Professional Documents
Culture Documents
Networking Basics 1
Networking Basics 1
SNMP:
Simple Network Management Protocol (SNMP) is a networking protocol used for the
management and monitoring of network-connected devices in Internet Protocol
networks. The SNMP protocol is embedded in multiple local devices such as routers,
switches, servers, firewalls, and wireless access points accessible using their IP
address. SNMP provides a common mechanism for network devices to relay
management information within single and multi-vendor LAN or WAN environments. It is
an application layer protocol in the OSI model framework.
Typically, the SNMP protocol is implemented using the User Datagram Protocol (UDP).
UDP is a connectionless protocol that works like the Transmission Control Protocol
(TCP) but assumes that error-checking and recovery services are not required. Instead,
UDP continuously sends datagrams to the recipient whether they receive them or not.
SNMP Management Information Bases (called MIBs for short) are data structures that
define what can be collected from the local device and what can be changed and
configured.
This data structure is a text file (with a .mib file extension) that describes all data objects
used by a particular device that can be queried or controlled using SNMP including
access control. Inside the MIB there are many different managed objects which can be
identified by Object Identifiers. An Object Identifier (OID) is a MIB identifier that is used
to delineate between devices within the MIB. OIDs are uniquely generated as numeric
identifiers used for access to MIB objects.
SNMP version 1 (SNMPv1) -This was the first implementation, operating within
the structure management information specification, and described in RFC 1157.
SNMP version 2 (SNMPv2) -This version was improved to support more efficient
error handling and is described in RFC 1901. It was first introduced as RFC
1441. It is often referred to as SNMPv2c.
SNMP version 3 (SNMPv3) -This version improves security and privacy. It was
introduced in RFC 3410.
SNMP version 2 is the most commonly deployed SNMP protocol version today. The
most recent version, SNMP version 3, includes new security features that add support
for authentication and encryption of SNMP messages as well as protecting packets
during transit.
Internet Control Message Protocol (ICMP)?
The Internet Control Message Protocol (ICMP) is a network layer protocol used by
network devices to diagnose network communication issues. ICMP is mainly used to
determine whether or not data is reaching its intended destination in a timely manner.
Commonly, the ICMP protocol is used on network devices, such as routers. ICMP is
crucial for error reporting and testing, but it can also be used in distributed denial-of-
service (DDoS) attacks.
The primary purpose of ICMP is for error reporting. When two devices connect over the
Internet, the ICMP generates errors to share with the sending device in the event that
any of the data did not get to its intended destination. For example, if a packet of data is
too large for a router, the router will drop the packet and send an ICMP message back
to the original source for the data.
The ping utility is a simplified version of traceroute. A ping will test the speed of the
connection between two devices and report exactly how long it takes a packet of data to
reach its destination and come back to the sender’s device. Although ping does not
provide data about routing or hops, it is still a very useful metric for gauging
the latency between two devices. The ICMP echo-request and echo-reply messages
are commonly used for the purpose of performing a ping.
Unfortunately network attacks can exploit this process, creating means of disruption
such as the ICMP flood attack and the ping of death attack.
How does ICMP work?
Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer protocol
such as TCP or UDP. This makes ICMP a connectionless protocol: one device does not
need to open a connection with another device before sending an ICMP message.
Normal IP traffic is sent using TCP, which means any two devices that exchange data
will first carry out a TCP handshake to ensure both devices are ready to receive data.
ICMP does not open a connection in this way. The ICMP protocol also does not allow
for targeting a specific port on a device.
An ICMP packet is a packet that uses the ICMP protocol. ICMP packets include an
ICMP header after a normal IP header. When a router or server needs to send an error
message, the ICMP packet body or data section always contains a copy of the IP
header of the packet that caused the error.
https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-
icmp/
Net Flow is a network protocol system created by Cisco that collects active IP network traffic
as it flows in or out of an interface. The Net Flow data is then analyzed to create a picture of
network traffic flow and volume — hence the name: Net Flow.
The Net Flow protocol is used by IT professionals as a network traffic analyzer to determine
its point of origin, destination, volume and paths on the network. Before Net Flow, network
engineers and administrators used Simple Network Management Protocol (SNMP) for
network traffic analysis and monitoring.
While SNMP was effective for network monitoring and capacity planning, it didn’t provide
detailed insight into bandwidth usage.
How Does Net Flow Work?
