A network is a collection of devices that interact with one another to provide communication. When a network administrator looks at a network, it should be as a whole instead of individual parts.

The important thing to remember when dealing with a network is to view it as a single unit opposed to a group of individual connected devices. This also applies to the wide area connections that are used when connecting to the Internet

• Maintaining, upgrading, and monitoring the network
• Network growth over time
echnical and user training, repairs, and software deployment
• The cost of redundant equipment for mission critical operations

When problems arise, some form of error document should be generated

The two primary reasons for network monitoring are:
1) predicting changes for future growth
2) detecting unexpected changes in network status
FOR LARGE NETWORKS
Ping a few of the important hosts, servers, routers, and switches to verify their connectivity

Network monitoring looks at the actual packet traffic on the network and generates reports based upon the network traffic .
Microsoft Windows NT network monitor
Fluke's Network Analyzer :

Management Station:
The management station is the network manager's interface into the network system. It has the programs to manipulate data from and control the network. The management station also maintains a database of management information (MIB) extracted from the devices under its management .

Management Agent:
Component that is contained in the devices that are to be managed.
Bridges, routers, hubs, and switches may contain SNMP agents .
The management agent responds to the management station in two ways.
1) Polling - the management station requests data from the agent and the agent responds with the requested data.
2) 2) Trapping is a data gathering method designed to reduce traffic on the network and processing on the devices being monitored.
Thresholds (top or bottom limits) are set on the managed device. If this threshold on the device is exceeded, the managed device will send an alert message to the management station.

Management Information Base(MIB):
The management information base has a database structure and is resident on each device that is managed. The database contains a series of objects, which are resource data gathered on the managed device. Some of the categories in the MIB include Port interface data, TCP data, and ICMP data.

Network Management Protocol:
The network management protocol used is SNMP.
SNMP is an application layer protocol
SNMP is designed to communicate data between the management console and the management agent .
It has three key capabilities. The ability to GET , the management console retrieving data from the agent,
PUT , the management console setting object values on the agent, and TRAP , the agent notifying the management console of significant events

RMON extensions to SNMP give the ability to look at the network as a whole as opposed to looking at individual devices.

Probes gather remote data in RMON.
A probe has the same function as a SNMP agent.
A probe has RMON capabilities; an agent does not.
When working with RMON, as with SNMP, a central management console is the point of data collection
An RMON probe is located on each segment of the network monitored.
These probes can be dedicated hosts, resident on a server, or included in a standard networking device such as a router or switch. probes gather the specified data from each segment and relay it to the management console.

Two major benefits to network management processes:
• ability to have more than one network administrator in different physical locations monitor and manage the same network
• Having two or more management consoles means that if one of the consoles fails, the other console still can be used to monitor and control the network until the first console is repaired. (ie. Redundancy)

The Ethernet Statistics Group
Contains statistics gathered for each monitored subnetwork. These statistics include counters
(incremental that start from zero) for bytes, packets, errors, and frame size. The other type of data reference is an index table. The table identifies each monitored
Ethernet device, allowing counters to be kept for each individual Ethernet device. The Ethernet Statistics Group provides a view of the overall load and health of a subnetwork by measuring different types of errors including CRC, collisions, over and under-sized packets.

The History Control Group
Contains a data table that will record samples of the counters in the Ethernet Statistics Group over a specified period of time. The default time: every thirty minutes table size is fifty entries total of twenty-five hours of continuous monitoring
These samples provide a baseline of the network and can be used to compare against the original baseline to resolve problems or to update the baseline as the network changes.

The Alarm Group
Thresholds set, and when met, a message or alarm will be sent to the specified people
This process, known as an error trap , can automate many functions

The Host Group
Contains counters maintained about each host discovered on the subnetwork segment.
Counter categories maintained are: Packets, Octets,
Errors, and Broadcasts.
Example: Total packets, Packets received, Packets sent, along with many counters specific to the type of item.
The Host TOPN Group
Prepares reports about a group of hosts that top a statistical list based on a measured parameter.
Ex: A report could be generated for the top ten hosts generating broadcasts for a day or most packets transmitted during the day.
Easy way to determine who and what type of data traffic most occupies the selected subnetwork

• The Matrix Group
• Records the data communication between two hosts on a subnetwork
• data is stored in the form of a matrix (a multidimensional table).
Examples: one report might show all users of a particular server, while another report shows all the servers used by a particular host.

The Filter Group
Provides a way that a management console can instruct an RMON probe to gather selected packets from a specific interface on a particular subnetwork.
Based on the use of two filters, the DATA and the STATUS filter.
The data filter is designed to match or not match particular data patterns
The status filter is based on the type of packet looked at

The Packet Capture Group
Allows the administrator to specify a method to use to capture packets that have been selected by the Filter Group
Administrator can look at the exact detail for packets that meet the basic filter
The Event Group
Contains events generated by other groups in the MIB database
The Token-Ring Group
Contains counters specific to token-ring networks

Remember that RMON is an extension to the SNMP protocol .
SNMP is still required for RMON to operate on a network.
Later revisions of both SNMP and RMON. They are labeled as
SNMPv2 and RMON2.

The first step in network troubleshooting is the definition of the problem
Know all points – if “this” then “that” scenario.

• The first and most important thing is to use your engineering journal and take notes.
• Another essential element of preemptive troubleshooting is labeling
• The Process of Elimination and Divide and Conquer techniques are the most successful methods for networking troubleshooting

Ping
Sends ICMP echo packets to verify Ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-r count] destination
-t ping until interrupted
-a resolves host name and ping address
-n counts the number of pings
-l length - send specified size echo packets
-f DO NOT FRAGMENT command sent to gateways
-I ttl sets the TTL field
-r count records the route of the outgoing and returning packets
Destination specifies the remote host to ping, by domain name or by IP address

Tracert (Traceroute)
This utility shows the route a packet took to reach its destination (Based on TTL – time to live).
Tracert [-d] [-h maximum_hops] [-j host-list]
[-w timeout] target_name
-d specifies IP addresses shouldn't be resolved to host names
-h max_hops Maximum number of hops searched
-j host-list specifies the loose source route
-w timeout waits the number of milliseconds specified for each reply
Telnet
This is a terminal emulation program that will allow you to run interactive commands on the telnet server.

Netstat Displays protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r]
[interval]
-a Displays all connections and listening ports. (Server-side connections are normally not shown)
e Displays Ethernet statistics. This may be combined with the -s option
-n Displays addresses and port numbers in numerical form
-p proto Shows connections for the protocol specified by proto; proto may be tcp or udp -r Displays the contents of the routing table
-s Displays per-protocol statistics. By default, statistics are shown for
TCP, UDP and IP
-p option may be used to specify a subset of the default interval
Redisplays selected statistics, pausing interval seconds between each display

ARP
Used to gather hardware addresses of local hosts and the default gateway, you can view the ARP cache and check for invalid or duplicate entries arp -a [inet_addr] [-N [if_addr]] arp -d inet_addr [if_addr] arp -s inet_addr ether_addr [if_addr]
-a or –g Displays the current contents of the arp cache
-d Deletes the entry specified by inet_addr
-s Adds a static entry to the cache
-N Displays the arp entries for the specified physical address inet_addr IP address, in dotted decimal format if_addr IP address whose cache should be modified ether_addr The MAC address in hex separated by hyphens

IPconfig (Windows NT)/WinIPcfg (Windows 95-98)
IPconfig [/all | /renew [adapter] | /release
[adapter]]
/all all information about adapter(s)
/renew renew DHCP lease information for all local adapters if none is named
/release release DHCP lease information disabling TCP/IP on this adapter