Remote Monitoring
Background
Remote Monitoring (RMON) is a standard monitoring
specification that enables various network monitors and console systems
to exchange network-monitoring data. RMON provides network administrators
with more freedom in selecting network-monitoring probes and consoles
with features that meet their particular networking needs. This chapter
provides a brief overview of the RMON specification, focusing on RMON
groups.
The RMON specification defines a set of statistics and functions that
can be exchanged between RMON-compliant console managers and network probes.
As such, RMON provides network administrators with comprehensive network-fault
diagnosis, planning, and performance-tuning information.
RMON was defined by the user community with the help of the Internet
Engineering Task Force (IETF). It became a proposed standard in 1992 as
RFC 1271 (for Ethernet). RMON then became a draft standard in
1995 as RFC 1757, effectively obsoleting RFC 1271.
RMON Groups
RMON delivers information in nine RMON groups of
monitoring elements, each providing specific sets of data to meet common
network-monitoring requirements. Each group is optional so that vendors
do not need to support all the groups within the Management Information
Base (MIB). Some RMON groups require support of other RMON groups to function
properly. Table 55-1 summarizes the nine monitoring groups specified in
the RFC 1757 Ethernet RMON MIB.
Table 55-1: RMON Monitoring Groups
| RMON Group |
Function |
Elements |
|
Statistics
|
Contains statistics measured by the probe for each monitored interface
on this device.
|
Packets dropped, packets sent, bytes sent (octets), broadcast packets,
multicast packets, CRC errors, runts, giants, fragments, jabbers,
collisions, and counters for packets ranging from 64 to 128, 128
to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.
|
|
History
|
Records periodic statistical samples from a network and stores
them for later retrieval.
|
Sample period, number of samples, items sampled.
|
|
Alarm
|
Periodically takes statistical samples from variables in the probe
and compares them with previously configured thresholds. If the
monitored variable crosses a threshold, an event is generated.
|
Includes the alarm table and requires the implementation of the
event group. Alarm type, interval, starting threshold, stop threshold.
|
|
Host
|
Contains statistics associated with each host discovered on the
network.
|
Host address, packets, and bytes received and transmitted, as well
as broadcast, multicast, and error packets.
|
|
HostTopN
|
Prepares tables that describe the hosts that top a list ordered
by one of their base statistics over an interval specified by the
management station. Thus, these statistics are rate-based.
|
Statistics, host(s), sample start and stop periods, rate base,
duration.
|
|
Matrix
|
Stores statistics for conversations between sets of two addresses.
As the device detects a new conversation, it creates a new entry
in its table.
|
Source and destination address pairs and packets, bytes, and errors
for each pair.
|
| RMON Group |
Function |
Elements |
|
Filters
|
Enables packets to be matched by a filter equation. These matched
packets form a data stream that might be captured or that might
generate events.
|
Bit-filter type (mask or not mask), filter expression (bit level),
conditional expression (and, or not) to other filters.
|
|
Packet Capture
|
Enables packets to be captured after they flow through a channel.
|
Size of buffer for captured packets, full status (alarm), number
of captured packets.
|
|
Events
|
Controls the generation and notification of events from this device.
|
Event type, description, last time event sent.
|
Review Questions
Q¡What is the function of the RMON group
Matrix?
A¡This group stores statistics for conversations
between sets of two addresses. As the device detects a new conversation,
it creates a new entry in its table.
Q¡What is RMON?
A¡Remote Monitoring (RMON) is a standard monitoring
specification that enables various network monitors and console systems
to exchange network-monitoring data.
Q¡Multicast packets, CRC errors, runts, giants,
fragments, and jabbers are elements of what RMON group?
A¡Statistics.
Related Sniffer & Network Monitoring Software:
| HTTP
Sniffer
- Capture HTTP packets, monitor Internet web traffic, and show URL visited
by LAN users. |
| Password
Sniffer
- Monitor password from HTTP, email (SMTP/POP3), FTP, TELNET on LAN. |
| Packet
Sniffer
- Capture network packets and provide view for full TCP conversations and
UDP threads. |
| MSN
Sniffer & Monitor
- Capture MSN messenger chat and conversations on your network. |
|
