Monitoring IP packets statistics

In the short tutorial below, we will set up a SNMP monitor to watch the IP packets stats (delivered, discarded etc).
Click on the thumbnail pictures provided to view their full version.

Introduction

IPHost Network Monitor allows you to work with all the SNMP versions (see the section on the monitor Main parameters tab).
IPHost Network Monitor allows to monitor exact value, test if the value has changed, or whether the value is valid.
There’s a powerful MIB browser tool that allows to navigate the entire collected OIDs tree. It can be used either from “Tools” menu item…
…or by clicking Select button to the right of OID value, in on the monitor Main parameters tab.
MIB browser allows to

  • display and navigate OID hierarchy (in tree-like form)
  • set the specified elements to new values (the values that may be changed are displayed on a green background)
  • load or unload MIB files containing definitions of elements
  • search by numerical OID values or by their literal names

 

Starting SNMP services on the host

Detailed explanation how to set up, configure and start SNMP services on the host machine we are about to monitor network interface statistic on is outside the scope of this tutorial.

Note that not every device is capable of supporting IP stats parameters; make sure the device supports these statistical data first. Most network hardware, computers etc do. support those.

You should look for documentation on software packages such as net-snmp and/or firewall settings to have SNMP services be set up correctly and securely. Further on this tutorial we assume you have set up the SNMP services and the computer where IPHost Netwrk Monitor runs is allowed to connect to the device running those services.

 

Creating SNMP monitor

Let’s start to create a SNMP monitor. We add a new host for a computer (choose “New Host” from “File” menu item, or right-click on an appropriate hosts group and select “New Host”).
After the new host has been created, right-click on it and select “New Monitor”.
Select “Resources – over SNMP and SSH” category on the left and select “SNMP Custom” monitor type, and click “Next”.
On the next screen, specify the host name of the device you’re creating SNMP monitor for. If you are absolutely sure you have all the data at hand, you can also check the “Start the monitor” in the lower left corner, to activate the monitor immediately after its creation. Click “Next”.
On this final screen you can select OID to monitor, upload required MIB(s), set up threshold values to raise alerts and specify all the other parameters for the monitor. The details of setting those up are explained in the below section.

Note that while the new monitor creation wizard is running, you can’t otherwise use IPHost Network Monitor. Click “Finish” after you have completed (or if you choose to set up monitor in the “Property Editor” pane).

 

Setting up monitoring parameters

Launch the MIB browser (see above how to do that) to proceed. If you haven’t loaded proper MIB file (IP-MIB should do), the browser will not show you much useful information. Download the mentioned MIB file, click on “MIBs” button (lower left corner of the MIB browser) and look whether the required MIB is loaded already.
If IF-MIB is present in the list, just skip this step. Otherwise, make sure the downloaded MIB file is placed into %ProrgamData%\IPHost Network Monitor\mibs and click “Import” button. Select the required MIB file and click “Open”.
Now refresh MIB browser main view by clicking “Refresh” button. To find OIDs related to measuring processor load, enter word “SystemStats” to the right of “Find” label. The browser will only display those entries with the mentioned word found in their literal names.

Note: there are many parameters you can monitor. In our case, we choose ipSystemStatsInAddrErrors entry (the counter if destination IP address found in packet were considered invalid for the respectful device — i.e. “martian” addresses).

You can browse other entries from the same branch, in case they suit your case better.

Select the mentioned entry and click “OK” to return to monitor Main parameters tab.

Now let’s set up monitor so that it triggered an alarm wherever the watched martian packets counter goes too high.

Open monitor State conditions tab on Parameters/Results pane.

Warning state condition is used when the monitored parameter isn’t already acceptable, but the value isn’t that wrong to raise an alarm. Down state condition is used when it is time to raise a real alarm.

Please use your specific situation into account when setting the thresholds. In our sample, we use load value of 1000 to send a warning, and value above 30000 to make the monitor switch to Down state to indicate severe performance problem (too many wrong packets).

To learn further how to set up alerts, read Alerting and Actions section of our quick start guide.

 

What to do next?

Congratulations! You have just created your SNMP monitor to notify you when the number of packets with wrong destination is too high, thus indicating a need to investigate what device generates it and why. What to do next?
First, set the polling interval on monitor Main parameters tab to appropriate values. Most probably you won’t use the default value of 60 seconds (poll every minute) and could raise it, say, to 5 minutes.
You can modify your newly created monitor; for example, you can monitor the speed of at which the wrong packets are being received. That’s accomplished by changing counter type to “Delta” and setting performance checks accordingly (for example, warn if there are more than 50 wrong packets received during the polling interval).
Please consult the quick start guide for more suggestions and ideas on how to use SNMP monitors.


IPHost Network Monitor 5.4 build 14538 of April 21, 2023. File size: 111MB


Comments are closed.