Problem solve Get help with specific problems with your technologies, process and projects.

Where could I find info on active probing technology to monitor network environments?

I would like to know where I could find the main kind of [active probing] technology to monitor network environments.
Networking monitoring approaches can be separated into two major categories:

  1. Active probing
  2. Passive monitoring

Active probing involves sending traffic onto a network to "sample" its behavior. In some instances it is as simple as sending an ICMP ECHO packet ("ping") and in others it involves an application-level query (e.g. an HTTP request) or the transfer of synthetic traffic (e.g. a sample video or VoIP stream).

Passive monitoring does not introduce additional traffic. Rather it "listens" to the traffic that transits through a particular point on a network. At its simplest, counts are made of packets; in more sophisticated (and CPU expensive) implementations, inspection of the packet headers or contents are made and analyses are performed.

Both have their merits and benefits, as well as drawbacks. You specified an interest in active probing so I won't cover passive monitoring any further except to point out that this may also be a useful solution for your monitoring needs. Sniffer is a household word for many network engineers and companies like Telchemy have developed very sophisticated solutions for applications like VoIP, all specifically based on passive monitoring techniques.

As mentioned active probing covers a lot of ground, from ping to products like our flagship performance analysis product, AppareNet. The first question to ask is: what do you want to monitor?

Are you interested in monitoring the performance of application level services like Web, e-mail, database, etc.? This might be described as Layer 5-7 monitoring. Although low-level network problems affect this view, it is often difficult to distinguish between the application and the network itself.

Or are you interested in monitoring networking performance at the ground level (say, Layer 3/4)? At this level it is generic to all applications and not at all specific to servers or applications.

You specifically mention "networking environments" so I'm going to assume that you are looking for active probing solutions that deal with generic network issues. That network environment I will now define as the end-to-end path from Layer 3 of a particular host machine to Layer 3 on another host machine. So this includes the effect of host NICs, drivers, and OS as well as cables, hubs, switches, routers.

End-to-end active probing is really about "behavioral networking." There are simple behaviors like connectivity that are offered by simple tools like ping. And there are more complex behaviors that can be monitored such as bandwidth, traffic levels, loss and jitter, path MTU and other characterizations.

You ask about the "main kind" of probing technologies. Ironically I would say that most people are using ping and very little more. Tools like Whatsup Gold have formalized monitoring of connectivity behaviors into a tidy package. Tools like AppareNet provide deeper and more comprehensive views that also include diagnostics and performance analysis. Large network management systems like OpenView offer the ultimate in monitoring capabilities but with the overhead of considerable complexity in configuration and maintenance.

This was last published in August 2003

Dig Deeper on Network management and monitoring