Chapter 8  Remote Monitoring (RMON1) 1 Chapter 8 Overview  RMON1 is a MIB o Also known as RMON  Recall that mib-2 gives info on devices  RMONs provide.

Slides:



Advertisements
Similar presentations
Chapter 8 RMON Chapter 8 Network Management: Principles and Practice © Mani Subramanian
Advertisements

 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
Introduction to Network Analysis and Sniffer Pro
REMOTE MONITORING RMON1 (RFC DRAFT) TOKEN RING EXTENSIONS TO RMON (RFC PROPOSED) RMON2 (RFC PROPOSED) SMON (RFC PROPOSED) Copyright.
Chapter 15 Chapter 15: Network Monitoring and Tuning.
1 27-Jun-15 S Ward Abingdon and Witney College VLAN Trunking protocol CCNA Exploration Semester 3 Chapter 4.
Chapter 8 RMON Chapter 8 Network Management: Principles and Practice © Mani Subramanian
TDC365 Spring 2001John Kristoff - DePaul University1 Interconnection Technologies Bridging III.
Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
MJ07/07041 Session 07 RMON Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management course.
NETWORK MANAGEMENT Semester 4, Chapter 7. The Administrative Side of Network Management.
Remote Network Monitoring (RMON)
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.
Nov 9, 2006 IT 4333, Fall IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF.
1 Network Management Computer Networks. 2 OSI Network Management Model Performance Management e.g. utilization Fault Management e.g. SNMP traps Configuration.
Chapter 6 Overview Simple Network Management Protocol
HiVision SNMP Software.
1.  TCP/IP network management model: 1. Management station 2. Management agent 3. „Management information base 4. Network management protocol 2.
Packet Tracer: Novice Session
Chapter 4: Managing LAN Traffic
BAI513 - PROTOCOLS SNMP BAIST – Network Management.
Remote Network Monitoring (RMON) * * Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.
1 Kyung Hee University Prof. Choong Seon HONG Remote Network Monitoring statistics Collection.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.
1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
POSTECH DP&NM Lab 1 Remote Network Monitoring (RMON)
Chapter 6 – Connectivity Devices
Remote Monitoring (RMON)
Standards for Network Administration Week-5. Standards for Network Administration 1. Management Information Base A structured database about a network.
COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.
Cisco – Semester 4 – Chapter 7
1 Kyung Hee University Prof. Choong Seon HONG Remote Network Monitoring Remote Network Monitoring Alarms and Filters.
Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
Syslog The purpose of syslog is to write system messages to a log Syslog messages can include everything from critical alarm conditions to ordinary debugging.
Remote Monitoring (RMON) RMON specification is primarily a definition of a MIB RMON specification is primarily a definition of a MIB RFC 1757/2819 Remote.
Remote Monitoring (RMON) RMON specification is primarily a definition of a MIB RFC 1757/2819 Remote network monitoring management information base (RMON)
Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.
RMON (alarms and filtering). Alarm group It is used to define a set of threshold for network performance. If a threshold is crossed in the appropriate.
Chapter 4  Configuration: Client/Server Components 1 Chapter 4 Overview  Configure client/server components o Network interface card (NIC) o Windows.
1 Kyung Hee University RMON Overview  RMON MIB specification to include monitoring of protocol traffic above the MAC level  An RMON probe can.
Network Analyzer :- Introduction to Wireshark. What is Wireshark ? Ethereal Formerly known as Ethereal GUINetwork Protocol Analyzer Wireshark is a GUI.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
Monitoring Troubleshooting TCP/IP Chapter 3. Objectives for this Chapter Troubleshoot TCP/IP addressing Diagnose and resolve issues related to incorrect.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
RMON 1. RMON is a set of standardized MIB variables that monitor networks. Even if RMON initially referred to only the RMON MIB, the term RMON now is.
Remote Monitoring (RMON) RFC 2819 Remote network monitoring management information base (RMONI) RFC 2819 Remote network monitoring management information.
1 15-Mar-16 VLAN Trunking protocol CCNA Exploration Semester 3 Chapter 4.
Splunk Enterprise Instructor: Summer Partain 3 Day Course.
Presented by: Ambily Asha Rashmi Shruthi RMON Remote Monitoring.
1 Remote Monitoring (RMON) These slides are based in parts upon slides of Prof. Dssouli (Concordia university )
Company LOGO RMON By Dr. Shadi Masadeh. Notes RMON Components RMON Probe Data gatherer - a physical device Data analyzer Processor that analyzes data.
Manajemen Jaringan, Sukiswo ST, MT 1 Remote Network Monitoring (RMON) Sukiswo
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
Lab 2: Packet Capture & Traffic Analysis with Wireshark
RMON.
Network Management Computer Networks.
Network Administration CNET-443
Hubs Hubs are essentially physical-layer repeaters:
NETWORK MANAGEMENT Semester 4, Chapter 7.
Remote Monitoring (RMON)
Chapter 10 IGMP Prof. Choong Seon HONG.
Network Analyzer :- Introduction to Wireshark
Network Analyzer :- Introduction to Wireshark
Active Tests and Traffic Simulation: Module Objectives
Active Tests and Traffic Simulation: Module Objectives
Chapter 5 Data Link Layer – Hub, Switch
Presentation transcript:

Chapter 8  Remote Monitoring (RMON1) 1 Chapter 8 Overview  RMON1 is a MIB o Also known as RMON  Recall that mib-2 gives info on devices  RMONs provide network info  RMON1 provides info at link (MAC) layer  RMON2 is discussed in chapter 9 o Info at network layer and above

Chapter 8  Remote Monitoring (RMON1) 2 Textbook LAN  Probe 1 and probe 2 are RMON probes  Probe 2 is RMON1 only  Probes capture packets in promiscuous mode

Chapter 8  Remote Monitoring (RMON1) 3 RMON1 MIB Groups  We’ll consider the following groups o Statistics group, History group, o Alarm group, Host group, o HostTopN group, Matrix group o Filter group, Capture group, o and Event group

Chapter 8  Remote Monitoring (RMON1) 4 Statistics Group  Overall statistics

Chapter 8  Remote Monitoring (RMON1) 5 History Group

Chapter 8  Remote Monitoring (RMON1) 6 Alarm Group

Chapter 8  Remote Monitoring (RMON1) 7 Host Group

Chapter 8  Remote Monitoring (RMON1) 8 HostTopN Group

Chapter 8  Remote Monitoring (RMON1) 9 Matrix Group

Chapter 8  Remote Monitoring (RMON1) 10 Filter Group

Chapter 8  Remote Monitoring (RMON1) 11 Capture Group

Chapter 8  Remote Monitoring (RMON1) 12 Event Group

Chapter 8  Remote Monitoring (RMON1) 13 Statistics Group  Simplest RMON1 group  “Counts” all packets detected  Increment counts

Chapter 8  Remote Monitoring (RMON1) 14 Control Objects and Tables  Control objects in RMON1 and RMON2  Specify how data is collected o And whether probe or mgmt station decides  Mgmt station looks at control objects to see if data being collected as desired  Mgmt station can modify control objects  Probe-created control objects generally should not be changed

Chapter 8  Remote Monitoring (RMON1) 15 Control Objects and Tables  Suppose mgmt station wants to collect data from a particular subnet  It could create a new row in etherStatsTable  Instead, could use control objects so that only the desired data is collected  Saves storage on the probe  Use SetRequest to set control object values

Chapter 8  Remote Monitoring (RMON1) 16 etherStatsTable Control Objects

Chapter 8  Remote Monitoring (RMON1) 17 MeterWare  Summary view  Probe 2 info

Chapter 8  Remote Monitoring (RMON1) 18 RMON1 on Probe 2  Object values  Click “Statistics”

Chapter 8  Remote Monitoring (RMON1) 19 etherStatsTable Control Objects  Probe 2 has one interface, so only one row  etherStatsOwner = monitor o Agent created and “owns” this row  etherStatsStatus = valid o Agent will store collected data  etherStatsDataSource = ifIndex.1 o Identifier of mib-2 for probe interface to  etherStatsIndex = 1 o First row in table

Chapter 8  Remote Monitoring (RMON1) 20 etherStatsTable Control Objects  View  select row and start collecting stats  Add  add another row  Modify  edit current row  Delete  delete a row  Help  get help (duh!)

