Republic of Yemen

University of Saba Region

Faculty of IT&CS

Network Management
and Security

Lecture- 2
Introduction to
Network
Management
Unit 1: Introduction to
Network Management

• Definition and importance of

network management.
• Network management models
• Network management protocols
(ICMP, SNMP).
• Network management tools
(Wireshark, Nagios, PRTG).
Definition and
Importance of
Network Management

Definition: Network management refers to the processes,

tools, and technologies used to administer, operate, and
maintain computer networks. It ensures that networks run
efficiently, securely, and reliably to meet the needs of users
and organizations.
• Importance:
• Ensures network availability and performance.
• Detects and resolves issues before they impact users.
• Enhances security by monitoring and mitigating threats.
• Optimizes resource utilization and reduces operational
costs.
• Supports scalability as networks grow in size and
complexity.
2. Key Components of Network Management

Network management involves five key functional areas,

often referred to as the FCAPS model:
Fault Management: Detecting, isolating, and resolving
network issues.
Configuration Management: Managing network device
configurations and settings.
Accounting Management: Tracking network usage for
billing or resource allocation.
Performance Management: Monitoring and optimizing
network performance.
Security Management: Protecting the network from
unauthorized access and threats.
Network
Management Models
 Network management models are
frameworks that define how
Introduction network resources are monitored,
to Network controlled, and managed. These
models provide a structured
Management approach to ensure efficient,
secure, and reliable network
Models operations. The choice of a
management model depends on
the size, complexity, and
requirements of the network.
 There are two primary network management models:
1. Centralized Management Model
In this model, a single Network Management System (NMS) controls and

Types of monitors all network devices. The NMS acts as the central point of control,
collecting data from devices and sending commands to them.
Key Features:

Network • Single point of control.

• Simplified management and consistent policies.
• Suitable for small to medium-sized networks.

Management Advantages:
• Easy to implement and manage.
• Centralized logging and reporting.

Models • Reduced complexity in configuration.

Disadvantages:
• Single point of failure: If the NMS fails, the entire network
becomes unmanageable.
• Limited scalability for large networks.
• Potential performance bottlenecks due to centralized
processing.
 • A small business uses a centralized NMS like
Nagios to monitor its routers, switches, and
servers. All alerts and configurations are managed
Practical from a single dashboard.

Example: • [Network Management System (NMS)]

• [Device 1] --> [Device 2] --> [Device 3]
 In this model, multiple Network Management Systems (NMS) work
together to manage the network. Each NMS is responsible for a
specific segment or region of the network.
• Key Features:
• Multiple points of control.
2. Distributed • Scalable and fault-tolerant.
• Suitable for large and geographically dispersed networks.

Management • Advantages:
• High scalability: Can handle large and complex networks.
•
Model Fault tolerance: Failure of one NMS does not affect the
entire network.
• Localized management: Each NMS can be optimized for its
specific segment.
• Disadvantages:
• Increased complexity in configuration and coordination.
• Potential for inconsistent policies across segments.
• Higher cost due to multiple NMS instances.
Practical Example:

• A multinational corporation uses distributed NMS

instances in each region (e.g., North America,
Europe, Asia) to manage its global network. Each
regional NMS monitors and controls devices within
its area.

• [NMS 1] --> [Device 1] --> [Device 2]

• [NMS 2] --> [Device 3] --> [Device 4]
• [NMS 3] --> [Device 5] --> [Device 6]
 • In some cases, a combination of centralized and
distributed models is used to leverage the benefits of
both. This is known as the Hybrid Management Model.
• Key Features:
• Centralized control for high-level management.
3. Hybrid • Distributed control for localized management.
• Suitable for large networks with hierarchical

Management structures.
• Advantages:
• Combines the simplicity of centralized
Model management with the scalability of distributed
management.
• Allows for localized autonomy while maintaining
overall control.
• Disadvantages:
• Requires careful planning and coordination.
• Can be complex to implement and manage.
Practical Example:
• A university uses a hybrid model where
a central NMS monitors the entire
campus network, while departmental
NMS instances manage specific
buildings or faculties.
• [Central NMS]
[Regional NMS 1] --> [Device 1] --> [Device 2]
[Regional NMS 2] --> [Device 3] --> [Device 4]
 Comparison of Network Management Models

Feature Centralized Model Distributed Model Hybrid Model

Control Single point of control Multiple points of control Combination of both

Scalability Limited High High

Fault Tolerance Low High Moderate

Complexity Low High Moderate

Cost Low High Moderate

Use Case Small to medium networks Large networks Large hierarchical networks
 • Application 1: Centralized Model in a Small Business
A small business with a single office uses a
centralized NMS to monitor its network devices. The
NMS provides a unified view of the network, making
it easy to detect and resolve issues.

