Remote Monitoring Revisited
A thorough treatment of RMON is beyond the scope of this tutorial, but it's worth discussing the groups that make up RMONv1. RMON probes are typically stand-alone devices that watch traffic on the network segments to which they are attached. Some vendors implement at least some kind of RMON probe in their routers, hubs, or switches. "Polling and Thresholds" provides an example of how to configure RMON on a Cisco router. The RMON MIB defines the following 10 groups:
rmon OBJECT IDENTIFIER ::= {
mib-2 16
}
statistics OBJECT IDENTIFIER ::= {
rmon 1
}
history OBJECT IDENTIFIER ::= {
rmon 2
}
alarm OBJECT IDENTIFIER ::= {
rmon 3
}
hosts OBJECT IDENTIFIER ::= {
rmon 4
}
hostTopN OBJECT IDENTIFIER ::= {
rmon 5
}
matrix OBJECT IDENTIFIER ::= {
rmon 6
}
filter OBJECT IDENTIFIER ::= {
rmon 7
}
capture OBJECT IDENTIFIER ::= {
rmon 8
}
event OBJECT IDENTIFIER ::= {
rmon 9 }
RMONv1 provides packet-level statistics about an entire LAN or WAN. The rmon OID is (iso.org.dod.internet.mgmt.mib-2.rmon). RMONv1 is made up of nine groups:
- history ()
- Records periodic statistical samples from the statistics group
- alarm ()
- Allows a user to configure a polling interval and a threshold for any object the RMON probe records
- hosts (1.3.6.1.2.1.16.4)
- Records traffic statistics for each host on the network
- hostTopN ()
- Contains host statistics used to generate reports on hosts that top a list ordered by a parameter in the host table
- matrix ( )
- Stores error and utilization information for sets of two addresses
- filter ()
- Matches packets based on a filter equation; when a packet matches the filter, it may be captured or an event may be generated
- capture ()
- Allows packets to be captured if they match a filter in the filter group
- event ()
- Controls the definition of RMON events