What is Network Monitoring?

Network monitoring is a software application that verifies the correct functioning of networked devices (e.g. routers, switches, and servers). The goal of such software is to minimize service downtime by detecting problems as soon as they occur along with troubleshooting information about the root cause. This is generally implemented by running periodic checks on monitored devices to collect their status, resources utilization, and other metrics. When a device doesn’t respond to a check, or reports degraded performance on one or more resources, the tool alerts via email or other methods the help desk team or the network administrator.

SNMP transaction between an SNMP poller and an SNMP agent (top), and SNMP trap from an SNMP agent to an SNMP trap receiver.
Network Monitoring via SNMP: an SNMP poller, or server, periodically queries an SNMP agent to gather status and resources available (top); an agent sends an SNMP trap to a receiver to alert about a failure (bottom).

Do you need a network monitoring tool?

If you work for an organization that owns and operates a network infrastructure or if your company has 500 or more employees, you will need such a tool. At the same time, chances are that you will need such a tool. The more an organization relies on the network to process transactions, or to offer services to employees, customers, and partners, the more it should be available and well performing. The benefits of a network monitoring solution is to alert your team about faults and outages as soon as they occur. Another benefit is that it helps network engineers to quickly identify and troubleshoot outages and performance issues, reducing the support burden on IT and associated costs. This is actually a major factor, when running efficiently IT operations. 

How to select a network monitoring tool?

Before selecting a network monitoring tool, it’s important to know how many network devices will be monitored, what type of vendors are supported by the tool, and the costs. With this information it’s possible to verify that a specific solution is scalable and appropriate to your specific network environments. It’s also important to make sure that there are enough in house competencies and resources to install and manage the service itself. In the below section, we’ll do a quick analysis on commercial versus open source options. Once you have this information, you should consider price and features supported.

SNMP, Passive, or Active?

If you are new to the network monitoring world, you should be aware of three main methods to monitor a network: SNMP, passive monitoring, and active monitoring. Each method provides different information about your network.

SNMP MonitoringThe Simple Network Management Protocol (SNMP) is an Internet standard used to request information from a device like a router, switch, or server, about the status of its resources, such as CPU, memory, and network interfaces. The type of information that can be obtained from a specific network device varies based on vendor and model. Each vendor publishes a set of management information base files (MIB/MIBs). MIBs describe the parameters or resources that can be queried from a specific device (SNMP agent). Most of SNMP solutions allow the import of MIB files to integrate with a specific device. If you want to learn more about SNMP monitoring, you can read the Wikipedia SNMP page.

Passive Monitoring: This is a technique that relies on “listening” to user traffic to determine network utilization. By doing so, a passive network monitoring tool can reveal which users, applications, and protocols are using the available bandwidth. This methodology has also application in security and surveillance.

There are three ways to passively monitoring a network: network TAP, SPAN port, and flow-based protocols:

Network TAPs are dedicated devices that are installed in-line where the traffic has to be analyzed. A network TAP replicates the entire content of the frames (layer 2) flowing across. For this reason, network TAPs are generally preferred for deep packet inspection.

The second method relies on a SPAN (Switch Port for ANalysis) port. A SPAN port is created on a switch by instructing it to send a copy of the traffic from a specific port or VLAN to another port on the switch itself or on another switch that has been connected to a network collector

The third method relies on a flow analysis protocol implemented by network hardware vendor, such as NetFlow, s-Flow, etc. If you want to learn more about passive network monitoring. You can read more on the Wikipedia page, which offers a good starting point.

Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).
Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).

Active Monitoring: This method relies on real-time testing performed by software agents or hardware sensors, on network infrastructure and against applications to verify that the network (or applications) are available and performing well.  Active tests report real-time data such as end-to-end connection, packet loss, jitter, bandwidth, and HTTP response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss. Active network monitoring tools are also used to provide service assurance, network testing, and capture the end-user experience on WAN and WiFi.


NetBeez is an example of an active network monitoring tool that runs real-time tests to let network engineers quickly detect and troubleshoot network performance issues. Here’s a list of supported active tests by NetBeez.

TestPrimary Metric
PINGRound-Trip-Time, Packet loss
DNSDNS Lookup time
TracerouteHop count, RTT, MTU
iPerfTCP/UDP/Multicast Throughput
VoIPJitter, Packet Loss, MOS
SpeedtestDownload/Upload Throughput

If you want to learn more about NetBeez, you download the technology’s overview and benefits.

Open source or commercial network monitoring?

Another common dilemma is whether to go with an open source or a commercial monitoring solution. This depends on many factors, mostly related to budget, time, and technical skills. Generally, open source tools require more technical hands-on expertise (e.g. Linux) than paid solutions. Some open source tools, like Nagios or Zabbix, offer paid support plans. Paid support plans are a good way to get assistance during the installation, configuration and maintenance of the system. Terry Slater for NetCraftsmen has written an article about paid versus open source active network monitoring tools.


In this article I just scratched the surface of what network monitoring is and why your IT team needs it. In the last twenty years, many open source and commercial products were released. The National Accelerator Group at Stanford estimates 700+ tools. You can read the list of network monitoring tools published by that group. I hope that I provided some guidelines on what you should look for when considering a network monitoring tool.