Network Monitoring Tools: Types and Comparison

There are many network monitoring tools on the market, at least hundreds of them. Choosing the right one is not easy, and requires some research and analysis. We hope that this article will help select what network monitoring tools will benefit a specific use case and address a need or problem.

Why Network Monitoring Tools Are Essential

It’s very important to have network monitoring tools in place. In fact, these tools enable organizations and IT teams to:

Proactively Detect Issues: Network monitoring tools continuously interface with your network devices and identify anomalies or performance degradation issues. They help identify potential issues before they escalate. The proactive approach of network monitoring save organizations several hours of downtime and costly repairs.
Optimize Network Performance: Network monitoring tools highlight critical performance metrics that help tune the network configuration. Metrics like bandwidth available, usage, and traffic patterns allow network administrators to make informed decisions for capacity planning.
Secure the Network: Security breaches and threats are more common. Organizations need to be prepared by detecting and mitigating such risks. Network monitoring tools solve this critical function.
Save Costs: Network monitoring helps Network Operations to implement optimizations, proper planning, and reducing troubleshooting costs. Help Desk teams can save costs in support hours by empowering the technicians to gather all the data required to promptly address a customer complaint or request.

Types of Network Monitoring Tools

Selecting the right network monitoring tool is not an easy task. For instance, which tool is suited to monitor a network infrastructure? Is it the same that it will be used to monitor the digital experience of end-users?

Before adventuring into the jungle of network monitoring tools, be aware that there are three main categories of network monitoring tools:

SNMP
Passive
Active

Each one of them has a specific function, with associated benefits and limits. Let’s review each one of them in details.

SNMP-based Tools

These network monitoring tools use the SNMP protocol to monitor network devices. The servers are also called SNMP pollers because they poll the devices’ status and resources’ consumption, like CPU utilization, memory consumption, and bytes transmitted and received on their interfaces. SNMP tools send alerts when a network node becomes unreachable or resources are overloaded. In this class of tools there are open source solutions like Nagios as well as commercial ones like SolarWinds.

Passive Monitoring Tools

Passive network monitoring tools are called so because they process and capture real user data (also called traffic flow). These tools generate aggregate traffic statistics, breaking them down based by protocols and hosts. The network administrator can identify the machines (top talkers) that are consuming the capacity of a specific network. Passive tools can also inspect a specific sequence of packets to pinpoint performance issues between a client and a server.

Passive network monitoring tools process flows statistics generated by an inline device (network tap), a software agent, or network element that is switching the user traffic. The captured flow is then sent to a central collector for storage and processing. You can configure a mirror port on a switch to copy traffic flows for further analysis by a flow collector. Routers can also run NetFlow, SFlow and other type of protocols that generate statistics about user traffic.

Active Monitoring Tools

This type of monitoring is accomplished by injecting real packets into the network to measure end-to-end reachability, round-trip-time, packet loss, bandwidth, link utilization and other network proprieties. Active monitoring is also used to test applications from the user perspective by executing real transactions and then measuring their performance like execution and response time. This technique enables you to test the end result of network and applications, without having to monitor individual components and then inferring their availability and performance. The feedback and detection of outages and performance degradation issues is much faster and more reliable.

In this class you can find open source tools like SmokePing and Iperf as well as commercial solutions like NetBeez.

Types Comparison

In the following table is a list of pros and cons that in my opinion you should consider for network monitoring:

TYPE	PROS	CONS
SNMP	Detect hardware failures and overload of system resources Provide bytes in/out network interfaces Always on monitoring (24×7) Fairly easy to setup	Lack of end-to-end visibility Not appropriate for troubleshooting network performance issues Hardly circumvent network complexity and virtualization Cannot detect software configuration errors (routing policies, ACL, …) that affect user traffic
Passive	Accounting and statistics about traffic flows Protocols breakdown across network links Identify top talkers Deep packet inspection analysis	High disk space consumption Limited historical data In-line devices (taps) introduce another point of failure Taps are generally expensive so cannot be installed everywhere Mirror ports consume system resources and cannot capture all the flows traversing the node Require expertise and training Reactive troubleshooting
Active	Detect performance degradation and trends Always on monitoring (24/7) Can hold large amount of historical data Does not require real user traffic to generate KPIs Test network infrastructure in the pre-deployment phase Validate configuration changes	In performing real transactions, these tools consumes network and/or application resources To be successfully implemented, several hardware or software agents must be deployed in the network

Competitive Analysis

As we just reviewed, each type of tool has its own specific use case and function. However, you may short list in each category more than one option. When that happens, it’s important to compare common functionalities, and see which one score betters in specific areas that are important for your use case. Here are some of the most important categories you could evaluate:

Real-Time Monitoring: How long does it take for the data to be displayed? Does it take 5 seconds or 5 minutes to get the latest results?
Alerting: What type of alerting does it support? Does it just support up-down or also baselines or some more advance statistics analysis?
Notifications and Integrations: What type of notifications does the tool support? What type of third-party applications does it integrate with?
Data Range: How many metrics does the network monitoring tool support? Is it a comprehensive solution that tracks all the possible parameters and metrics?
Historical Data Retention: How much historical data can it be retained? What’s the storage requirement if hosted on-premises?
Scalability: How well does the tool scale? Does it meet your organization’s scale? How complex is the configuration to achieve that level?
Platform: Does the platform support my organization environment? Is it cloud only, or can it be hosted on-premises?
Price: How much does it cost? What’s the Total Cost of Ownership?
Ease of use: How easy is it to use? Do I need specialized skills, or is it pretty self explanatory?

Conclusion on network monitoring tools

There are three types of network monitoring tools available: SNMP-based, passive, and active. Each type of tools solves a specific network monitoring function. To successfully support today’s enterprise networks, network engineering teams should adopt a tool from each category. When picking a tool, it’s important that these tools can easily integrated between themselves via API’s, or standard protocols such as SNMP, Syslog or SMTP for notifications. If you are looking for an active network monitoring solution that well integrates, try NetBeez by requesting a demo.