Net Flow follows a simple process of data collecting, sorting and analysis. The main
components include:
IP Flow
An IP flow consists of a group of packets that contain the same IP packet attributes. As a
packet is forwarded within a router or switch, it is examined for a set of attributes, including
IP source address, IP destination address, source port, destination port, Layer-3 protocol
type, class of service and router or switch interface.
The Net Flow cache is a database of condensed information where Net Flow data is stored
once the packets have been examined.
The Command Line Interface (CLI) is one of two Net Flow connection methods to access
Net Flow data. It provides an immediate view of your network traffic and is useful for
troubleshooting.
The second option to access Net Flow data is to export the data to a Net Flow collector. A
Net Flow collector is a reporting server that collects and processes traffic and the exported
data so that it is easy to analyze. These Net Flow collectors fall into two categories:
hardware-based collectors and software-based collectors, with software solutions being
more common than hardware devices.
https://blog.gigamon.com/2018/01/08/what-is-netflow/
What is network telemetry?
A subset of telemetry, network telemetry is the collection, measurement and analysis of
data related to the behavior and performance of a network. It involves gathering
information about routers, switches, servers and applications to gain insights into how
they function and how data moves through them.
To achieve this, network telemetry employs different methods. One common approach
is network monitoring tools that capture and analyze traffic data. These tools provide
information about network bandwidth, latency, packet loss, and other performance
metrics.
Telemetry also includes protocols like SNMP (Simple Network Management Protocol) or
Net Flow that enable data collection from network devices and routers. This data can
then be processed and visualized to:
Identify patterns
Troubleshoot issues
Optimize network performance
With network telemetry, you can detect and address network bottlenecks, security
threats or anomalies that might impact the network's efficiency. It’ll help you make
informed decisions, optimize network resources, and ensure a smooth and reliable
network experience for users.
The network telemetry framework has four modules. Each module has three
components for data configuration, encoding, and instrumentation. The framework uses
uniform data mechanisms and types, making it easy to manage and locate data in the
system.
Top-level modules
Second-level components:
https://www.splunk.com/en_us/blog/learn/network-telemetry.html
OSI Model:
The open systems interconnection (OSI) model is a conceptual model created by the
International Organization for Standardization which enables diverse communication
systems to communicate using standard protocols. In plain English, the OSI provides a
standard for different computer systems to be able to communicate with each other.
The OSI Model can be seen as a universal language for computer networking. It is
based on the concept of splitting up a communication system into seven abstract layers,
each one stacked upon the last.
Physical Layer
The lowest layer of the OSI Model is concerned with electrically or optically transmitting
raw unstructured data bits across the network from the physical layer of the sending
device to the physical layer of the receiving device. It can include specifications such as
voltages, pin layout, cabling, and radio frequencies. At the physical layer, one might find
“physical” resources such as network hubs, cabling, repeaters, network adapters or
modems.
At the data link layer, directly connected nodes are used to perform node-to-node data
transfer where data is packaged into frames. The data link layer also corrects errors that
may have occurred at the physical layer.
The data link layer encompasses two sub-layers of its own. The first, media access
control (MAC), provides flow control and multiplexing for device transmissions over a
network. The second, the logical link control (LLC), provides flow and error control over
the physical medium as well as identifies line protocols.
Network Layer
The network layer is responsible for receiving frames from the data link layer, and
delivering them to their intended destinations among based on the addresses contained
inside the frame. The network layer finds the destination by using logical addresses,
such as IP (internet protocol). At this layer, routers are a crucial component used to
quite literally route information where it needs to go between networks.
Transport Layer
The transport layer manages the delivery and error checking of data packets. It
regulates the size, sequencing, and ultimately the transfer of data between systems and
hosts. One of the most common examples of the transport layer is TCP or the
Transmission Control Protocol.
Session Layer
The session layer controls the conversations between different computers. A session or
connection between machines is set up, managed, and terminated at layer 5. Session
layer services also include authentication and reconnections.
Presentation Layer
The presentation layer formats or translates data for the application layer based on the
syntax or semantics that the application accepts. Because of this, it at times also called
the syntax layer. This layer can also handle the encryption and decryption required by
the application layer.
Application Layer
At this layer, both the end user and the application layer interact directly with the
software application. This layer sees network services provided to end-user applications
such as a web browser or Office 365. The application layer identifies communication
partners, resource availability, and synchronizes communication.
https://www.forcepoint.com/cyber-edu/osi-model
TCP/IP Model:
The transmission control protocol/internet protocol (TCP/IP) model finds its origins in the
ARPANET reference model. The architecture of TCP has evolved from studies in
methods for connecting multiple packet-switched networks. The central aim of the
TCP/IP model is to enable the sending of data packets to one application on a single
computer. The TCP/IP model is an internet-capable set of protocols.
