Abstract
The increasing complexity and importance of communication networks have given rise to a steadily high demand for advanced network management tools. Network Management in general consists of two activities: monitoring and controlling. The monitoring part concerns observing and analyzing the status and behavior of the managed networks, and is therefore fundamental for network management. Unfortunately, the existing network monitoring paradigms have some drawbacks that prevent it from satisfactory performance. One related problem is that these approaches are characterized by high centralization which puts almost all the computational burden on the management station. As a result, a huge amount of raw data has to be transferred from network elements to the central management station for further processing, causing heavy traffic, manager overload and long operations delay. Another issue that becomes increasingly noticeable is the absence of a mechanism for dynamic extensions to agent funct
1.1 Background
of the Study
Network monitoring and measurement have become more and more
important in a modern complicated network. In the past, administrators might
only monitor a few network devices or less than a hundred computers. The
network bandwidth may be just 10 or 100Mbps (Megabit per second) ; however, now
administrators have to deal with not only higher speed wired network ( more
than 10Gps( Gigabit per second )and Asynchronous Transfer Mode(ATM) network)
but also wireless network .They need more sophisticated network traffic
monitoring and analysis tools in order to maintain the network system stability
and availability such as to fix network problems on time or to avoid network
failure, to ensure the network security strength, and to make good decisions
for network planning, when a network failure occurs, monitoring agents have to
detect, isolate, and correct malfunctions in the network and possibly recover
the failure. Commonly, the agents should warm the administrators to fix the
problems within a minute. With the stable network, the administrator’s jobs
remain to monitor constantly if there is a threat from either inside or outside
network. Moreover, they have to regularly check the network performance if the
network devices are overloaded to avoid a failure occurring due to the
overloaded, information about network usage can be used to make a network plan
for short-term and long-term future improvement.
There are various kinds of tools use for dealing with the
network monitoring and analysis; such as tools by simple network management
protocol (SNMP), windows management instrumentation (WMI), sniffing and network
flow monitoring and analysis. Given the data packet and network traffic flow
information, administrators can understand network behavior, such as
application and network usage, utilization of network resources, and network anomalies
and security vulnerabilities.
1.1.1 Basic Concepts
SNMP (Simple Network Management
Protocol) was introduced in 1988 and was initially designed as a short-term
solution to manage Transmission Control Protocol /Access Point (TCP/AP) based
networks. With SNMP’s Get, Set and Trap operations, monitoring and controlling can
be realized in TCPAP networks. Since Transmission Control Protocol/Internet
Protocol (TCP/IP) is dominant, implementation and deployment of SNMP management
systems are important. Because of the limitations and deficiencies in the
original SNMP suite, SNMP v2 was introduced and published in 1993.To address the
security and remote configuration capabilitiesissues, a recent set of Request
for Comments (RFCs), known
collectively as SNMP v3, has also been recently introduced[Snmpv3].
A network management or monitoring
system must have a management station or manager. The management station serves
as the interface for the human network manager into the network management
system so that the network manager can monitor and control the network
management processes. Another key element in network management is the
management agent. Any node in the network to be managed, such as PCs,
workstations, servers, bridges and routers, should be equipped with an agent so
that they can be managed from a management station. The agent gathers and
records management information for one or more network elements and communicates
that information to the manager. The communication is implemented according to
a common network management protocol which is shared by al1 the management
stations and agents.
Since the agent has a function of
collecting and maintaining information for its local environment, the
management information base (MIB) was introduced. The MIB contains current and historical
information about its local configuration and traffic. The management station
will maintain a global MIB with summary information from al1the agents. There
are two techniques used for making the management information collected and
stored by agents available to manager systems. One is polling, a process by
which the manager queries the information from the agent and the agent responds
by looking at its MIB. The other process is event reporting, which indicates
that the manager listens for the event reports generated by the agents.
The heart of the network management
system is a set of applications that meet the needs for network management. At
a minimum, a system will include basic applications for performance monitoring,
configuration control, and accounting. This study focuses on monitoring the
system specified by the user in the local network and presenting the
information via text or red the graph in the client