Ask the Expert

How to monitor network traffic: Appliance placement and choke points

What are the best points for monitoring traffic flow on a network, and why?

    Requires Free Membership to View

Learning how to monitor network traffic is a good idea for a number of reasons: IDS/IPS systems need to be able to observe all traffic to alert on and potentially block malicious flows. Also, from a purely network operations perspective, it's important to monitor traffic in order to track network performance over time. The ability to monitor traffic at key points on the network also serves as an invaluable troubleshooting aid.

The key to monitoring traffic is to identify key areas (or choke points) to place the network traffic appliance so you can gather the most information on traffic flowing between a source and a destination. For example: If you would like to monitor all ingress and egress traffic flowing through the enterprise network, the choke point should be set up on the inside interface of the firewall. Choke points could be a physical network tap or a span port on a switch, mirroring traffic through the port that needs to be monitored (e.g., the port connected to the inside interface of the firewall in this example).

Monitoring the inside interface of the firewall gives a good idea of all traffic entering and leaving the network after unwanted traffic has been filtered from the firewall. Another useful choke point would be at critical server segments. This would give visibility into all traffic entering or leaving the server segment. Starting with the inside firewall interface and the server segment would be a good template for monitoring traffic across the enterprise.

This was first published in February 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: