2. 1) Port Scanners
Gather information across the network
◦ No special permissions required
Determine up/Down status
◦ Ping or ARP
Check for open ports
◦ May indicate available services
Scan operating system
◦ Determine without logging in
Scan services
◦ Version information
3. 2) Interface monitoring
Up or down
◦ The most important statistic
◦ No special rights or permissions required
◦ Green is red is bad
Alarming and alerting
◦ Notification should an interface fail to report
◦ Email SMS
Short term and long term reporting
◦ View availability over time
Not focused on additional details
◦ Additional monitoring more require SNMP
4. 3) Packet flow monitoring
Gather traffic statistics
◦ Metadata of actual traffic
netFlow
◦ Standard collection method
◦ Many products and options
Probe and collector
◦ Probe watches network communication
◦ Summary record are sent to the collector
Usually a separate reporting app
◦ Closely tied to the collector
5. 4) SNMP
Simple network management protocol
◦ A database of data
SNMP version
◦ V1 – the original
◦ Structured tables, in the clear
◦ V2 – a good step ahead
◦ Data type enhancements, bulk transfers, still in the
clear
◦ V3 – the new standard
◦ Message integrity, authentication, encryption
SNMP information can be very detailed
◦ Access should be very limited