As we discussed in our early articles, CISCO’s Netflow is the best and easiest protocol to use to build a Network Monitoring Tool. In this post series, we are concerned with the development of a network monitoring system which mainly based on NetFlow and also the project concerned about to measure system utility usages, such as RAM usage and hard disk usage, opened ports of client machines and available IPs of clients in the LAN. Apart from monitoring, this project also concerned about the remote logging system.
Objectives of This Network Monitoring Tool
There are a few objectives behind this tool.
- Develop a network monitoring tool to capture (using NetFlow) and monitor traffic in network links
- This tool shall monitor traffic bandwidth, utilization, and transactions (Eg:- IPs, ports) using the developed tool.
- Develop a system monitoring component to monitor the computer system’s resources utilization (Eg: Memory usage).
- Enhance the monitoring tool to generate alerts when the thresholds are reached (Eg: Bandwidth, Memory).
- Enhance the tool to provide remote Desktop access with IP and Port scan function.
- Analyze potential development technologies and deployment solutions.
Scope of This Network Monitoring Tool
As this is only for educational purposes, we are limiting the capabilities of this tool. In this post series, this building tool will cover the following technical areas.
1. Monitors CISCO NetFlow Data
The tool can monitor the whole Network (using NetFlow data) upload and download bandwidth. It also can save bandwidth usage for a user-given period for future analytical usage.
2. Generates Traffic Bandwidth Graphs
This tool can generate graphs for bandwidth (both upload and download) of specific services. The tool can monitor both upload and download bandwidth of Internet traffic, FTP traffic, and DNS traffic.
3. Monitor client system Usage
This tool can monitor the system usage of clients. Currently, the tool can monitor RAM usage and hard disk usage of the LAN client.
4. IP and Port Scanner
This tool has the inbuilt IP and Port Scanner, so it can scan the network for available IPs and can check open ports for specific IP addresses.
5. Alert system
This tool can generate alerts when the bandwidth limitation threshold reached. Also, it makes alerts when the predefined threshold of client system usage reached. Alerts are save in the alert log. It also supports real-time sound alerting and email alerts.
6. Remote Logging and Administration
This tool can log in to LAN clients remotely from the server. The remote login system allows the system administrator to see the screen of the remote client, control mouse, and keyboard of the client in real-time.
7. Software Components of This Network Monitoring Tool
This tool consists of 2 software components.
- Client component
This component needs to install on client machines, and the component does the operations on the client-side such as client system monitoring, a part of the remote logging component, etc. Client machine users can’t access to the component.
- Server Tool
This component needs to install on the server machine, and the component will do all operations on the server-side such as NetFlow monitoring and IP and port scan, etc. This component for the network administrator or system administrator.
Program Technologies Used for This Network Monitoring Tool
The programming language used for this tool is Java. Additionally, the following Java libraries are using as per requirement.
jFlow is a Java library that has a set of classes that can use to collect and decapsulate NetFlow data. jFlow is a free and open-source Java library that has GNU Lesser General Public License.
You can get the jFlow Java library from here >> jFlow
JCommon is a Java library that has a set of classes that can use to generate graphs. It has GNU Lesser General Public License.
You can get the JCommon Java library from here >> JCommon
See you in part 2 of the post series.
Developing A Network Monitoring Tool Using CISCO NetFlow : Part 2