NETWORK ANALYZER AND NETWORK MONITORING TOOLS USING SNMP

ABSTRACT
The increasing complexity and importance of communication networks have given rise to a steadily high demand for advanced network management tools. Network Management in general consists of two activities: monitoring and controlling. The monitoring part concerns observing and analyzing the status and behavior of the managed networks, and is therefore fundamental for network management. Unfortunately, the existing network monitoring paradigms have some drawbacks that prevent it from satisfactory performance. One related problem is that these approaches are characterized by high centralization which puts almost all the computational burden on the management station. As a result, a huge amount of raw data has to be transferred from network elements to the central management station for further processing, causing heavy traffic, manager overload and long operations delay. Another issue that becomes increasingly noticeable is the absence of a mechanism for dynamic extensions to agent functionality. There have been many studies performed on wireless networks. Of those that have captured data from the wireless side, most have used a form of wireless network monitoring known as Vicinity Sniffing (wireless sniffing from a location that is physically close to an access point to be in the broadcast range) as the primary means of capturing data. We believe that with recent advancements, Simple Network Management Protocol (SNMP) is now capable of producing reliable results that were previously unattainable. We were presented with several obstacles in our studies, most of which are beliefs that SNMP is inadequate for monitoring IEEE 802.11 wireless networks.
In this work we take advantage of some unique features of the Java technology and present a framework for distributed and dynamic network monitoring. Specialized Java objects known as Intelligent Monitoring Objects, are delegated to a Java-based Extensible Management Server (JEMS), where they carry out encapsulated monitoring functionality upon management information collected locally from the underlying network device. We have built a proof-of-concept prototype system using the JEMS architecture and validated its effectiveness and flexibility compared with the traditional centralized network management systems.
The claim is that SNMP provides either aggregated statistics or instantaneous values, and that it cannot report data on a per-device level, which is often desired so that individual details of a network’s performance may be analyzed. A prototype system has been developed allowing fans attending home football games to interact with a set of web applications using 802.11 enabled smartphones. A driving requirement behind the work presented in this thesis was to develop a framework for monitoring and analyzing the underlying IEEE 802.11 network used by the iTiger system.

1.1 Background of the Study
Network monitoring and measurement have become more and more important in a modern complicated network. In the past, administrators might only monitor a few network devices or less than a hundred computers. The network bandwidth may be just 10 or 100Mbps (Megabit per second) ; however, now administrators have to deal with not only higher speed wired network ( more than 10Gps( Gigabit per second) and AsynchronousTransferMode(ATM) network) but also wireless network .They need more sophisticated network traffic monitoring and analysis tools in order to maintain the network system stability and availability such as to fix network problems on time or to avoid network failure, to ensure the network security strength, and to make good decisions for network planning, when a network failure occurs, monitoring agents have to detect, isolate, and correct malfunctions in the network and possibly recover the failure. Commonly, the agents should warm the administrators to fix the problems within a minute. With the stable network, the administrator’s jobs remain to monitor constantly if there is a threat from either inside or outside network. Moreover, they have to regularly check the network performance if the network devices are over loaded to avoid a failure occurring due to the overloaded, information about network usage can be used to make a network plan for short-term and long-term future improvement.
There are various kinds of tools use for dealing with the network monitoring and analysis; such as tools by simple network management protocol (SNMP), windows management instrumentation (WMI), sniffing and network flow monitoring and analysis. Given the data packet and network traffic flow information, administrators can understand network behavior, suchas application and network usage, utilization of network resources, and network anomalies and security vulnerabilities.

1.1.1 Basic Concepts
SNMP (Simple Network Management Protocol) was introduced in 1988 and was initially designed as a short-term solution to manageTransmission Control Protocol /Access Point(TCP/AP) based networks. With SNMP’s Get, Set and Trap operations, monitoring and controllingcan be realized in TCPAP networks. SinceTransmission Control Protocol/Internet Protocol (TCP/IP) is dominant, implementation anddeployment of SNMP management systems are important.Because of the limitations and deficiencies in the original SNMP suite, SNMP v2 was introduced and published in 1993.To addressthe security and remote configurationcapabilitiesissues, a recent set of Request for Comments (RFCs), known collectively as SNMP v3, has also been recently introduced[Snmpv3].
A network management or monitoring system must have a management station or manager.The management station serves as the interface for the human network manager into the networkmanagement system so that the network manager can monitor and control the network management processes. Another key element in network management is the management agent. Any node in the network to be managed, such as PCs, workstations, servers, bridges and routers,should be equipped with an agent so that they can be managed from a managementstation. Theagent gathers and records management information for one or more network elements and communicates that information to the manager. The communication is implemented according to acommon network management protocol which is shared by al1 the management stations andagents.

Since the agent has a function of collecting and maintaining informationfor its local environment, the management information base (MIB) was introduced. The MIB contains current andhistorical information about its local configuration and traffic. The management station will maintain a global MIB withsummaryinformation from al1the agents.There are two techniques used for making the management information collected and storedby agents available to manager systems. One is polling, a process by which the manager queriesthe information from the agent and the agent responds by looking at its MIB. The otherprocess is event reporting, which indicates that the manager listens for the event reports generated by theagents.
The heart of the network management system is a set of applications that meet the needs fornetwork management. At a minimum, a system will include basic applications for performancemonitoring, configuration control, and accounting. This study focuses on monitoring the systemspecified by the user in the local network and presenting the information via text or red thegraph in the client’s Web browser.Common Object Request Broker Architecture (CORBA) is defined by the Object ManagementGroup (OMG) m provide middleware for object-oriented applications. With a membership ofover 800 companies, OMG represents the main spectrum of the computer industry except forMicrosoft. For the majority of the industry, the next generation of middleware is CORBA.