Practical • Application 2: Distributed Model in a Telecom Provider

A telecom provider with a nationwide network uses

Applications distributed NMS instances in each region. This allows

for localized management and ensures that a failure
in one region does not affect the entire network.
• Application 3: Hybrid Model in a University
A university with multiple campuses uses a hybrid
model. A central NMS monitors the overall network,
while departmental NMS instances manage specific
campuses or buildings.
 • Network management models provide a
structured approach to managing network
resources.
• The Centralized Model is simple and cost-
effective but lacks scalability and fault
tolerance.
• The Distributed Model is scalable and fault-

Summary tolerant but can be complex and costly.

• The Hybrid Model combines the benefits of
both centralized and distributed models,
making it suitable for large hierarchical
networks.
• The choice of model depends on the size,
complexity, and requirements of the
network.
Network
Management
Protocols
Introduction to Network
Management Protocols

• Network management protocols are

standardized communication protocols used to
monitor, control, and manage network devices.
They enable the exchange of information
between network devices (like routers, switches,
and servers) and a Network Management
System (NMS). These protocols are essential for
ensuring the efficient operation, security, and
reliability of networks.
Key Network
Management Protocols

The most widely used network management protocols include:

1. Simple Network Management Protocol (SNMP)
• Purpose: SNMP is used to collect and organize information about managed
devices on a network.
• Components:
• Managed Devices: Routers, switches, servers, etc.
• Agent: Software running on the device that collects data.
• Network Management System (NMS): Central system that monitors
and controls devices.
• Management Information Base (MIB): A database that stores
information about the device.
• Versions:
• SNMPv1: The original version, with basic functionality.
• SNMPv2c: Improved performance and additional features.
• SNMPv3: Adds security features like authentication and encryption.
• Example: Using SNMP to monitor CPU usage on a router.
 [Network Management
System (NMS)]

Diagram [Managed Device] --> [Agent]

[Management Information
Base (MIB)]
2. Internet Control Message Protocol (ICMP)

Purpose: ICMP is used for diagnostic and error-reporting

functions.

Common Uses:

• Ping: Tests connectivity between devices.

• Traceroute: Maps the path data takes to reach a destination.

Example: Using the ping command to check if a server is

reachable.
3. NetFlow

• Purpose: NetFlow collects and analyzes

network traffic data for performance
monitoring and security analysis.
• Components:
• Flow: A unidirectional sequence of
packets with common attributes
(e.g., source IP, destination IP).
• NetFlow Collector: A system that
receives and processes flow data.
• Example: Using NetFlow to identify the
source of excessive bandwidth usage.
4. Remote Monitoring
(RMON)

• Purpose: RMON provides advanced

monitoring capabilities for network
traffic and performance.
• Features:
• Monitors traffic at the network and
application layers.
• Provides historical data for trend
analysis.
• Example: Using RMON to analyze long-
term network performance trends.
Practical Examples

• Example 1: Using SNMP for Device Monitoring

• Scenario: A network administrator wants to
monitor the CPU and memory usage of a router.
• Steps:
• Configure the router to enable SNMP and
specify the NMS IP address.
• Use the NMS to query the router's MIB for
CPU and memory usage data.
• Set up alerts to notify the administrator if
usage exceeds a threshold.
Practical Examples

• Example 2: Using ICMP for Network

Diagnostics
• Scenario: A user reports that they
cannot access a website.
• Steps:
1. Use the ping command to
check if the website's server is
reachable.
2. Use the traceroute command to
identify where the connection is
failing.
Practical Examples

• Example 3: Using NetFlow for Traffic

Analysis
• Scenario: A company wants to identify
the source of high bandwidth usage.
• Steps:
• Enable NetFlow on the router.
• Use a NetFlow collector to analyze
traffic patterns.
• Identify the application or user
consuming the most bandwidth.
 Comparison of Network
Management Protocols

Protocol Purpose Key Features Use Case Example

Device monitoring and Collects data from devices, Monitoring CPU usage on
SNMP
management supports alerts a router
Tests connectivity, maps Checking if a server is
ICMP Network diagnostics
network paths reachable
Collects and analyzes flow Identifying bandwidth
NetFlow Traffic analysis
data usage
Provides historical data, Analyzing long-term
RMON Advanced monitoring
monitors traffic performance trends
Summary

• Network management protocols are essential for

monitoring, controlling, and managing network
devices.
• SNMP is widely used for device monitoring and
management.
• ICMP is crucial for network diagnostics and
troubleshooting.
• NetFlow provides detailed traffic analysis for
performance and security.
• RMON offers advanced monitoring capabilities for in-
depth analysis.
• These protocols work together to ensure the efficient
operation and security of networks.
Network Management
Protocols

