What is Network Monitoring?

What is network monitoring?

Network monitoring is a type of software application that verifies the correct functioning of network devices, such as routers, switches, and servers. The goal of network monitoring software is to minimize service downtime by detecting problems as soon as they occur. A network monitoring tool does so by running periodic checks on monitored devices to obtain the status and utilization of their resources. When a device doesn’t respond to a check, or reports degraded performance on one or more resources, the network monitoring tool alerts the network administrator.

SNMP transaction between an SNMP poller and an SNMP agent (top), and SNMP trap from an SNMP agent to an SNMP trap receiver.

SNMP transaction between an SNMP poller and an SNMP agent (top), and SNMP trap from an SNMP agent to an SNMP trap receiver.

Do I need a network monitoring tool?

If you work for an organization that owns and operates a network infrastructure, you should have a network monitoring solution in place. If your company has 500 or more employees, chances are that network monitoring is a requirement. The more an organization relies on the network to process transactions, or to offer services to employees, customers, and partners, the more it should be available and well performing. The benefits of a network monitoring solution is to alert your team about faults and outages as soon as they occur. Another benefit of network performance is that it helps network engineers to quickly identify and troubleshoot network outages and performance issues. 


How do I select a network monitoring tool?

Before selecting a network monitoring tool, it’s important to know how many network devices (along with the make and model) will be monitored. This information is needed to verify that the network monitoring tool is scalable, and supports your network devices. It’s also important to make sure that there are enough in house competencies and resources to install and manage the network monitoring service itself. Once you have this information, you should consider price and features supported.


SNMP, Passive, or Active?

If you are new to the network monitoring world, you should be aware of three main network monitoring methods: SNMP, passive, and active. Each method provides different information about your network.

SNMP MonitoringThe Simple Network Management Protocol (SNMP) is an Internet standard used to request information from a device like a router, switch, or server, about the status of its resources, such as CPU, memory, and network interfaces. The type of information that can be obtained from a specific network device varies based on vendor and model. Each vendor publishes a set of management information base (MIB) files that describe what parameters can be queried from a specific device. The MIB files are then imported into the SNMP server. If you want to learn more about SNMP monitoring, you can read the Wikipedia SNMP page.

Passive Network Monitoring: Passive network monitoring is a technique that relies on “listening” to real user traffic to determine network utilization. By doing so, a passive network monitoring tool can reveal which users, applications, and protocols are using the available bandwidth. 

Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).

Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).

There are two ways to passively monitoring a network. The first relies on a dedicated device, called network tap. The network tap receives a copy of real user traffic flowing through a specific network segment. The second method relies on a flow analysis protocol implemented by network hardware vendor, such as NetFlow, s-Flow, etc. If you want to learn more about passive network monitoring. You can read more on the Wikipedia passive network monitoring page.

Active Network Monitoring: Active network monitoring is real-time testing performed by software agents or hardware sensors, on network infrastructure and against applications to verify that the network (or applications) are available and performing well.  Active tests report real-time data such as end-to-end connection, packet loss, jitter, bandwidth, and HTTP response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss. Read more about active network monitoring.

Here’s a list of supported active tests by NetBeez:

TestPrimary Metric
PINGRound-Trip-Time, Packet loss
DNSDNS Lookup time
TracerouteHop count, RTT, MTU
iPerfTCP/UDP/Multicast Throughput
VoIPJitter, Packet Loss, MOS
SpeedtestDownload/Upload Throughput

Open source or paid network monitoring?

Another common dilemma when considering a network monitoring tool is whether to go with an open source or a paid option. This depends on many factors, mostly related to budget, time, and technical skills. Generally, open source network monitoring tools require more technical hands-on expertise (e.g. Linux) than paid solutions. Some open source tools, like Nagios or Zabbix, offer paid support plans. Paid support plans are a good way to get assistance during the installation, configuration and maintenance of the system. Terry Slater for NetCraftsmen has written an article about paid versus open source active network monitoring tools. 


In this article I just scratched the surface of what network monitoring is and why your IT team needs it. In the last twenty years, many open source and commercial products were released. The National Accelerator Group at Stanford estimates 700+ tools. You can read the list of network monitoring tools published by that group. I hope that I provided some guidelines on what you should look for when considering a network monitoring tool.