Network Management

CompTIA+ Network Learning

Network management

Network management

The process of administering and managing computer networks, including thought analysis, performance management, provisioning of networks and clients, and maintaining quality of service.

Network documentation

The documentation necessary to fully understand where a network resides and how it operates, including physical network diagrams, logical network diagrams, wiring diagrams, site survey reports, audit and assessment reports, and baseline configurations.

Physical network diagram

A diagram that shows the actual physical arrangement of the components of a network, including cabling and hardware, often resembling a floor plan or rack layout.

Logical network diagram

A diagram that illustrates the flow of data across a network and how devices are communicating with each other, including subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments.

Wiring diagram

A diagram that shows the physical arrangement of cables in a network, often included as part of physical or logical network diagrams.

Site survey reports

Reports conducted to assess the wireless or wired environment of a network, including wireless access point locations and signal strength, or power, space, and cooling requirements for equipment installation.

Audit and assessment reports

Reports delivered after a formal assessment has been conducted, containing an executive summary, assessment scope and objectives, methods and tools used, findings, recommendations, and results of the audit.

Baseline configurations

The most stable versions of a device's configurations, documented and formally reviewed, which can only be changed through change control procedures.

Performance Metrics

Measurements used to assess network availability and monitor network performance, including latency, bandwidth, and jitter.

Latency

The measure of the time it takes for data to reach its destination across a network, usually measured as the round trip time from a workstation to the distant end and back.

Bandwidth

The maximum rate of data transfer across a given network, measured in terms of throughput, which is the actual measure of data being successfully transferred.

Jitter

The network condition that occurs when a time delay in the sending of data packets over a network connection is occurring, negatively affecting real-time applications like video conferences and voiceover IP.

Sensors

Devices used to monitor the performance of network devices, such as routers, switches, and firewalls, measuring temperature, CPU usage, and memory utilization.

Temperature Sensor

Measures the temperature inside network devices and sets off alarms when rising temperatures are detected, helping to prevent overheating and catastrophic failures.

CPU Usage

Measures the utilization of the central processing unit in network devices, indicating if the device is running normally or experiencing high utilization, which can lead to dropped packets or connection failures.

Memory Utilization

Measures the amount of memory being used by network devices, with high utilization indicating potential system hangs, crashes, or other issues.

Memory Utilization

The percentage of memory being used by a device or network.

Peak Times

The times when memory utilization may be at its highest, potentially reaching 80%.

Larger or More Powerful Device

An option for addressing high memory utilization is to install a device with greater capacity or processing power.

Network Attack

Memory utilization above 80% for an extended period could indicate a potential attack on the network.

Normal Network Operation

As networks operate in the real world, administrators will become familiar with what is considered normal for their specific network.

Temperature and Utilization Increase

Rising temperatures and increasing CPU and memory utilization can trigger alarms for network configuration or performance issues.

Investigating Root Cause

When abnormal network metrics are identified, administrators should investigate the underlying cause and resolve the issues to return to a normal baseline.

NetFlow Data

NetFlow is a protocol used for traffic flow analysis in networks.

Full Packet Capture

A method of capturing and logging every packet that enters or leaves a network, but it requires significant storage space.

NetFlow vs

NetFlow data provides network traffic statistics and metadata, saving storage space compared to full packet capture.

Flow Analysis

Flow analysis uses flow collectors to record metadata and statistics about network traffic, allowing for analysis of traffic patterns and trends.

Visualization and Reports

Flow analysis tools store information in a database, which can be queried to generate reports and graphs for network monitoring.

Anomalies and Baselines

Flow analysis can identify anomalies and deviations from expected network baselines, triggering alerts for potential network performance issues or incidents.

NetFlow

NetFlow is a Cisco-developed protocol for reporting network flow information to a structured database.

NetFlow Data Elements

NetFlow captures information about network protocols, IP addresses, ports, and other characteristics of traffic flows.

Zeek

Zeek is a hybrid tool that passively monitors network traffic and logs full packet captures based on predefined rules and parameters.

Zeek Data Normalization

Zeek normalizes captured data and stores it in a format compatible with other cybersecurity and network monitoring tools.

MRTG

The Multi Router Traffic Grapher is a tool used to create graphs showing network traffic flows based on SNMP data from routers and switches.

Visualizing Traffic Patterns

Graphs generated by MRTG help identify patterns and deviations from baselines in network traffic.

Interface Statistics

Interface statistics provide information about the status, traffic, and performance of network interfaces on routers, switches, and firewalls.

Link State

Link state indicates whether an interface has a connected cable and a valid protocol for communication.

Ethernet

A network protocol that allows frames to enter and leave an interface.

