Adventures of a Network Monitoring Newbie: Understanding Network Tapping

by Ana Dumbravescu | May 1, 2018 | Insights, Network Monitoring

I really meant to write the follow-up episode of this "saga" sooner, but we've been all busy with releasing a fresh NEW website. That, as you can imagine, took a lot of work. Hours of researching and figuring out how we can improve our website structure and content, so that you all can enjoy a better online experience. I hope you like the final result, we put our hearts and souls into it.

Now, what had happened with my network monitoring adventures during this time? Besides working on the website, I've been looking more and more into network tapping. I did this because I wanted to really understand how our packet capture tools fit into the whole network monitoring process. That's why this time I'm going to write about the network tapping process, of course, all through the eyes of a newbie.

InternetResearch

Speaking about reading and researching, at the end of this article you'll find a few blogs and a book that helped me along the way. Unfortunately, there aren't so many articles or information about network tapping, network monitoring or network TAPs. But the ones that are, as you will see, provide more than enough information so that even someone like me can comprehend the ins and out of this world.

For starters, it’s important to understand what a network is. A network is made of a bunch of connected devices that can communicate with each other via a certain common transport or communication protocol. Communication in this case refers to the data transfer among users or instruction between nodes in the network, such as computers, mobile devices, output devices, management elements, servers, routing or switching devices and so on. 

Network-Monitoring.png

Now, this kind of tells you how complicated a network can be. In such a complex environment, things can go wrong in so many ways, at any given moment.

That's why the ability to control what happens on a network can't be 100%, especially when talking about complex IT infrastructures. However, companies can do their best by employing the best network engineers, choosing the best service providers, purchasing the best tools.

An efficient tapping of your online environment is one of the most important parts. It will help you collect statistics, and/or check for errors so that you can act effectively when needed. It also allows you to easily identify problems before they can affect your business and also find why something went wrong in the network.

 

It doesn’t matter if you run a small business with less than 50 computers or a large enterprise with more than 1000 servers, a continuous and efficient monitoring gives you the chance to develop and maintain a high performing network with minimum downtime.

 

Monitoring starts with tapping the data that runs through a network. That means you have to go all the way to the packet level to, for instance, see which applications or protocols proved to be malicious. In other words, tapping is at the heart of efficient network monitoring. I came to believe that products like our hardware solutions for network analysis and traffic acquisition are just as important as all other advanced security tools.

When analyzing the data, you want to capture every packet that goes through the network so that you don’t miss any important information. And network TAPs or NPBs are the only guaranteed method to get 100% of the data that passes from the network into your monitoring and security tools.

Finding the right hardware devices is essential for your network security and your data center. Read this article if you want to know what kind of monitoring tools are out there.

NetworkTapping_Newbie

Of course, network monitoring (or tapping) no longer is something bad that used to be associated with spying. It has now become a practice for every type of organisation. That happened not only because of the increasing number of cyber-attacks, but also due to the specialized and highly-efficient hardware and software out there that does a really good job. 

You see, I didn't understand at first what packets really are and why they are so important when monitoring your network (or how I like to say, keeping an eye on your data). At the packet level, you can see almost everything. From application bottlenecks to slow network communication and even catch hackers before they get to cause damages to your business.

 

Packet analysis (a technique done with software like Wireshark or our own ProfiSight) can help you solve some of the most complicated problems over your network. And a truly efficient packet analysis is only achieved with the help of products like network TAPs, packet brokers or troubleshooters.

 

Without these products, monitoring your data can't be 100% accurate. Using a SPAN, for example, will only give you parts of your data, meaning that huge amounts of traffic will be lost without you knowing if it's important or not. Check this article to see how a TAP is compared with a SPAN.

Why it's so important to have all the information and not just parts of it? Well, let's say your company goes through a massive security breach, seeing everything that goes over your network can not only prevent it from happening again in the future but can also help you analyze why it did happen in the first place. You can, therefore, understand which one of your tools unperformed or who of your employees is to blame (in 2017, studies confirmed 54% of careless workers were the root of cybersecurity breaches).

TAPsInRack-Newbie.jpg

It came as a surprise to me that even these days (when a 1.35 terabit record breaking DDoS attack just hit GitHub) companies tend to take the easy and less efficient way to monitor and analyze their data, and, therefore, not have a 100% secured infrastructure.

There are many companies that do that, unfortunately, thinking they won't be victims to virtual crimes, because they are too small or unimportant. They couldn't be more wrong. Ransomware attacks can come from everywhere, at anytime. 

To sum it up, you need packet capture devices (like our state of the art fiber network TAPs or the ProfiShark series) so that your security and packet analysis tools can perform efficiently. Not only these advanced TAPs can copy and monitor your data, but they can also protect your network when used in conjunction with intrusion systems. But more about how they help your network security tools in a next article.

Until then, keep on smiling and don't forget that it all starts with visibility.

P.S.: Read the first episode of my adventures in the network monitoring world, if you didn't already check it. 

 

 

Some blogs and books that will help you better understand the network tapping world:

 

 

New Call-to-action

 

Recent Posts