Network Monitoring Interface Card
Encyclopedia
A network monitoring interface card or NMIC is similar to a network card
(NIC). However, unlike a standard network card, an NMIC is designed to passively (and silently) listen on a network. At a functional level, an NMIC may differ from a NIC, in that the NMIC may not have a MAC Address
, may lack the ability to transmit and may not announce its presence on a network. Advanced Network Monitoring Interface Cards have features that include an ability to offload CPU intensive processing from a system's CPU, accurate time measurement, traffic filtering, and an ability to perform other application specific processing.
Organizations often use a dedicated interface for all management traffic and thus create a management network. This is done to minimize the impact on production traffic, ensure the integrity of management traffic and it helps by measuring true production traffic not the traffic generated to the act of measuring traffic. This is a separate function from NMICs that are used for data collection and processing.
NMICs are typically used in intrusion detection and prevention (IDS/IPS), lawful interception
, flow analysis, network monitoring
, and protocol analyzer
systems.
Network card
A network interface controller is a computer hardware component that connects a computer to a computer network....
(NIC). However, unlike a standard network card, an NMIC is designed to passively (and silently) listen on a network. At a functional level, an NMIC may differ from a NIC, in that the NMIC may not have a MAC Address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
, may lack the ability to transmit and may not announce its presence on a network. Advanced Network Monitoring Interface Cards have features that include an ability to offload CPU intensive processing from a system's CPU, accurate time measurement, traffic filtering, and an ability to perform other application specific processing.
Organizations often use a dedicated interface for all management traffic and thus create a management network. This is done to minimize the impact on production traffic, ensure the integrity of management traffic and it helps by measuring true production traffic not the traffic generated to the act of measuring traffic. This is a separate function from NMICs that are used for data collection and processing.
NMICs are typically used in intrusion detection and prevention (IDS/IPS), lawful interception
Lawful interception
Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications...
, flow analysis, network monitoring
Network monitoring
The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages...
, and protocol analyzer
Protocol analyzer
A "Protocol analyzer" is a tool used to capture and analyze signals and data traffic over a communication channel. Such a channel differs from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol...
systems.
See also
- TCP segmentation offloadingTCP segmentation offloadingIn computer networking, large segment offload is a technique for increasing outbound throughput of high-bandwidth network connections by reducing CPU overhead. It works by queuing up large buffers and letting the network interface card split them into separate packets...
- TCP Offload EngineTCP Offload EngineTCP offload engine or TOE is a technology used in network interface cards to offload processing of the entire TCP/IP stack to the network controller...
(TOE) - Unified Threat ManagementUnified threat managementUnified Threat Management is a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations...
(UTM) - Intrusion-detection systemIntrusion-detection systemAn intrusion detection system is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor...
(IDS) - Lawful interceptionLawful interceptionLawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications...
- Flow analysis
- Network monitoringNetwork monitoringThe term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages...
- Network tapNetwork tapA network tap is a hardware device which provides a way to access the data flowing across a computer network. In many cases, it is desirable for a third party to monitor the traffic between two points in the network. If the network between points A and B consists of a physical cable, a "network...
- Protocol analyzerProtocol analyzerA "Protocol analyzer" is a tool used to capture and analyze signals and data traffic over a communication channel. Such a channel differs from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol...
- Ingress filteringIngress filteringIn computer networking, ingress filtering is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.- Problem :...
- Egress filteringEgress filteringIn computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically it is information from a private TCP/IP computer network to the Internet that is controlled.TCP/IP packets that are being sent...
- SS7 probeSS7 probeSS7 Probe is a physical device to obtain signalling and/or bearer information from a telecommunications network, such as the PSTN or a corporate telephone system. The probe passively monitors the E1/T1 or SDH/SONET bearers, and extracts the signalling information for onward presentation to a...