I’m sure that you read my previous article in this article series. If not, please read it before continue this to get a better understanding of developing a network monitoring tool using CISCO Netflow technology.
Developing A Network Monitoring Tool Using CISCO NetFlow : Part 1
Ok. Now let’s continue today’s part of this article series. In this part 2, we are going to cover the Analysis and Design of this Network Monitoring Tool.
Overview of System Functionality of the Network Monitoring Tool
This tool contains two parts as a “server component” and a “client component”. The server component includes a NetFlow data collector and analyzer, alert system, Remote logging, and administration system, IP scanner and Port scanner.
NetFlow data collector and analyzer can capture and decapsulate NetFlow data. It calculates upload and downloads bandwidth and bandwidth per services. The system saves the bandwidth data with the time of the data chunk. It will use in graphs. This system generates graphs of both upload and downloads bandwidth, Such as upload and download graphs of Web traffic, FTP traffic, DNS traffic, and total network traffic. It shows real-time traffic in the console of the tool. It includes the source IP address, destination IP address, source port, and destination port.
The Alert system supports real-time alerts. It includes sound alert, email alert, and the alert log. When the alert occurred, an email alert goes to the email address of the Network administrator. The alert log can view any time since the alert data is saved.
Remote logging and administration systems can give access to the remote client desktop. These share the client desktop with the server as the TeamViewer does. This allows users to control the mouse and keyboard of the remote client and gain administrating rights of that PC.
IP Scanner can scan the available IP address of the given network and show them with hostnames. A Port scanner can scan opened ports for the given IP address and explain the details.
Client component includes Client system, usage monitor. It monitors current RAM usage and Hard disk usage and sends alerts when the threshold reached the server. Also, the client component includes the rest of the Remote logging and administration system.
Suggested System Requirements
Requirements of Hard disk, processor, and the RAM depend on total network traffic. Large networks need more system resources, and small networks can use minimum system requirements. However, the following are the minimum suggested system requirements of this Network Monitoring Tool.
- Operating system : Any OS
- Hard Disk space: Minimum 100GB hard disk space to store traffic records.
- Processor : Minimum 2.4 GHz
- RAM : Minimum 4 GB
- NetFlow enabled routers
Diagrams of the Network Monitoring Tool
Following network diagram is a possible network diagram for a small network that monitors NetFlow. There are two subnetworks, four servers, and four clients. Web, FTP, and DNS usage of PC0, PC1, PC2, and PC3 were monitored by NetFlow and exported to NetFlow Server. NetFlow was enabled on both serial interfaces.
This will include activity diagrams of each and every system of the Network Monitoring Tool Using CISCO NetFlow. Such as NetFlow Data Collector and analyzer, Alert system, Remote logging system, IP scanner, and Port scanner.
Activity Diagram of the NetFlow Data Collector
Activity Diagram of the Alert system
Activity Diagram of the Remote Logging System
Activity Diagram of the IP Scanner
Activity Diagram of the Port Scanner
Use Case Diagram
Let’s continue thin is part 3.
Developing A Network Monitoring Tool Using CISCO NetFlow : Part 3