Passive monitoring
Encyclopedia
Passive monitoring is a technique used to capture traffic from a network by generating a copy of that traffic, often from a span port or mirror port or via a network tap
Network tap
A network tap is a hardware device which provides a way to access the data flowing across a computer network. In many cases, it is desirable for a third party to monitor the traffic between two points in the network. If the network between points A and B consists of a physical cable, a "network...

. Once the data (a stream of frames or packets) has been extracted, it can be used in many ways.
  • It can be analyzed in a sniffer
    Sniffer
    Sniffer may refer to:* Packet analyzer , computer software or hardware that can intercept and log traffic passing over a digital network...

     such as Wireshark
    Wireshark
    Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...

  • It can be examined for flows of traffic, providing information on "top talkers" in a network as well as TCP round-trip time.
  • It can be reassembled according to an application's state machine into end-user activity (for example, into database queries, e-mail messages, and so on.) This kind of technology is common in Real User Monitoring
    Real user monitoring
    Real user monitoring is a passive web monitoring technology that records all user interaction with a website. Monitoring actual user interaction with a website is important to website operators to determine if users are being served quickly, error free and if not which part of a business process...

     when applied to the http protocol in web applications.
  • In some cases, http reassembly is further analyzed for web analytics
    Web analytics
    Web analytics is the measurement, collection, analysis and reporting of internet data for purposes of understanding and optimizing web usage....



Passive monitoring can be very helpful in troubleshooting
Troubleshooting
Troubleshooting is a form of problem solving, often applied to repair failed products or processes. It is a logical, systematic search for the source of a problem so that it can be solved, and so the product or process can be made operational again. Troubleshooting is needed to develop and...

 performance problems once they have occurred. Passive monitoring differs from synthetic monitoring
Synthetic monitoring
Synthetic monitoring is website monitoring that is done using a web browser emulation or scripted real web browsers. Behavioral scripts are created to simulate an action or path that a customer or end-user would take on a site...

 in that it relies on actual inbound web traffic
Web traffic
Web traffic is the amount of data sent and received by visitors to a web site. It is a large portion of Internet traffic. This is determined by the number of visitors and the number of pages they visit...

to take measurements, so problems can only be discovered after they have occurred.

While initially viewed as competitive to synthetic monitoring approaches, most networking professionals now recognize that passive and synthetic monitoring are complementary.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK