Keep Tabs on Your Network Traffic

Is your network running at optimum performance? If you can't answer that question, you should check out the network monitoring tools included with Windows Server 2003.

 By Drew Bird
Page 1 of 2
Print Article

Every good network administrator knows that in order to achieve optimum operation, servers must be monitored to see that vital stats stay within acceptable limits. However, while it is common practice to monitor hardware components such as memory, processor and hard disk usage inside the server, network traffic monitoring tends is often overlooked. A server's network interface is its connection to the outside world and shouldn't be ignored. Even the most powerful server available will appear to drag its heels if the network interfaces are not up to par.

Some larger organizations invest a lot of money in network traffic monitoring applications. However, before you spend tens of thousands of dollars, you should investigate network monitoring functions provided by the tools included with Windows Server 2003.

That is not to say that there isn't a place for third-party network management applications, but, depending on your needs, there is no reason why you can't implement a solid network traffic monitoring policy with the tools you already have.

Why Network Management
Network monitoring allows you to answer three fundamental questions that are important elements of your network management strategy.

  1. It lets you determine how much traffic is traveling over the network interfaces, and whether this amount is easily accommodated.
  2. It allows you to see what kind of traffic is being sent to and from the server, and thus determine to what extent each traffic type is responsible for network interface load.
  3. It allows you to identify who is using the services of the server. This can allow you to more effectively plan server placement on the network.

Performance Monitoring at Work
Here's a simple example of how traffic monitoring tools can help you in network planning. Imagine you have a server that is hosting both a Web server and an FTP server application. Your users are complaining that Web server response is sluggish, yet you know from monitoring the processor, memory and storage elements of the system, that the server, if anything, is underutilized.

By monitoring the network traffic, you determine that there is a very high volume of FTP traffic. As a result, traffic to the Web server is being delayed. You also determine that many of the FTP requests are coming from a small group of users in the publishing department, located some four hops away on the network. Armed with this information, you could look at either relocating the application to a server closer to the publishing department, or determine if physically moving the server nearer to the users is more practical.

Tools of the Network Trade
Windows Server 2003 features three basic tools for monitoring network traffic — Task Manager, Performance Console and Network Monitor. (In this article, we take a look at Task Manager and Performance Console. We'll dig into Network Monitor in the next installment of our look at network monitoring tools.)

For a complete look at your network, System Monitor lets you to view statistics on a range of components, software elements and protocols.

Task Manager is by far the most basic of the three. It provides only real-time monitoring. There is no logging capability, making its usefulness as a proactive monitoring tool somewhat limited. The information provided in Task Manager is also basic. Only a network utilization figure, expressed in a percentage, is shown. From the perspective of designing a network monitoring strategy, this information is not detailed enough to be of much use.

The Performance Console, however, is much more powerful, and has the advantage of providing the capability to record information for later comparison. Collecting network traffic statistics with Performance Console allows you to build a history of network traffic statistics for your servers. These statistics can later be used for comparison.

You access the Performance Console on Windows Server 2003 via the Administrative Tools program group and has two distinct utilities within it — the System Monitor and Performance Logs and Alerts.

System Monitor is a real-time monitoring tool that allows you to view statistics on a range of components, software elements and protocols. Each of these is referred to as a Performance Object. Each Performance Object then has a set of counters associated with it, allowing you to monitor specific elements of that object.

Counters allow you to monitor components, software elements and protocols.
The sheer variety of counters allows you to break down your monitoring with a high degree of granularity. For example, you can monitor the total amount of data sent over all interfaces or the number of Internet Control Message Protocol ICMP source quench packets that have been received.

Many of the counters are ideally suited to tracking down network traffic issues, such as identifying how much DNS traffic is being sent or received by the server. In fact, the DNS Performance Object has more than 60 counters associated with it.

This dizzying array of counters includes the capability to measure traffic associated with incremental or full zone transfers, information on failed or successful recursive queries, and secure update failures. Other Performance Objects like Network, IPv4 (or IPv6 if you are an early bloomer), and the aforementioned ICMP offer similarly detailed counter lists.

Continued on Page 2: It Pays to Keep a Steady Count

This article was originally published on Mar 18, 2004
Get the Latest Scoop with Networking Update Newsletter