The TCP/IP model sets out how packets exchange information through the web. This
set of communication protocols determines how data is to be broken, addressed,
transferred, routed and received for sharing. The server-client model is the
communication model for this set.
The TCP/IP model describes how to construct communication lines for applications. It
also manages to divide a message into packets before it is sent across and
reassembled. IP outlines how packets are addressed and routed to make sure that the
data reaches the right destination. The current internet architecture uses this network
concept.
Application Layer
Transport Layer
Network Layer
Physical Layer
Application Layer
HTTP
Hypertext transfer protocol allows the users to interact with the World Wide Web
through browser applications.
SMTP
FTP
File transfer protocol is used for transmitting files from one system to another.
DNS
TELNET
Transport Layer
The transport layer is responsible for end-to-end communication and provides error-free
delivery of data. This layer can transport the data through a connection-oriented or
connectionless layer.
The two protocols used in the transport layer are user datagram protocol (UDP) and
TCP.
UDP
TCP
It provides all transport services to the application layer. TCP is a dependable protocol
for error detection and retransmission. It assures that all segments must be received
and recognized before completing the transmission and discarding the virtual circuit.
Network Layer
The network layer provides host addressing and chooses the best path to the
destination network. This layer maintains the quality of service and offers
connectionless end-to-end networking.
The protocols in the network layer are:
IPV4
ICMPV4
Interrupt control message protocol controls all errors. These mistakes are handled
by ICMP protocol during the delivery of the message to target problems.
IGMP
Physical Layer
The physical layer interacts with the top level of the TCP/IP model application. This
layer is the nearest end-user TCP/IP layer. It means that the consumers can connect
with other software apps.
https://intellipaat.com/blog/what-is-tcp-ip-model/
IP addressing
An (IP) address is a unique identifier that assists in the recognition of different devices
present over the network. Through IP addressing, we can send and receive data
packets across the internet without trouble-free.
IP format
An IP address is a 32-bit numerical address separated by periods (.)(.) represented in
dotted decimal notation. It is expressed in a set of four pairs, where each set ranges
from 00 to 255255. Slash notation (/)(/) identifies the number of network bits reserved
for the allocated IP address.
The IP address has two parts: the network address and the host address. The
network address is essential for the recognition of the network. In the host address part,
we always reserve the first address for the network address, and the last address for
the broadcast address. The broadcast address transmits data to all the hosts present
in the network at once.
Sub netting
Sub netting is a process of partitioning a complex network into multiple smaller logical
sub-networks, or subnets.
Subnet masks
A subnet mask is a 3232-bit number that divides the existing IP into network and host
addresses.
Example
To find the subnet mask of a particular IP address, let's set all network bits to 11s and
the host bits to 00s. The given IP address has 24 bits reserved as a network address.
So, its default subnet mask is 255.255.255.0255.255.255.0.
Note: The IP address space for a network is globally allocated by the Internet
Assigned Numbers Authority (IANA). The network administrator is responsible for
managing the IP addresses within the allocated address space.
As networks grow larger and more complex day by day, traffic also requires fast and
efficient routes. Sub netting provides a mechanism named route aggregation that
limits the size of the routing table that each router has to maintain. This not only helps
maintain efficient network speed, but also enhances performance.
https://www.educative.io/answers/what-is-ip-addressing-and-subnetting
Basics of DNS and AD:
Domain Name System (DNS) is a name resolution method that is used to resolve
hostnames to IP addresses. It is used on TCP/IP networks and across the internet. DNS
is a namespace. Active Directory is built on DNS. DNS namespace is used internet-
wide while the Active Directory namespace is used across a private network. The
reason behind the choice of DNS is that it is highly scalable and it is an internet
standard.
In the case of Active Directory, DNS maintains a database of services that are running
on that network. The list of services running is maintained in the form of service records
(SRV). Service records allow a client in an active directory environment to locate any
service it needs such as a printer. These SRV records are used to identify the domain
controllers also.
A single DNS server cannot help in resolving a resource record. Several DNS servers
are used in the process. Each DNS server queries its own database to find an address
corresponding to a record. If the requested information is not available, then it forwards
the query to another DNS server. For example, a name resolution may first query an
Internet root server, then the first–level domain server, and then the second–level
domain server, and so on to resolve the name to its associated address.
