Packet Sniffer

Sniffer and Monitor Software Picks
Sniffer - Packet sniffer and protocol analyzer.
MSN Sniffer - Monitor MSN messenger sessions.
Password Sniffer - Monitor password usage.
HTTP Sniffer - Capture Internet web traffic on LAN.
Network Monitoring - Monitor your network traffic.
EtherBoss MSN Conversation Monitor & Sniffer

 

Remote Monitoring, or RMON

Download sniffer and monitoring software
Describe the background of Remote Monitoring and nine RMON groups of monitoring.

Remote Monitoring

Background

Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. This chapter provides a brief overview of the RMON specification, focusing on RMON groups.

The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes. As such, RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.

RMON was defined by the user community with the help of the Internet Engineering Task Force (IETF). It became a proposed standard in 1992 as RFC 1271 (for Ethernet). RMON then became a draft standard in 1995 as RFC 1757, effectively obsoleting RFC 1271.

RMON Groups

RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements. Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB). Some RMON groups require support of other RMON groups to function properly. Table 55-1 summarizes the nine monitoring groups specified in the RFC 1757 Ethernet RMON MIB.
Table 55-1: RMON Monitoring Groups
RMON Group Function Elements

Statistics

Contains statistics measured by the probe for each monitored interface on this device.

Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.

History

Records periodic statistical samples from a network and stores them for later retrieval.

Sample period, number of samples, items sampled.

Alarm

Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.

Includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold.

Host

Contains statistics associated with each host discovered on the network.

Host address, packets, and bytes received and transmitted, as well as broadcast, multicast, and error packets.

HostTopN

Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based.

Statistics, host(s), sample start and stop periods, rate base, duration.

Matrix

Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its table.

Source and destination address pairs and packets, bytes, and errors for each pair.

RMON Group Function Elements

Filters

Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events.

Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or not) to other filters.

Packet Capture

Enables packets to be captured after they flow through a channel.

Size of buffer for captured packets, full status (alarm), number of captured packets.

Events

Controls the generation and notification of events from this device.

Event type, description, last time event sent.

Review Questions

QWhat is the function of the RMON group Matrix?

AThis group stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its table.

QWhat is RMON?

ARemote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data.

QMulticast packets, CRC errors, runts, giants, fragments, and jabbers are elements of what RMON group?

AStatistics.

Read more on Spy Software

Related Sniffer & Network Monitoring Software:

HTTP Sniffer - Capture HTTP packets, monitor Internet web traffic, and show URL visited by LAN users.
Password Sniffer - Monitor password from HTTP, email (SMTP/POP3), FTP, TELNET on LAN.
Packet Sniffer - Capture network packets and provide view for full TCP conversations and UDP threads.
MSN Sniffer & Monitor - Capture MSN messenger chat and conversations on your network.