lecture 4: monitoring network resources
DESCRIPTION
Lecture 4: Monitoring Network Resources. IT:Network:Apps. What’s happening on the network?. Need to keep track of many things Traffic (packets) Network load Server load Disk space Log files Availability of Servers/Services. Network Traffic (live). Protocol Analyzer Wireshark Sniffer - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/1.jpg)
IT:Network:Apps
![Page 2: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/2.jpg)
Need to keep track of many things◦ Traffic (packets)◦ Network load◦ Server load◦ Disk space◦ Log files◦ Availability of Servers/Services
![Page 3: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/3.jpg)
Protocol Analyzer◦ Wireshark◦ Sniffer◦ Network Monitor
Need to see all packets◦ Promiscuous Mode◦ Management port on switch
![Page 4: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/4.jpg)
Could use Wireshark again (Stats>Summary)
Administrative Tools > Performance◦ IPv4 – Datagrams (sent/received) / sec◦ Network Interface – Bytes (sent/received/total) /
sec
![Page 5: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/5.jpg)
Performance again◦ Processor - % Processor Time◦ Processor - % Idle Time
◦ Memory – Pages/sec
![Page 6: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/6.jpg)
Disk Space – does it have enough space◦ Performance Monitor◦ Logical Disk - Free megabytes; % Free Space
Disk Performance – is it fast enough◦ Performance Monitor◦ Logical Disk – Avg Disk Read|Write Queue Length
![Page 7: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/7.jpg)
System keeps log files with important info◦ System; Application; Security; Others
Look at them!!! EventRover EventAlarm
![Page 8: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/8.jpg)
Security Policy (Local, Domain, DC)◦ Local Policies – Audit Policy
What to watch◦ Account Logon Events – domain user auth by DC◦ Account Mgmt – ◦ Logon Events – user auth by local machine◦ Object access – file system/reg key/ printer
(ntfs security – Adv – audit)◦ Policy Change◦ Privilege use◦ Process Tracking◦ System Events
![Page 9: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/9.jpg)
It Depends◦ Security – watch for what “shouldn’t” happen◦ Tracking – watch for what “is” happening
Do we need to know Mary successfully logged in?
Do we need to know the server restarted?◦ Why did it restart?
Do we need to know a user was created?◦ who created it and why?
Watch Log File
![Page 10: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/10.jpg)
NetProbe Performance
Could be as simple as ping Could check for specific service (www,
smtp) Could check Performance Monitor settings
![Page 11: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/11.jpg)
![Page 12: Lecture 4: Monitoring Network Resources](https://reader035.vdocuments.us/reader035/viewer/2022062719/5681305d550346895d9628c6/html5/thumbnails/12.jpg)
Windows Software Update Services◦ Patch management software
Microsoft Security Baseline Analyzer◦ MBSA, probes local and remote systems for
security issues Missing updates, hotfixes etc for most Microsoft
Software