DistributedNetworks DistributedNetworks

Network Monitoring  «Prev  Next»
Lesson 1

Linux Network Monitoring

In this module, we introduce a suite of standard UNIX tools that can help to monitor the action on your network and debug network problems. By the end of this module, you will be able to:
  1. Use the ping command to test network connectivity
  2. Use the netstat command to examine kernel tables pertaining to networking
  3. Use the traceroute command to discover network paths
  4. Use tcpdump to examine all network traffic


A network in operation needs to be monitored in order to:
  1. Deliver projected SLAs (Service Level Agreements)
  2. SLAs depend on polic
  3. What’s good enough? 99.999% Uptime?

Uptime Expectations

Question: What does it take to deliver 99.9 % uptime?
30.5 days x 24 hours = 732 hours a month
(732– (732 x .999)) x 60 = 44 minutes
only 44 minutes of downtime a month
Need to shutdown 1 hour / week?
(732 – 4) / 732x 100 = 99.4 %
Remember to take planned maintenance into account in your calculations, and inform your users/customers if they are included/excluded in the SLA.

Network Security Monitoring

The principles of network security monitoring (NSM), which is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. NSM is a way to find intruders on your network and do something about them before they damage your enterprise.
NSM began as an informal discipline with Todd Heberlein’s development of the Network Security Monitor in 1988. The Network Security Monitor was the first intrusion detection system to use network traffic as its main source of data for generating alerts, and the Air Force Computer Emergency Response Team (AFCERT) was one of the first organizations to informally follow NSM principles.
In 1993, the AFCERT worked with Heberlein to deploy a version of the Network Security Monitor as the (ASIM)Automated Security Incident Measurement[1] system.
My goal has been to advocate NSM as a strategic and tactical operation to stop intruders before they make your organization the headline in tomorrow’s newspaper.

[1]Automated Security Incident Measurement: (ASIM) is designed to measure the level of unauthorized activity against its systems. Under this project, several automated tools are used to examine network activity and detect and identify unusual network events.