A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
Traffic monitoring could be a important component of network and system management. Monitoring this traffic gives vital info concerning the operation of enterprise applications. This info is important for the activities like price allocation, capability designing, quality of service analysis, isolation ,fault detection and security management. Traffic monitoring will be a comparatively simple and straightforward task. within the past huge numbers of machines were connected to a shared network. (A shared network allows a one instrument connected to the n/w to monitor all the traffic since packets sent in one a part of the network are received altogether different components of the network.) Requirements for enlarged bandwidth, changes in traffic patterns, and therefore the quickly falling price of routing device and packet switching and routing devices has caused a speedy movement faraway from shared networks to networks that square measure extremely divided. Traffic is not any longer visible from a one single point.based on packet destination a switch directs the packets to specific ports . each port on the switch has to be monitored so as to get an entire image of the network traffic. the employment of point-to-point links makes it tough to connect instruments and therefore the sizable amount of instruments that will be needed to watch all the switch ports ensures that such Associate in Nursing approach wouldn't be price effective. additionally the switches and routers themselves have advanced internal architectures and therefore the flow of packets among, and thru, them is turning into a very important think about network performance.
on switched networks to monitor traffic the only way is to monitor traffic within switches themselves. additionally to the technical difficulties of the task, there also are severe worth constraints. The marketplace for switches is maturing and there's little or no space to feature price or impact the performance of those devices, particularly since watching is secondary to the first shift operate of the device.
There are 3 main points for traffic watching :
1. RMON RMON1 (Remote MONitor) is a Internet Engineering Task Force (IETF) which specifies a , promiscuous, traffic-monitoring device. An RMON device monitors each packet and decodes each packet on the n/w to that it's hooked up, measurement tables are created that may be downloaded in later by a n/w management application.
2. NetFlow Cisco routers and switches,sends total info about traffic flow to the central person as a part of their NetFlow monitoring system. The device decodes each ip packet, maintains tables of active flows, and forwards flow records sporadically or when they complete to a network management application.
3.Along with stastics sampling s flow combines correct packet counters of the state of the routing and bridging tables utilized by the switch to forward randomly selected packets. The sampled info is instantly sent for analysis.
Get Answers For Free
Most questions answered within 1 hours.