In this module, we introduce a suite of standard UNIX tools that can help to monitor the action on your network and debug network problems.
By the end of this module, you will be able to:
- Use the
ping
command to test network connectivity
- Use the
netstat
command to examine kernel tables pertaining to networking
- Use the
traceroute
command to discover network paths
- Use
tcpdump
to examine all network traffic
A network in operation needs to be monitored in order to:
- Deliver projected SLAs (Service Level Agreements)
- SLAs depend on polic
- What’s good enough? 99.999% Uptime?
Uptime Expectations
Question: What does it take to deliver 99.9 % uptime?
30.5 days x 24 hours = 732 hours a month
(732– (732 x .999)) x 60 = 44 minutes
only 44 minutes of downtime a month
Need to shutdown 1 hour / week?
(732 – 4) / 732x 100 = 99.4 %
Remember to take planned maintenance into account in your calculations, and
inform your users/customers if they are included/excluded in the SLA.
The principles of network security monitoring (NSM), which is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. NSM is a way to find intruders on your network and do something about them before they damage your enterprise. NSM began as an informal discipline with Todd Heberlein’s development of the Network Security Monitor in 1988.
The Network Security Monitor was the first intrusion detection system to use network traffic as its main source of data for
generating alerts, and the Air Force Computer Emergency Response Team (AFCERT) was one of the first organizations to informally follow NSM principles.
In 1993, the AFCERT worked with Heberlein to deploy a version of the Network Security Monitor as the (ASIM)
Automated Security Incident Measurement[1] system. My goal has been to advocate NSM as a strategic and tactical operation to stop intruders before they make your organization the headline in tomorrow’s newspaper.
[1]Automated Security Incident Measurement: (ASIM) is designed to measure the level of unauthorized activity against its systems. Under this project, several automated tools are used to examine network activity and detect and identify unusual network events.