Q

How to monitor network traffic: Appliance placement and choke points

Monitoring network traffic is crucial, but where's the best place to put network monitoring tools? Expert Anand Sastry gives advice.

What are the best points for monitoring traffic flow on a network, and why?

Learning how to monitor network traffic is a good idea for a number of reasons: IDS/IPS systems need to be able to observe all traffic to alert on and potentially block malicious flows. Also, from a purely network operations perspective, it's important to monitor traffic in order to track network performance over time. The ability to monitor traffic at key points on the network also serves as an invaluable troubleshooting aid.

The key to monitoring traffic is to identify key areas (or choke points) to place the network traffic appliance so you can gather the most information on traffic flowing between a source and a destination. For example: If you would like to monitor all ingress and egress traffic flowing through the enterprise network, the choke point should be set up on the inside interface of the firewall. Choke points could be a physical network tap or a span port on a switch, mirroring traffic through the port that needs to be monitored (e.g., the port connected to the inside interface of the firewall in this example).

Monitoring the inside interface of the firewall gives a good idea of all traffic entering and leaving the network after unwanted traffic has been filtered from the firewall. Another useful choke point would be at critical server segments. This would give visibility into all traffic entering or leaving the server segment. Starting with the inside firewall interface and the server segment would be a good template for monitoring traffic across the enterprise.

This was first published in February 2011

Dig deeper on Network Device Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close