Chapter 8  Remote Monitoring (RMON1) 21 History Group  A record of what happens over defined sampling intervals  Similar to Statistics Group  Main difference is sampling intervals  History Group includes o etherHistoryTable o historyControlTable

Chapter 8  Remote Monitoring (RMON1) 22 History Group  MIB browser view

Chapter 8  Remote Monitoring (RMON1) 23 historyControlTable  Column objects

Chapter 8  Remote Monitoring (RMON1) 24 historyControlTable  One row for each historyControlInterval o In this case, 30 and 1800 seconds o 120 “buckets” (intervals) for each  So 240 rows in etherHistoryTable

Chapter 8  Remote Monitoring (RMON1) 25 historyControlTable

Chapter 8  Remote Monitoring (RMON1) 26 etherHistoryTable  Recall, 240 rows in etherHistoryTable

Chapter 8  Remote Monitoring (RMON1) 27 etherHistoryTable and historyControlTable

Chapter 8  Remote Monitoring (RMON1) 28 Sample History Report  30 second history report

Chapter 8  Remote Monitoring (RMON1) 29 Host Group  Statistics per host  Note statistics and history groups do not relate their stats to hosts  4 tables: hostControlTable, hostTable, hostTimeTable, hostControl2Table (RMON2)

Chapter 8  Remote Monitoring (RMON1) 30 hostControlTable  hostCotrolTableSize o Number of hosts detected so far  hostControlLastDeleteTime o Last “reset” time

Chapter 8  Remote Monitoring (RMON1) 31 hostControlTable

Chapter 8  Remote Monitoring (RMON1) 32 hostTable  Index object, MAC address pairs  Host address is index object o Index object has address in decimal

Chapter 8  Remote Monitoring (RMON1) 33 hostTimeTable  Same objects as hostTable  Different index object o hostTimeCreationOrder, not hostAddress o So that new hosts easily distinguished o Also hostTimeIndex

Chapter 8  Remote Monitoring (RMON1) 34 Too Many Hosts?  If too many hosts, probe uses hostTimeCreationOrder to drop hosts o Drop those that have not been used for longest o hostTimeCreationOrder is in hostTimeTable  To be sure it uses valid object identifier, mgmt station checks hostControlLastDeleted o In hostControlTable

Chapter 8  Remote Monitoring (RMON1) 35 hostTable Example  Hosts detected on probe 2 subnet

Chapter 8  Remote Monitoring (RMON1) 36 HostTopN Group  Rate of change of hostTable info  Sorta like History for specific Host  For each row of hostTopNControlTable o N rows in hostTopNTable (N is configurable)

Chapter 8  Remote Monitoring (RMON1) 37 hostTopNControlTable

Chapter 8  Remote Monitoring (RMON1) 38 hostTopNControlTable  Index is generated by the probe  Unique for each distribution created

Chapter 8  Remote Monitoring (RMON1) 39 hostTopNTable  Note that it’s measuring the change

Chapter 8  Remote Monitoring (RMON1) 40 HostTopN in MeterWare  Distribution of top 5 hosts  Based on “in-packets” rate Addresses of hosts with largest number of in-packets 

Chapter 8  Remote Monitoring (RMON1) 41 HostTopN Addresses  This is not the same as view on previous slide

Chapter 8  Remote Monitoring (RMON1) 42 Matrix Group  Host-to-host statistics  Like a 2-d version of Host

Chapter 8  Remote Monitoring (RMON1) 43 Matrix Control Tables

Chapter 8  Remote Monitoring (RMON1) 44 Matrix Control Tables  matrixControlTable o Same objects as hostControlTable  matrixSDTable and matrixDSTable o Only difference is order of index objects o Source to destination vs destination to source? o If matrixSDTable is A to B, then corresponding matrixDSTable is B to A

Chapter 8  Remote Monitoring (RMON1) 45 Matrix Control Tables  matrixSDTable  matrixDSTable

Chapter 8  Remote Monitoring (RMON1) 46 Matrix in MeterWare

Chapter 8  Remote Monitoring (RMON1) 47 Filter and Capture Groups  These groups usually used together  Capture Group o How probe captures frame o How info is sent from buffer on probe to buffer on mgmt station  Filter Group o To select types of frames to capture o Used to conserve space in buffers

Chapter 8  Remote Monitoring (RMON1) 48 Capture Group  Capture group objects

Chapter 8  Remote Monitoring (RMON1) 49 Capture Group  bufferControlTable

Chapter 8  Remote Monitoring (RMON1) 50 Capture Group  captureBufferTable

Chapter 8  Remote Monitoring (RMON1) 51 Capture Group  How packets are captured and buffered o We’ll fill in the details on the next few slides

Chapter 8  Remote Monitoring (RMON1) 52 Channels  Probe 2 channels  Channel editor o To set values in bufferControlTable