MAC address

A unique identifier assigned to a network interface.

IP address

A numerical label assigned to a device on a network.

MTU size

Maximum Transmission Unit size, the maximum size of a data packet that can be transmitted over a network.

Bandwidth

The maximum data transfer rate of a network connection, measured in kilobits or megabits per second.

Reliability

The measure of the number of packets divided by the total number of frames, indicating the stability of the connection.

txload

Indicates how busy the router is transmitting frames over the connection.

rxload

Indicates how busy the router is receiving frames over the connection.

ARPA

Advanced Research Projects Agency, the standard Ethernet protocol used for encapsulating Ethernet frames.

Keepalive

A packet sent by a router to check if connected devices are still active and online.

Full-duplex

A mode of communication where data can be transmitted and received simultaneously.

100BaseTX/FX

Indicates the interface type and bandwidth being used (100 megabits per second) for fast Ethernet connections.

ARP type

Address Resolution Protocol type, indicating the protocol used for mapping IP addresses to MAC addresses.

Timeout

The duration for which an ARP cache will remember a binding before it is cleared.

Input queue

The number of packets in the input queue and the maximum size of the queue.

Drops

The number of packets that have been dropped.

Flushes

Selective Packet Discards that occur when the router needs to shed some load and starts dropping packets selectively.

SPD

Selective Packet Discard, a protocol that drops low priority packets when the CPU is busy to prioritize higher priority packets.

Output drops

The number of packets dropped from the output queue due to network congestion.

FIFO

First In, First Out, a queuing strategy for quality of service.

Output queue size

The current size and maximum size of the output queue.

Minute input/output rates

The average rates at which packets are being received and transmitted.

Packet input

The number of packets received and the size of the data processed.

Receive broadcast

The number of broadcast frames received.

Runts

Ethernet frames smaller than the minimum size of 64 bytes.

Giants

Ethernet frames larger than the maximum size of 1,518 bytes.

Throttles

Occur when the interface fails to buffer incoming packets, indicating quality of service issues.

Input errors

The number of frames received with errors, such as runts, giants, CRC errors, etc.

CRC

Cyclic Redundancy Check, the number of packets received that failed the CRC check.

Frame

The number of packets received with a CRC error and a non-integer number of octets.

Overrun

The number of times the interface was unable to receive traffic due to insufficient hardware buffer.

Ignored

The number of packets ignored due to low internal buffers on the hardware interface.

Watchdog counter

The number of times the watchdog timer has expired.

Input packets with dribble condition detected

Slightly longer than default frames received by the interface.

Packet output

The number of packets sent and the size of the transmissions in bytes.

Underrun

The number of times a sender has operated faster than the router can handle, causing buffer or dropped packets.

Output errors

The number of collisions and interface resets that occurred during transmission.

Interface reset

The number of times an interface had to be completely reset since the last reboot.

Unknown protocol drops

The number of packets dropped where the protocol is unknown.

Babbles

Frames transmitted that are larger than 1,518 bytes.

Late collisions

The number of collisions that occur after the interface starts transmitting a frame.

Deferred

The number of frames transmitted successfully after waiting due to busy media.

Loss carrier

The number of times the carrier was lost or not present during transmission.

No carrier

The number of times the carrier was not present during transmission.

Output buffer failures

The number of times a packet was not output due to a shortage of shared memory.

Output buffer swapped out

The number of packets stored in main memory when the queue was full.

Interface statistics

Information about the link state, speed, duplex status, traffic statistics, cyclic redundancy check statistics, protocol packet and byte counts, CRC errors, giants, runts, and encapsulation errors of a network interface.

Troubleshooting

The process of identifying and resolving issues or problems with a device or system.

Half-duplex

A communication mode where data can be transmitted in both directions, but not simultaneously.

Full-duplex

A communication mode where data can be transmitted in both directions simultaneously.

Bandwidth

The maximum amount of data that can be transmitted over a network connection in a given period of time.

Collisions

A situation where two devices on the same network transmit data at the same time, causing the data to collide and become corrupted.

CRC errors

Cyclic Redundancy Check errors, which occur when data is corrupted during transmission.

Environmental sensors

Sensors used to monitor physical conditions such as temperature, humidity, electrical power status, and flooding in network environments.

HVAC system

Heating, Ventilation, and Air Conditioning system used to control temperature and airflow in a building or room.

Humidity

The amount of moisture present in the air.

Power sensors

Sensors used to monitor power levels and detect surges, spikes, brownouts, blackouts, or dirty power in network equipment.

Flooding sensors

Sensors used to detect the presence of water or flooding in non-human occupied spaces such as telecommunication closets.