Simple Network Management Protocol(SNMP) is a component of the Network management architecture, which consists of four major  components:

  1. Management console(station): This is the network manager’s interface into the network system. It manipulate data and control the network, also maintains a Management Information Base(MIB).
  2. Management agent: This is the component that is contained in the devices that are to e managed, such as routers, hubs, and switches might contain SNMP agents to allow the management station to control them. They responds to the management station in two ways.
    • Through polling, the management station requests data from the agent, and agent responds with the requested data.
    • Trapping. This is a data-gethering method that is designed to reduce traffic on the network and reduce the processes running on the devices being monitored. Thresholds( top or bottom limits) are set on the managed device. If the threshold on the device is exceeded, the managed device sends and alert message to the management station. This eliminates the continuously poll all the managed devices on the network and reduces the amount of SNMP traffic on the network.
  3. MIB: This has a database structure and resides on each device that is managed. The  database contains a series of objects, which are resource data gathered on the managed device.
  4. Network management protocol: SNMP, it is an application layer protocol that is designed to communicate data between the management console and the management agent. Three key capabilities:
    • GET the management console retrieving data from the agent.
    • To PUT the management console setting object values on the agent.
    • To TRAP the agent notifying the management console of significant events.

Remote Monitoring(RMON)

RMON can be supported by hardware monitoring devices (known as “probes”) or through software or some combination. SNMP Probe has the same function as an SNMP agent, uses the SNMP protocol to query a particular device for a list of OIDs, which are then traversed and the results passed back to the sensor.  But a probe has ROMN capabilities, while an agent does not.

An RMON probe is located on each segment of the network that is monitored. These probes can be decicated hosts, resident on a server, or included in a standard networking device(Router or switch). Redundant management consoles provide two major benefits to network management processes: First is the capability to have more than one network admin in different physical locations monitor and manage the same network. Second is the all-important concept of redundancy, if one fails, the other console still can be used to monitor and control the network.

RMON creates new categories of data to the MIB database:

  • The statistics group: Contains statistics that are gathered for each monitored subnetwork. These statistics include counters for bytes, packets, errors, and frame size. The other type of data reference is an index table, which identifies each monitored Ethernet device.
  • The history group: contains a data table that records samples of the counters in the Ethernet Statistics Group over a specified period of time.
  • The Alarm Group: Uses user-specified limits(thresholds). This is an important component of preemptive troubleshooting.
  • The Host Group: contains counters that are maintained about each host that is discovered on the subnetwork segment. Some of the counter categories maintained are packets, octets, errors, and broadcasts.
  • HostTopN group: Prepares reports about a group of hosts that top a statistical list based on measured parameter. Eg, Top 10 hosts that generate broadcasts for a day. This category provides an easy way to determine who and what type of data traffic most occupies the selected subnetwork.
  • The matrix Group: Records the data communication between two hosts on a subnetwork. Eg, One report might show all users of a particular server;whereas another report might show all the servers that a particular host uses.
  • The filter group: Provides a way that a management console can instruct an RMON probe to gather selected packets from a specific interface on a particular subnetwork. This selection is based on the use of two filters: the data filter and the status filter.
    • Data filter: match or not match particular data patterns.
    • Status filter: based on the type of packet looked at, such as a CRC packet or a valid packet.
    • we can combine these filters using logical “and” and “or” to create complicated conditions.
  • The packet capture group: Allows the administrator to specify a method to use to capture packets that been selected by Filter Group.
  • The event group: contains events that other groups generate in the MIB database.
  • The Token Ring Extensions: Contains counters that are specific to Token Ring networks. Because Most of the counters in the RMON are particularly attuned to the Ethernet protocol.