Chapter 20 Network Monitoring
An SNMP agent listens on which port when used with TLS?
10161
SNMP agents use UDP port:
161 10161 (TLS)
SNMP managers use UDP port:
162 10162 (TLS)
Simple Network Management Protocol (SNMP)
A TCP/IP protocol used to monitor network traffic. It creates a managed network
Security Information and Event Management (SIEM)
A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters.
In an SNMP managed network, which software does a managed device run?
Agent
Set
An NMS can tell an agent to make changes to the information it queries and sends (variables)
Trap
An agent can solicit information from an NMS
Where does a packet sniffer put information it collects?
Capture file
An SNMP system uses ________________ PDUs for querying agents.
Get
SNMP systems 4 core functions called PDU's:
Get Response Set Trap
How does an SNMP managed system categorize data that can be queried?
MIB
In an SNMP managed network, which software does an SNMP manager run?
NMS
What component in NetFlow stores information from NetFlow caches?
NetFlow Collectors
A primary tool for capturing and analyzing the flow of packets from one device to another is called ________________.
Netflow
Managed network
Network that is monitored by the SNMP. Consists of 3 components: SNMP manager Managed devices Management information bases
John is conversing with another tech who consistently uses the term "network analyzer" when discussing network monitoring tools. What sort of tool is he using?
Packet analyzer
Jason is concerned about the communication between two workstations and wants to capture and analyze that traffic to see if anything illicit is going on. Which tool would best serve his needs?
Packet sniffer
Metrics
Performance and use option numbers used by interface monitors. Examples include bandwidth, utilization, packet drops, error rates, etc
SNMP manager
Requests and processes information from the managed devices. Runs a specialized software called a network management station (NMS)
A newly hired networking wiz works through the weekend and proudly announces at the Monday staff meeting, "Now you techs can't hide from your duties. All problems with managed devices will be reported to your cell phones." What did the wiz add to the SNMP managed system?
SMS alerts
A(n) ________________ requests and processes information from managed devices.
SNMP manager
An analysis of a network shows a lot of traffic on one machine on port 162. What kind of machine is it?
SNMPmanager
The boss at a small business wants to implement a management system for his network, but due to the sensitive nature of the traffic flowing, that data needs to be secure. Which version of SNMP should he implement?
SNMPv3
Response
Sent by an agent with requested information
Get request
Sent when an SNMP manager wants to query an agent
Which PDU enables a tech to change the variables queried of a managed device?
Set
Agents
Specialized software ran by managed devices
Network Management Station (NMS)
Specialized software used by SNMP manager
flow cache
Stores sets of flows for interpretation and analysis. A single flow entry usually contains info such as destination/source address, destination/source port, etc.
NetFlow
The primary tool used to monitor packet flow on a network. Developed by Cisco
Log management
The process of providing proper security and maintenance for log files to ensure the files are organized and safe.
Interface monitor
Track bandwidth and utilization of one or more devices on a network
An agent uses ________________ PDUs to solicit information from an NMS.
Trap
Management Information Base (MIB)
Used by SNMP to categorize data that can be queried
flow
a flow of packets from one specific place to another
baseline
a log of performance indicators that give a picture of the network when working properly
protocol analyzer
a program that processes captured files from packet sniffers and analyzes them,
packet sniffer
a program that queries a network interface and captures packets in a file (capture file)
Raphael can compare the results of a current Performance Monitor output with the ________________ to see if the network is performing correctly.
baseline
Bart has a choice of tools to view his managed network, but he primarily wants to see graphs of various types of data, such as the overall traffic and the current capacities of the file servers. Which tool offers him the best option?
cacti
Graphing programs like ________________ can show everything about specific switches, such as bandwidth usage.
cacti
A packet sniffer queries a network interface and collects packets in a(n) ________________.
capture file
Jill suspects a switch on Level 12 has a bottlenecked port, with too much traffic. Which tool would enable her to check that port specifically?
interface monitor
Use a(n) ________________ program to track the quantity and utilization of traffic through a physical port or ports on a single device.
interface monitor
Performance monitors use a(n) ________________ to store some form of performance information about a system.
log
Cindy's newly installed Windows network runs great! She needs to create a baseline now for later analysis. Which tool should she use?
performance monitor
The ________________ utility tells the SNMP manager to perform a series of Get commands.
snmpwalk
Logs
store information about the performance of some particular aspect of a system
Performance monitor
tracks performance of some aspect of a system over time and notifies when things aren't normal
snmpwalk
uses a sequence of GETNEXT requests to query network entities for a tree of information
