What is network monitoring
Network monitoring is a tool used to identify and send out alerts regarding issues affecting the availability or functionality of network services. Administrators typically monitor availability of network services, functionality of network interfaces, status of critical hardware systems, CPU, memory, or other statistics for servers and devices on a network.
In other words, administrators use network monitoring tools to ensure critical systems in the network are available and functioning properly.
Consistent network monitoring and analysis is important for:
- Understanding a network’s baseline statistics — helps administrators notice and respond to abnormal behavior.
- Governing networks — prevents unwanted or unauthorized changes, including misconfigurations, shadow IT, and possible security threats by insiders or outside attackers.
- Identifying critical issues — which can cause network slowdown or failure, before they result in a problem.
- When a problem already occurs — helps to identify the root cause and resolve it.
What does network monitoring cover
Network monitor tools cover some or all of the following network elements:
- Network devices — including routers, switches, appliances, gateways and proxies
- Links and connections between network elements, including network interfaces
- Mission critical servers — web server monitoring, email servers, application servers, FTP servers, storage systems
- External service providers — including web hosting, cloud services, SaaS applications, messaging services
For servers or other devices on the network, network monitoring typically watches availability, CPU and memory utilization, disk usage, and configuration.
A network monitor works with protocols like HTTP, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, ICMP, SIP, UDP, and Media Streaming. Network monitoring solutions can perform passive monitoring such as listening on ports and reporting on traffic. Some solutions also perform active monitoring, for example, sending a ping or performing a TCP request to test how a server or network service responds.
Metrics and measurements used by network monitoring tools
Network monitoring tools measure the following aspects of network services or devices:
- Availability — is the service or device up and responding to requests?
- Network response time — how fast is each request processed?
- Network route analytics — what network routes do requests travel through, which hops exist between client and server, and are routes optimal?
Network traffic monitoring methods and tools
A basic utility used in network monitoring is ping. Ping is used to check if a computer is operating and if network connections are intact. Ping works by sending an Internet Control Message Protocol (ICMP) request over the network, and measuring round-trip time (RTT) for messages sent from the originating host to a destination computer and back.
Another way to monitor networks is the Simple Network Management Protocol (SNMP). SNMP provides a reliable way for network devices to share information with each other. It creates a data tree with Management Information Bases (MIBs), which group together specific types of devices or device components. Each device or component has an Object Identifier (OID), which allows network tools to query the object and obtain operational data.
There is a large variety of network tools—free, open source and commercial—which leverage SNMP and other monitoring techniques. Tools can help network administrators monitor traffic, view charts and visualizations of traffic and device status, define thresholds for anomalies in networks and receive alerts, and diagnose complex network problems.
Imperva network traffic monitoring
Imperva offers a network health monitoring solution, as part of its Load Balancer as a Service, which provides:
- Passive/active network health monitoring — web traffic is monitored to ensure servers are functioning, and HTTP requests are sent periodically to offline servers to check when traffic resumes.
- Automatic alerts — email notifications are sent when your services fails. Notifications can be triggered by a server going down, a traffic rerouting event, or a data center crash.
- Automatic load balancing and failover — Imperva’s load balancer as a service provides live view of traffic loads for each server in your local and remote data centers, allowing for automatic distribution and agile manual rerouting. On top of it, the service monitors server health, detects outages and instantly directing traffic to a backup server.