Network management relies on standardized protocols to

communicate with and monitor network devices. Key
protocols include:
1. Simple Network Management Protocol (SNMP)
• Purpose: Collects and organizes information about
managed devices.
• Components:
• Managed Devices: Routers, switches, servers.
• Agent: Software on the device that collects
data.
• Network Management System (NMS): Central
system that monitors and controls devices.
• Example: Using SNMP to monitor bandwidth usage
on a router.
Network Management
Protocols

2. Internet Control Message Protocol (ICMP)

• Purpose: Used for diagnostic and error-
reporting functions.
• Example: The ping command uses ICMP
to test connectivity between devices.
3. NetFlow
Purpose: Collects and analyzes network
traffic data.
Example: Using NetFlow to identify the
source of excessive bandwidth usage.
Network Management
Tools
(Wireshark, Nagios, PRTG)
Introduction to Network Management
Tools

• Network management tools are software applications designed to monitor,

analyze, and control network devices and traffic. These tools help network
administrators ensure optimal performance, detect and resolve issues, and
maintain network security. Three of the most widely used tools
are Wireshark, Nagios, and PRTG Network Monitor.
Network Management Tools

Several tools are used to manage networks effectively:

1. Wireshark
A network protocol analyzer for capturing and inspecting network traffic.
Example: Using Wireshark to troubleshoot a slow network by analyzing packet data.
2. Nagios
A monitoring tool for tracking network performance and detecting issues.
Example: Setting up Nagios to alert administrators when a server goes offline.
3. PRTG Network Monitor
A comprehensive tool for monitoring bandwidth, devices, and applications.
Example: Using PRTG to monitor the performance of a VPN connection.
 Wireshark

• Overview
• Wireshark is a network protocol analyzer that captures and inspects network traffic in real-time. It is an open-source tool widely used for network troubleshooting, analysis, and
education.
• Key Features
• Packet Capture: Captures live network traffic.
• Protocol Analysis: Decodes and analyzes hundreds of protocols.
• Filtering: Allows users to filter traffic based on specific criteria (e.g., IP address, protocol).
• Visualization: Provides detailed graphical representations of network traffic.
• Cross-Platform: Available for Windows, macOS, and Linux.
• Practical Example
• Scenario: A network administrator notices slow network performance and suspects a bandwidth-hogging application.
• Steps:
• Open Wireshark and start capturing traffic on the affected network interface.
• Apply a filter to focus on specific protocols (e.g., HTTP, FTP).
• Analyze the captured packets to identify the source of excessive traffic.
• Use the statistics tools in Wireshark to visualize traffic patterns.
 Nagios

• Overview

• Nagios is a network monitoring tool that provides real-time monitoring of network devices, services, and applications. It is highly customizable and supports plugins for extended functionality.

• Key Features

• Device Monitoring: Monitors routers, switches, servers, and other devices.

• Alerting: Sends notifications (email, SMS) when issues are detected.
• Performance Graphs: Tracks and visualizes performance metrics over time.
• Scalability: Suitable for small to large networks.
• Open Source: Free version available, with paid options for enterprise features.

• Practical Example

• Scenario: A company wants to monitor the uptime and performance of its web servers.
• Steps:
• Install Nagios on a central server.
• Configure Nagios to monitor the web servers using the HTTP plugin.
• Set up alerts to notify administrators if a server goes down or response times exceed a threshold.
• Use Nagios' performance graphs to analyze server performance trends.
PRTG Network Monitor

• Overview

• PRTG is a comprehensive network monitoring tool that provides real-time monitoring of bandwidth, devices, and applications. It is known for its user-friendly interface and extensive sensor-based monitoring.

• Key Features

• Bandwidth Monitoring: Tracks network traffic and bandwidth usage.

• Sensors: Monitors specific aspects of devices and applications (e.g., CPU usage, disk space).
• Dashboards: Provides customizable dashboards for real-time monitoring.
• Alerting: Sends notifications via email, SMS, or push notifications.
• Scalability: Suitable for networks of all sizes.