Chapter 8  Remote Monitoring (RMON1) 53 Channels  Run button o Start capturing  Filter tab o Make filters  Buffer tab o Show captured packets, protocols,…  Analyze tab o More specific filtering/analysis  Create new channel

Chapter 8  Remote Monitoring (RMON1) 54 Filter Group  By default (in Meterware) all packets captured until buffer is full  Can then filter the ones of interest o Using analyze tab  But some packets might be missed due to full buffer  Filter group used to prevent this

Chapter 8  Remote Monitoring (RMON1) 55 Filter Group  Filter group objects

Chapter 8  Remote Monitoring (RMON1) 56 Filter Group  filterTable objects

Chapter 8  Remote Monitoring (RMON1) 57 Filter Group  channelTable objects

Chapter 8  Remote Monitoring (RMON1) 58 RMON Control Table  Create/edit RMON channels o As shown in Capture Group slides  Control Table for RMON Channels (above)  Select: Owner  View Details

Chapter 8  Remote Monitoring (RMON1) 59 Channel Information  Interface Index  channelIfIndex  Channel Index  channelIndex  Status  channelStatus  Packet Matches  channelMatches  Accept Type  channelAcceptType  All objects here are in channelTable  Owner  channelOwner

Chapter 8  Remote Monitoring (RMON1) 60 Channel Information  Data Flow Control  channelDataControl o off(2) means no packets being captured  Turn On Event Index  channel… o Event to turn off(2) to on(1)  Turn Off Event Index  channel… o Event to turn on(1) to off(2)  All objects here are in channelTable

Chapter 8  Remote Monitoring (RMON1) 61 Channel Information  Generated Event Index  channelEventIndex o 0 means no event generated by a matched packet (configured in Event Group)  Generated Event Status  channelEventStatus o Options are… o eventReady(1) o eventFired(2) o eventAlwaysReady(3)  All objects here are in channelTable

Chapter 8  Remote Monitoring (RMON1) 62 Filter Example  May not want to include all packets  Can set up filter for each channel  Above is filter from Probe 2 to WS2  Another filter needed for opposite direction

Chapter 8  Remote Monitoring (RMON1) 63 Filter Example  Link layer  ifTable/ifType = ethernet-csma(6)  Protocol  filterTable/filterPktData = IP  Sub-protocol  filterTable/filterPktData = UDP  Source address  Probe 2 (MAC and IP address)  Destination address  WS2 (MAC and IP address)  Allow packets  filterTable/filterPktStatus o Any Packet = 0  Filter for packets from probe 2 to WS2

Chapter 8  Remote Monitoring (RMON1) 64 Captured/Filtered Packets

Chapter 8  Remote Monitoring (RMON1) 65 All Captured Frames

Chapter 8  Remote Monitoring (RMON1) 66 Contents of Frame  Detailed view of packet o Similar to Ethereal

Chapter 8  Remote Monitoring (RMON1) 67 Analysis of Captured Frames  Packet 10 (out of 28) shown  Next, filter o UDP packets o Length 00 fe  Click “apply” o Next slide…

Chapter 8  Remote Monitoring (RMON1) 68 Analyze Screen  Find 6 frames that satisfy the filter o Out of 28 captured frames  Can filter down to frames of interest

Chapter 8  Remote Monitoring (RMON1) 69 Alarm Group  alarmTable “Threshold” compared o If threshold exceeded, alarm sent  Used with Event Group

Chapter 8  Remote Monitoring (RMON1) 70 alarmTable Objects

Chapter 8  Remote Monitoring (RMON1) 71 Event Group  Two tables o eventTable and logTable  Specify event triggered by Alarm group o Events can also be triggered from elsewhere

Chapter 8  Remote Monitoring (RMON1) 72 eventTable and logTable

Chapter 8  Remote Monitoring (RMON1) 73 Event Example  In channelTable…  channelTurnOffEventIndex o Can set value equal to an eventIndex in eventTable with eventType of trap(3) o Then any packet that matches channel will cause a trap to be sent to Mgmt Station o Mgmt Station could be configured to send SetRequest to turn off the channel

Chapter 8  Remote Monitoring (RMON1) 74 Chapter 8 Summary  Examined RMON1 groups (9 of them)  RMON monitors network traffic o RMON1 for link layer o RMON2 for higher layers o Chapter 8: RMON1 o Chapter 9: RMON2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.