How to Monitor Network Connections in Windows 10

Network device monitoring capabilities and scope

Operations Manager provides the following monitoring for discovered network devices:

  • Connection health – Based on looking at both ends of a connection

  • VLAN health – Based on health state of switches in VLAN

  • HSRP group health – Based on health state of individual HSRP end points

  • Port/Interface

    • Up/down (operational & administrative status)

    • Volumes of inbound/outbound traffic (includes abort, broadcast, carrier sense, collision, CRC rates, discard, error, FCS error, frame, giants, runts, ignored, MAC transmit/receive error, queue rates)

    • % Utilization

    • Drop and broadcast rates

    Note Ports that are connected to a computer are not monitored; only ports that connect to other network devices are monitored. You can monitor a port that is connected to a computer that is not agent-managed in the same management group by adding the port to the Critical Network Adapters Group.

  • Processor – % Utilization (for some certified devices)

  • Memory – including high utilization, high buffer utilization, excessive fragmentation, and buffer allocation failures (for some certified devices)

Note

Some monitoring capabilities are disabled by default. For more information, see How to configure monitoring of network devices.

Operations Manager supports monitoring of the following number of network devices:

  • 2000 network devices (approximately 25,000 monitored ports) managed by two resource pools

  • 1000 network devices (approximately 12,500 monitored ports) managed by a resource pool that has three or more management servers

  • 500 network devices (approximately 6,250 monitored ports) managed by a resource pool that has two or more gateway servers

Video

Capacity planning

Although the quality and bandwidth of the cable in your network is an important factor when examining capacity, traffic monitoring can’t occur directly on the wire. In order to see how much traffic passes down each link, you have to examine the throughput of the routers and switches at each end of the connection.

Information extracted from routers about traffic flows will highlight which links are overloaded and which cables have less traffic. By tracking traffic flows on your network over time, it is possible to see which links are overloaded. This information will enable you to re-organize the network topology to get better value out of your infrastructure.

Capacity planning tools need historical traffic data as input and the best source of this information comes from querying the routers on the network. Many network traffic monitoring tools also include capacity planning utilities so they can collect source information, store, and analyze it in one closed loop.

How Does Network Monitoring Work?

Networks enable the transfer of information between two systems, including between two computers or applications. The Open Systems Interconnection (OSI) Model breaks down several functions that computer systems rely on to send and receive data. In order for data to be sent across a network, it will pass through each component of the OSI, utilizing different protocols, beginning at the physical layer and ending at the application layer. Network monitoring provides visibility into the various components that make up a network, ensuring that engineers can troubleshoot network issues at any layer in which they occur.

Monitoring Network Hardware

Companies that run on-prem workloads or manage datacenters need to ensure that the physical hardware through which network traffic travels is healthy and operational. This typically comprises the physical, datalink, and network layers in the OSI model (layers 1, 2, and 3). In this device-centric approach to monitoring, companies monitor the components for transmitting data, such as cabling, and network devices such as routers, switches, and firewalls. A network device may have multiple interfaces that connect it with other devices, and network failures may occur at any interface.

How to Monitor Network Hardware

Most network devices come equipped with support for the Simple Network Management Protocol (SNMP) standard. Via SNMP, you can monitor inbound and outbound network traffic and other important network telemetry critical for ensuring the health and performance of on-premise equipment.

The Internet Protocol (IP) is a standard used on almost all networks to provide an address and routing system for devices. This protocol allows information to be routed to the correct destination over large networks, including the public internet.

Network engineers and administrators typically use network monitoring tools to collect the following types of metrics from network devices:

  • Uptime

    The amount of time that a network device successfully sends and receives data.

  • CPU utilization

    The extent to which a network device has used its computational capacity to process input, store data, and create output.

  • Bandwidth usage

    The amount of data, in bytes, that is currently being sent or received by a specific network interface. Engineers track both the volume of traffic being sent, and the percentage of total bandwidth that is being utilized.

  • Throughput

    The rate of traffic, in bytes per second, passing through an interface on a device during a specific time period. Engineers typically track throughput of a single interface, and the sum of the throughput of all interfaces on a single device.

  • Interface errors/discards

    These are errors on the receiving device that cause a network interface to drop a data packet. Interface errors and discards can stem from configuration errors, bandwidth issues, or other reasons.

  • IP metrics

    IP metrics, such as time delay and hop count, can measure the speed and efficiency of connections between devices.

Note that in cloud environments, companies purchase compute and network resources from cloud vendors who maintain the physical infrastructure that will run their services or applications. Cloud hosting therefore shifts the responsibility of managing the physical hardware onto the cloud vendor.

Monitoring Live Network Traffic

Above the hardware layers of the network, software layers of the network stack are also involved whenever data is sent over a network. This mainly involves the transport and application layers of the OSI model (layer 4 and layer 7). Monitoring these layers helps teams track the health of services, applications, and underlying network dependencies as they communicate over a network. The following network protocols are especially important to monitor because they are the foundation for most network communication:

Application Layer (Layer 7)

  • Hypertext Transfer Protocol (HTTP)

    The protocol used by clients (typically web browsers) to communicate with web servers. Primary HTTP metrics include request volume, errors, and latency. HTTPS is a more secure, encrypted version of HTTP.

  • Domain Name System (DNS) The protocol that translates computer names (such as “server1.example.com”) to IP addresses through the use of various name servers. DNS metrics include request volume, errors, response time, and timeouts.

Transport Layer (Layer 4)

  • Internet Protocol (IP) – Transmission Control Protocol (TCP)

    A protocol that sequences packets in the correct order and delivers packets to the destination IP address. TCP metrics to monitor may include packets delivered, transmission rate, latency, retransmits, and jitter.

  • User Datagram Protocol (UDP) UDP is another protocol for transporting data. It offers faster transmission speeds, but without advanced features such as guaranteed delivery or packet sequencing.

How to Monitor Live Network Traffic

Network monitoring applications may rely on a variety of methods to monitor these communication protocols, including newer technologies such as extended Berkeley Packet Filter (eBPF). With minimal overhead, eBPF tracks packets of network data as they flow between dependencies in your environment, and translates the data into a human-readable format.

Network Monitoring vs. Network Management

Network monitoring tracks the health of a network across its hardware and software layers. Engineers use network monitoring to prevent and troubleshoot network outages and failures. In this article, we’ll describe how network monitoring works, its primary use cases, the typical challenges related to effective network monitoring, and the main features to look for in a network monitoring tool.

End-To-End Visibility Into Your On-Prem & Cloud Network Watch the webinar

Top 10 network monitoring tools

Now that we’ve covered the basics of network monitoring and network monitoring tools, let’s take a look at the 10 best network monitoring tools available today.

Auvik

Source: Auvik Networks

Source: Auvik Networks

Auvik is a cloud-based network monitoring tool designed for both businesses with in-house IT staff and MSPs in mind. Auvik supports a wide variety of network monitoring protocols for network discovery and monitoring. Additionally, the TrafficInsights™ functionality goes beyond NetFlow-levels of traffic analysis by combining the power of machine learning with flow protocols.

Being a cloud-based solution means Auvik eliminates the difficulty of initial configuration associated with many on-premises network monitoring systems. Auvik makes it easy to get started with network discovery by using a lightweight collector that can be installed on-premises and in cloud environments.

Post-discovery, in addition to customizable and granular network monitoring, Auvik enables network mapping, and a variety of automated workflows including the automation of network documentation.

Additionally, Auvik supports a wide variety of integrations with everything from collaboration software such as Microsoft Teams and Slack, to IT service management platforms such as ServiceNow and FreshDesk. Their robust API adds additional extensibility and makes possible additional integrations beyond what’s already built-in.

Pros

  • Simple and fast initial configuration
  • Vendor neutral with support for 15,000+ devices
  • Wide variety of integrations
  • Cloud-based interface enables secure access from anywhere with internet connectivity
  • Enables deep network visibility and intelligent troubleshooting

Cons

  • No on-premises option
  • No free-forever tier

Top features

  • Network mapping
  • Automation of network documentation
  • TrafficInsights™ enables intelligent network traffic analysis
  • 2FA (two-factor authentication)
  • Granular access controls
  • SSO (single sign-on) support with integrations for Okta, Azure Active Directory, Google, and more
  • Inventory management with firmware and lifecycle data
  • Configuration backup and recovery
  • Robust API

Get your free 14-day Auvik trial here.

LogicMonitor

Source: LogicMonitor

Source: LogicMonitor

LogicMonitor is a full-stack cloud-based network monitoring platform used by managed service providers and enterprise customers around the globe. LogicMonitor combines network, server, and cloud infrastructure monitoring into a single platform and supports a diverse set of protocols for monitoring.

Documenting over 2,000 integrations, LogicMonitor has a diverse set of network devices, virtualization platforms, cloud, and on-premises applications and databases. Through a discovery process, it detects devices to monitor and applies monitors based on pre-configured best practices, streamlining deployment compared to many open-source alternatives.

Pros

  • Cloud-based interface enables secure access from anywhere with internet connectivity
  • Extensible platform with multiple monitoring modules available
  • Single dashboard for monitoring, device logs, and configuration management
  • Single platform that can be used across multiple teams

Cons

  • No on-premises option
  • No free-forever tier
  • Configuration management and device logs are additional licences
  • Data retention is limited to 1 or 2 years, depending on tier, and limited to 10,000 alerts

Top features

  • AIOps Early Warning System and Anomaly detection
  • LMLogs for syslog monitoring
  • Modules developed by LogicMonitor and the user community to monitor a wide range of devices

DataDog

Source: DataDog

Source: DataDog

DataDog is another cloud-based network monitoring tool known for its strong support for cloud infrastructure and DevOps workflows. To get started with monitoring, DataDog users install an agent that enables network discovery and monitoring. DataDog can monitor on-premises devices and supports most of the standard networking monitoring features such as network mapping, resource utilization monitoring, alerting, and log management.

However, where DataDog shines is cloud application monitoring and DevOps workflows. Not only does DataDog support a wide variety of integrations with platforms like AWS, Azure, Google, and GitHub, it can also integrate into DevOps workflows. For example, with DataDog, automated browser tests that check if a web application is working as expected can be integrated into CI/CD (continuous integration/continuous delivery) pipelines.

Pros

  • Advanced cloud infrastructure monitoring
  • Wide variety of integrations
  • Integrates well with DevOps workflows
  • Cloud-based interface enables secure access from anywhere with internet connectivity

Cons

  • No on-premises option
  • Expensive
  • Support for traditional on-premises hardware could be better

Top features

  • In-depth APM (application performance monitoring)
  • User experience (UX) monitoring for web apps
  • Robust API

Nagios

Source: Nagios

Source: Nagios

Nagios Core is a popular open source (released under GPLv2) platform that a variety of network monitoring and log management tools are built upon. There are a number of different tools that use Nagios, including the popular enterprise network monitoring tool Nagios X.

Nagios is a very mature and popular platform with a large community of contributions on the Nagios Exchange that include a wide variety of integrations and plugins for both on-premises and cloud infrastructure. While it’s possible to deploy Nagios in the cloud, unlike our first two options on the list, it’s not a cloud-based solution. Normally, Nagios will be installed on a dedicated on-premises server (or cluster of servers).

Note: While Nagios Core is open source, Nagios XI interface and framework is NOT.

Pros

  • Wide variety of plugins
  • Free tier for small networks (100 host and service checks)
  • Agentless and agent-based monitoring
  • Large library of plugins
  • Scalable and customizable
  • Advanced reporting features

Cons

  • Can be complex to install
  • No Nagios official cloud-hosted option
  • Interface has a steeper learning curve than other options

Top features

  • Advanced graphing
  • Autodiscovery and auto-decommissioning
  • Configuration wizards for many common network devices
  • Capacity planning

Cacti

Source: Cacti

Source: Cacti

Cacti is a free and open source (GPLv2) application that can capture data from network devices through SNMP and custom scripts. Cacti doesn’t attempt to provide all the features commercial network monitoring tools deliver.

Instead, Cacti focuses on capturing and graphing data from network devices, and it does a very good job at that. As a result, Cacti can be a great solution for users in need of a reliable solution for tracking and visualizing metrics like CPU utilization, memory, storage, and network statistics.

Pros

  • Free and open source
  • Large community
  • Focuses on one thing (graphing) and does it well
  • Scalable to thousands of devices

Cons

  • Installation can be complex
  • Lacks many advanced features

Top features

  • Highly customizable graphing
  • Custom scripts for data capturing
  • SNMP support
  • Ability to define granular user permissions

Zabbix

Source: Zabbix

Source: Zabbix

Zabbix is another GPLv2 open source network monitoring tool. Zabbix is designed to be an enterprise-grade solution. This means it’s feature-rich, secure, scalable, and performant. It’s capable of monitoring effectively any cloud or on-premises network device. It also means that the installation, configuration, and management of Zabbix can become complex, particularly for smaller teams.

Pros

  • Free and open source (with options for paid commercial support)
  • Scalable and performant
  • Highly flexible and customizable
  • Agent-based and agentless monitoring

Cons

  • Can be complex to install and manage
  • Documentation can be lacking

Top features

  • Network maps
  • Customizable data-rich dashboards
  • Agentless and agent-based monitoring
  • Support for a wide variety of protocols including Modbus and MQTT for IoT
  • Automate responses to problems (e.g. reboot a host)
  • High availability and clustering

PRTG

Source: Paessler

Source: Paessler

PRTG is a popular network monitoring tool from Paessler. This network monitoring tool can be deployed on-premises on a Windows server or hosted in the cloud. The monitoring paradigm and pricing structure with PRTG is based on the concept of sensors. A sensor is a single monitored datapoint on a device. For example, if you monitor one router using ping, an SNMP GET for CPU utilization, and an SNMP GET for system uptime, that counts as three sensors.