Every time the computer’s IP address changes, making manual entries into the DNS
database is time-consuming and might result in some entries being left out. Hence
Dynamic DNS is required to make these updates automatic. Any newly installed server
can also automatically register its IP address and SRV records with the DNS server.
Active Directory supports such Dynamic updates to be made.
AD depends on DNS for name resolution and locating resources on a network. DNS
has a database that maintains resource records, which helps identify various servers,
domains, and services on the network.
https://www.windows-active-directory.com/dns-and-active-directory.html
NMS Architecture
NMS Tools & subsequent understanding of them:
1. Solar Winds
2. Kiwi Sys Log
Solar Winds
Solar Winds offers a tool known as the Solar Winds Network Performance Monitor
(NPM). Here's an overview of its features, uses, and operations:
Overview:
Name: Solar Winds Network Performance Monitor (NPM).
Purpose: NPM is designed to monitor and manage the performance of networks and
network devices.
Key Features:
Network Monitoring: Monitors the performance of routers, switches, servers, and other
network devices in real-time. Alerting: Provides customizable alerts based on
predefined thresholds, notifying administrators of potential issues. Traffic Analysis:
Analyzes network traffic patterns to identify bandwidth usage and troubleshoot
performance bottlenecks. Fault Detection: Detects and alerts on network faults or
failures. Performance Metrics: Collects and displays performance metrics for devices
and interfaces.
Uses:
Network Troubleshooting: Helps identify and resolve network issues promptly. Capacity
Planning: Assists in planning and optimizing network capacity based on historical
performance data. Security Monitoring: Monitors network activity for potential security
threats. Performance Optimization: Provides insights into performance bottlenecks and
areas for improvement.
Operations:
Configuration: Requires initial setup by adding devices to be monitored. Dashboard:
Offers a centralized dashboard for an overview of network health. Alert Configuration:
Allows users to customize alerts based on specific criteria. Reporting: Generates
reports on network performance, usage, and availability.
Solar Winds NPM is a comprehensive tool for IT professionals to ensure the reliability
and efficiency of their network infrastructure. It is part of the broader suite of Solar
Winds products aimed at network and systems management.
Key Features:
Syslog Management: Collects and stores syslog messages generated by network
devices, servers, and applications. SNMP Trap Handling: Receives and processes
SNMP traps for monitoring network events. Log Forwarding: Forwards syslog messages
and SNMP traps to other systems or devices. Alerting: Allows for setting up alerts and
notifications based on syslog message content. Log Filtering: Permits the filtering of
syslog messages based on content or severity.
Uses:
Centralized Logging: Provides a central repository for syslog messages, aiding in
troubleshooting and analysis. Compliance: Assists in meeting regulatory compliance
requirements by logging and storing critical events. Alerting and Notification: Notifies
administrators of specific events through customizable alerts. Integration: Integrates
with other Solar Winds products and third-party tools.
Operations:
Configuration: Involves setting up the server to receive and process syslog messages
and SNMP traps. Filtering Rules: Establishing rules for filtering and categorizing
incoming logs. Alert Setup: Defining criteria for generating alerts based on syslog
content. Log Analysis: Using the interface to analyze and search through logs for
troubleshooting or compliance purposes.
Kiwi Syslog Server is a valuable tool for managing log data in a networked environment,
providing administrators with the means to efficiently handle and analyze syslog
messages and SNMP traps from various sources.
1. Log In:
Log in to the Solar Winds NPM web console using your credentials.
2. Navigate to Views:
Go to the "Views" section, which is typically accessible from the main menu.
3. Create a New View:
Look for an option like "Manage Views" or "Create New View."
Choose to create a new view and provide a name for it.
4. Select Resources:
Add resources to your custom view based on the specific elements you want to
monitor. Resources can include charts, tables, graphs, and other widgets that display
relevant network data.
5. Arrange and Customize:
Arrange the added resources on the view in a way that makes sense for your monitoring
needs .Customize the appearance and layout of the view to suit your preferences.
6. Save the Custom View:
Save the custom view once you've configured it according to your requirements.
Purposes of Custom Views in Solar Winds NPM:
1. *Specialized Monitoring:*
Purpose: Custom views allow you to focus on specific aspects of your network. For
example, you can create a view dedicated to bandwidth usage, system performance, or
security events.
2. *Role-Based Views:*
Purpose: Tailor views for different roles within your IT team. Network administrators
might have a comprehensive view, while support staff might have a more simplified
dashboard.
