)
Summary (2)
• A lot of existing Monitoring-Tools
• Implementation of custom-made solutions using API’s
(C, Perl, Java, TCL,...) is not so difficult.
• Realization of own MIB’s is no problem
Monitoring using SNMP November 26, 2003 21
![Page 46: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/46.jpg)
Ressourcen
• www.net-snmp.org
• www.mrtg.org, www.rrdtool.org
• cricket.sourceforge.net
• wwwhome.cs.utwente.nl/˜schoenw/scotty/
• www.marko.net/cheops/
• www.nagios.org,
euterpe.ifh.de/Nagios/
• Feedback to [email protected]
Monitoring using SNMP November 26, 2003 22
![Page 47: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/47.jpg)
Draft of an integrated
Network-Monitoring-Solution
Stephan Knabe
Student at Hochschule Harz, Wernigerode
Diploma Student at DESY Zeuthen, DV group
26. November 2003
![Page 48: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/48.jpg)
The actual situation
• At this time, there is no efficient system for
monitoring network traffic on OSI-Layer 3 and
above.
• The objective is, to get and visualize traffic data
in a mid-size time frame.
• Points of interest are on OSI-Layer 3, 4 and 5.
Draft of an integrated Network-Monitoring-Solution 26. November 2003 1
![Page 49: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/49.jpg)
The Environment
Workgroups
Externer Zugang
Router
Switches
� �� �� �� � ��� �� �� �� � � !"! #"# $%&"& '"'( () ) *"* +"+ ,-. .. . / // /0 01 12 22 23 33 3 45 6"6 7"78 89 9: :: :; ;; ;< <= => >> >? ?? ? @A B BB BC CC C DEF FF F G GG GH HI I J JJ JK KK KL LM M
Workgroup Switch
CatalystWorkgroup Switch
CatalystWorkgroup Switch
CatalystCiscoSystems CiscoSystems CiscoSystems
Using of Switches allows no central probe.
Draft of an integrated Network-Monitoring-Solution 26. November 2003 2
![Page 50: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/50.jpg)
The Environment
We’ll concentrate on spotting two points:
Probe 1
Probe 2NON POP QRS SS ST TT T UVWOW XOX YZ[ [[ [\ \\ \ ]^ _O_ `O`a ab bc cc cd dd d ef gOg hOhi ij j k kk kl ll l mn oOo pOpq qr rs ss st tt t uv w ww wx xx x yz {O{ |O|} }~ ~ � �� �� �� � ��
Workgroup SwitchCatalyst
Workgroup SwitchCatalyst
Workgroup SwitchCatalystCiscoSystems CiscoSystems CiscoSystems
Draft of an integrated Network-Monitoring-Solution 26. November 2003 3
![Page 51: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/51.jpg)
Probe 1
• Installation of a Mirror-Port
• Traffic from and into workgroups will be registered
• Data-Processing using ntopntop−HostRouter
Draft of an integrated Network-Monitoring-Solution 26. November 2003 4
![Page 52: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/52.jpg)
Probe 2
• Port-Mirroring is impossible, because of technical
reasons
• Switching on terminal-level allows no sub-probes
• Local probing with transmission of data to a
central institution
Draft of an integrated Network-Monitoring-Solution 26. November 2003 5
![Page 53: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/53.jpg)
Accounting using netFlow
netFlow gives us detailed connection information:
• Source- and destination address
• ULP, source and destination port
• Timestamp for opening and closing of a
connection
• Transfered data volume
This results in an additional volume of network traffic.
Draft of an integrated Network-Monitoring-Solution 26. November 2003 6
![Page 54: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/54.jpg)
Polling of SNMP Variables
• Within a workgroup, our interest is mostly on
traffic volume and protocol distribution
• Traffic can be captured at the local network
interface
• A local SNMP Agent will provide the traffic
information
• Polling, storage and visualisation will be done by
a central management-application
Draft of an integrated Network-Monitoring-Solution 26. November 2003 7
![Page 55: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/55.jpg)
Design of the local SNMP Agent
SNMP AgentNetSNMP
Network Traffic
MIB
basierend auf libpcap
Traffic−Counter Plugin
Capture Thread
Draft of an integrated Network-Monitoring-Solution 26. November 2003 8
![Page 56: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/56.jpg)
Ressources
• www.ntop.org
• www.net-snmp.org
• www.tcpdump.org
• Feedback to [email protected]
Draft of an integrated Network-Monitoring-Solution 26. November 2003 9
![Page 57: Network-Monitoring using ntop and SNMP - DESY](https://reader030.vdocuments.us/reader030/viewer/2022020706/61fc9d879d50e757a521aee2/html5/thumbnails/57.jpg)
The EndThanks for attending
Feedback is very much appreciated:
The slides were made using LATEX and seminar.sty.
Network-Monitoring using ntop and SNMP 26. November 2003 3