One major upside of PRTG is how quickly users can go from installation to monitoring devices. For example, even before inputting credentials, PRTG can discover many network nodes and will configure them with default sensors such as a ping sensor.

Pros

  • On-premises and cloud deployment options
  • Free tier (100 sensors)
  • All features are built-in, no need for plugins
  • Autodiscovery and default alert configurations streamline initial configuration

Cons

  • Sensor-based pricing model
  • Some user interface issues (e.g. selecting multiple devices/objects)

Top features

  • Autodiscovery
  • In-depth reporting
  • Network mapping
  • Customizable dashboards
  • Sensor recommendations

SolarWinds NPM

Source: SolarWinds

Source: SolarWinds

Despite recent security concerns as a result of a large-scale code hack, SolarWinds NPM (Network Performance Monitor) is one of the most popular network monitoring tools available today, and for good reason. NPM offers a wide variety of advanced network monitoring, analysis, and reporting features along with an intuitive user interface. For example, during network discovery, NPM will automatically group known devices together by vendor in an easy-to-navigate tree view on the default dashboard.

Pros

  • Intuitive user interface
  • Support for a wide variety of devices
  • Robust reporting features
  • Detailed inventory automatically created after SNMP discovery<
  • Large user community

Cons

  • Maintaining and scaling Windows server infrastructure required for SolarWinds can be complex
  • Using SolarWinds Query Language (SWQL) for reporting has a steep learning curve
  • No free-forever tier

Top features

  • Dynamic network mapping with Network Atlas
  • Performance analysis with PerfStack
  • Advanced alerting
  • Wi-Fi heat maps
  • Customizable alerts

Netcrunch is a lesser-known network monitoring tool, but has an intuitive user interface, a number of advanced features, and can scale to monitor over one million parameters on a single server. In addition to the SNMP-based discovery and monitoring you’d expect, Netcrunch supports flow protocols, mapping, scripting, and APIs.

Pros

  • Intuitive interface
  • Simple to install
  • Competitive pricing for the feature set

Cons

  • No cloud-hosted options
  • No free-forever tier

Top features

  • Network maps
  • Port mapping with VLAN support
  • Traffic monitoring
  • Over 8,700 precompiled SNMP MIB (management information base) files included

Observium

Source: Observium

Source: Observium

For SNMP-based network monitoring, Observium can be a great choice. It offers excellent auto-discovery and mapping features and supports a wide-range of devices by default. While there’s no official cloud hosting, the Turnkey Linux version can be deployed on Amazon EC2. Additionally, Observium offers traffic accounting functionality to help service providers simplify customer billing.

The community edition of Observium is free and open source while the professional and enterprise editions require a paid subscription. If you like Observium but have reservations about the licensing, check out LibreNMS which is another popular open source network monitoring tool that started as a fork of the Observium project.

Pros

  • Free community edition
  • Turnkey Linux option
  • Easy to get started
  • Intuitive user interface
  • Support for a wide variety of SNMP-enabled devices

Cons

  • Many advanced features require enterprise edition
  • Different licenses for community vs professional and enterprise edition source code

Top features

  • Network mapping
  • Excellent autodiscovery feature
  • RESTful API
  • QoS (Quality of Service) metric reporting
  • Automatic grouping
  • Traffic accounting

Network Monitoring Tools

Software-as-a-service (SaaS)-based solutions, such as Datadog, break down silos between engineering teams and bring a holistic approach to network monitoring. Datadog’s network monitoring products unify network data with infrastructure, application, and user experience data in a single pane of glass.

Network Device Monitoring (NDM) autodiscovers devices from a wide range of vendors and lets you drill down to monitor the health of individual devices. You can even proactively monitor device health with anomaly detection monitors for bandwidth utilization and other metrics.

Network Performance Monitoring (NPM) provides visibility into the rest of your network stack and analyzes traffic in real time as it flows across your environment. Teams can monitor communication between services, hosts, Kubernetes pods, and any other meaningful endpoints—not just IP connection data. And by tying network metrics together with other metrics and telemetry data, teams have rich context to identify and resolve any performance issue anywhere in their stack.

Datadog provides end-to-end network monitoring across cloud, on-premise, and hybrid environments.

For additional insights from the perspective of end users, you can use Datadog Synthetic Monitoring. Synthetic tests allow you to determine how your APIs and web pages are performing at various network levels (DNS, HTTP, ICMP, SSL, TCP). Datadog alerts you to faulty behavior, such as a high response time, unexpected status code, or broken feature.

Tags