3.*Geographical Views*
Purpose: Create custom maps that display the geographical distribution of your network
devices. This is particularly useful for organizations with a distributed infrastructure.
1. *Log In:*
Log in to the Solar Winds NPM web console using your credentials.
2. *Navigate to Alerts:*
Go to the "Alerts" section, which is often located in the main menu.
Here are some additional resources that you may find helpful:
Solar Winds Orion Platform Custom Properties Documentation:
(https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
creating-custom-properties sw1391.htm)
(https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
creating-custom-properties-sw1391.htm)
Using Custom Properties to Create Custom Alerts in Solar Winds Orion Platform:
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
use-a-custom-property-in-alerts-sw1100.htm
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
use-a-custom-property-in-alerts-sw1100.htm
Using Custom Properties to Create Custom Reports in Solar Winds Orion Platform:
https://support.solarwinds.com/SuccessCenter/s/article/Create-a-report-on-custom-
properties-for-all-nodes
https://support.solarwinds.com/SuccessCenter/s/article/Create-a-report-on-custom-
properties-for-all-nodes
Using Custom Properties to Create Custom Groups in Solar Winds Orion Platform:
https://thwack.solarwinds.com/resources/thwack-command-center/f/forum/35558/how-
to-use-group-custom-properties-for-creating-a-group
https://thwack.solarwinds.com/resources/thwack-command-center/f/forum/35558/how-
to-use-group-custom-properties-for-creating-a-group
Solar Winds Orion Platform Community:
https://thwack.solarwinds.com/](https://thwack.solarwinds.com/
Integrating NHV analytics reports and manual reports with ART networking can provide
several benefits, including:
Improved network visibility:
By combining data from multiple sources, ART networking can provide a more
comprehensive view of the network, making it easier to identify and troubleshoot
problems. This can help to improve network performance and reduce downtime.
Enhanced reporting and analysis:
ART networking can utilize the data from NHV analytics reports and manual reports to
generate more comprehensive and insightful reports. This can help network
administrators to better understand network performance, identify trends, and make
informed decisions about network management.
Improved decision-making:
By providing a more comprehensive view of the network and the ability to generate
more insightful reports, ART networking can help network administrators make better
decisions about how to manage their networks. This can lead to improved network
performance, reduced costs, and increased agility.
Streamlined network management:
Integrating NHV analytics reports and manual reports with ART networking can
streamline network management tasks. For example, network administrators can use
the integrated data to automate tasks such as report generation and alerting. This can
free up time for network administrators to focus on more strategic tasks.
Unified view of network performance:
Integrating NHV analytics reports and manual reports with ART networking can provide
a unified view of network performance. This can help network administrators to identify
and troubleshoot problems more quickly and effectively.
Here are some specific examples of how NHV analytics reports and manual reports can
be integrated with ART networking:
NHV analytics reports can be used to provide real-time insights into network
performance. This data can be integrated with ART networking to provide real-time
alerts and notifications when problems are detected.
Manual reports can be used to document network changes and configurations. This
data can be integrated with ART networking to provide a historical record of network
changes and configurations.
NHV analytics reports and manual reports can be used to generate custom reports and
dashboards. This can provide network administrators with the information they need to
make informed decisions about network management.
ART networking can use the data from NHV analytics reports and manual reports to
identify and troubleshoot network problems. For example, ART networking can use the
data to identify patterns in network traffic that may indicate a problem.
ART networking can use the data from NHV analytics reports and manual reports to
optimize network performance. For example, ART networking can use the data to
identify bottlenecks in the network and recommend changes to improve performance.
Overall, integrating NHV analytics reports and manual reports with ART networking can
provide a number of benefits for networking organizations. This can help to improve
network visibility, enhance reporting and analysis, improve decision-making, streamline
network management tasks, and provide a unified view of network performance.
Here are some additional resources that you may find helpful:
ART Networking documentation:
https://www.youtube.com/watch?v=D443jxbpluU https://www.youtube.com/watch?
v=D443jxbpluU
NHV analytics reports documentation:
https://www.ni.com/docs/en-US/bundle/teststand/page/xml-reports.html
https://www.ni.com/docs/en-US/bundle/teststand/page/xml-reports.html
Manual reports documentation:
https://learn.microsoft.com/en-us/sql/reporting-services/report-design/reports-report-
parts-and-report-definitions-report-builder-and-ssrs?view=sql-server-ver16
https://learn.microsoft.com/en-us/sql/reporting-services/report-design/reports-report-
parts-and-report-definitions-report-builder-and-ssrs?view=sql-server-ver16