• Practical Example

• Scenario: A university wants to monitor the bandwidth usage of its campus network.
• Steps:
• Install PRTG on a central server.
• Add sensors to monitor bandwidth usage on key network links.
• Set up alerts to notify administrators if bandwidth usage exceeds predefined limits.
• Use PRTG's dashboards to visualize traffic patterns and identify bottlenecks.
 Comparison of Network
Management Tools

Feature Wireshark Nagios PRTG Network Monitor

Device and service Comprehensive network
Primary Use Protocol analysis
monitoring monitoring
Alerting No Yes Yes
Visualization Packet-level details Performance graphs Customizable dashboards
Scalability Limited to packet capture Highly scalable Highly scalable
Cost Free (open-source) Free (open-source) / Paid Paid (free version available)
 Practical Applications

Application 1: Troubleshooting with Wireshark

• A network administrator uses Wireshark to diagnose a
network slowdown by analyzing packet data and
identifying a misconfigured device causing excessive
broadcast traffic.
Application 2: Monitoring with Nagios
• An IT team uses Nagios to monitor the health of their
data center servers, receiving alerts when CPU usage
exceeds 90% or a server goes offline.
Application 3: Bandwidth Monitoring with PRTG
• A telecom provider uses PRTG to monitor bandwidth
usage across its network, ensuring optimal performance
and identifying potential bottlenecks.
 Wireshark is ideal for deep packet analysis
and troubleshooting.
Summary
“Network Nagios excels in real-time monitoring and
Management alerting for devices and services.

Tools
(Wireshark, PRTG provides comprehensive monitoring
with a focus on bandwidth and user-friendly
Nagios, dashboards.

PRTG)” Each tool has unique strengths, and the

choice depends on the specific needs of the
network and the organization.
Tool License Type Key Features Common Uses
SolarWinds NPM Commercial Performance monitoring, graphs, alerts, configuration management Monitoring large and medium-sized networks
Zabbix Open Source Multi-protocol monitoring, alerts, graphs Monitoring networks and servers in large and small organizations
Cisco Prime Commercial Cisco device management, performance monitoring, configuration management Managing Cisco networks
ManageEngine OpManager Commercial Performance monitoring, alerts, configuration management, reports Monitoring networks in small and medium-sized businesses
NetFlow Analyzer Commercial Traffic analysis, alerts, graphs Improving network performance and identifying bottlenecks
Grafana Open Source Data visualization, integration with multiple data sources Creating custom dashboards for network monitoring
Splunk Commercial Log analysis, real-time monitoring, alerts Analyzing network logs and detecting intrusions
Cacti Open Source Graphs, alerts, customization Monitoring network performance and creating graphs
LibreNMS Open Source Device monitoring, alerts, graphs Monitoring networks in small and medium-sized organizations
Observium Open Source Device monitoring, graphs, alerts Monitoring networks in small and medium-sized organizations
Prometheus Open Source Performance monitoring, alerts, integration with other systems Monitoring applications and servers
Datadog Commercial Performance monitoring, alerts, cloud integration Monitoring cloud applications and infrastructure
Graylog Open Source Log analysis, alerts, integration with other systems Analyzing network logs and detecting intrusions
ELK Stack Open Source Log analysis, alerts, integration with other systems Analyzing network logs and creating dashboards
Icinga Open Source Device monitoring, alerts, graphs Monitoring networks in small and medium-sized organizations
OpenNMS Open Source Device monitoring, alerts, graphs Monitoring networks in large organizations
NetXMS Open Source Device monitoring, network management, alerts Monitoring networks in large and small organizations

Pandora FMS Open Source/Commercial Network monitoring, application monitoring, alerts Monitoring networks and applications in large and small organizations

Checkmk Open Source/Commercial Device monitoring, application monitoring, alerts Monitoring networks and applications in large and small organizations

Nagios Core Open Source Device monitoring, alerts, graphs Monitoring networks in small and medium-sized organizations
PRTG Network Monitor Commercial Device monitoring, bandwidth monitoring, alerts Monitoring networks in small and medium-sized businesses
Wireshark Open Source Packet analysis, filtering, alerts Analyzing network traffic
Ntopng Open Source Traffic analysis, graphs, alerts Analyzing traffic and identifying bottlenecks
RANCID Open Source Configuration management, configuration comparison, alerts Managing Cisco device configurations
Cacti Open Source Graphs, alerts, customization Creating graphs for network performance
Practical Examples

Example 1: Fault Management

Scenario: A user reports slow internet access.
Steps:
I. Use SNMP to check the router's CPU and memory usage.
II. Analyze traffic with Wireshark to identify bottlenecks.
III. Resolve the issue by reconfiguring the router or upgrading bandwidth.
Practical Examples

Example 2: Performance Management

Scenario: A company wants to optimize its network for video conferencing.
Steps:
I. Use NetFlow to analyze traffic patterns.
II. Implement Quality of Service (QoS) to prioritize video traffic.
III. Monitor performance with Nagios to ensure optimal results.
 Summary

• Network management is essential for ensuring efficient, secure, and reliable

network operations.
• The FCAPS model provides a framework for managing networks.
• Protocols like SNMP and ICMP enable communication between devices and
management systems.
• Tools like Wireshark and Nagios help monitor and troubleshoot networks.
• Practical examples and diagrams illustrate real-world applications of network
management concepts.