Design and Implementation of Test IP Network
Intelligent Monitoring System Based on SNMP
Jianwu Zhang
Tianjin Railway Technical and Vocational College
Tianjin, China
Zjw63@163.com
Abstract—Network monitoring system plays an important
role in ensuring network security and maintaining network
stability. Based on the thorough study of the application of the
simple network management protocol (SNMP), a network
intelligent monitoring model for test internet protocol (IP)
network is designed, and a network monitoring system is
developed. The system can realize the network equipment
operation state monitoring, equipment performance monitoring
and fault monitoring function in test IP networks at the same
time. Meanwhile, the network monitoring system can realize
remote real-time status query, fault alarm, network equipment
maintenance tips and other functions. This system can discover
the existing problems in the network during the process of real-
time monitoring, and then provide the decision reference for the
network managers to make trouble shooting and network
maintenance by expert database to ensure the security and
stability of the whole network.
Keywords—network monitoring; SNMP; expert database; test
IP network
I. INTRODUCTION
Test IP network undertakes the information interaction
between the remote measurement equipment and command
center in the vehicle test [1]. With more and more complex of
the vehicle test, test IP network needs to manage the nodes and
data is more and more large, and the requirement of real-time,
security and stability of the network system is more and more
high. At present, there is still a lack of complete technical
means to monitor the IP network and the network device itself
command line monitoring method is universal used, which is
not intuitive enough. Furthermore, this method can only be
used to solve the problem of passive query. In view of the
current situation of the test IP network, it is urgent to establish
a set of network monitoring system. Based on the study of the
application of SNMP in network monitoring [2], this paper
designs and develops a set of monitoring system which is
suitable for the test IP network. The system can realize the
network equipment operation state monitoring, equipment
performance monitoring and fault monitoring function in test
IP networks at the same time. Meanwhile, the network
monitoring system can realize remote real-time status query,
fault alarm, network equipment maintenance tips and other
functions. This system can discover the existing problems in
the network during the process of real-time monitoring, and
then provide the decision reference for the network managers
to make trouble shooting and network maintenance by expert
978-1-4673-8979-2/17/$31.00 ©2017 IEEE
database to ensure the security and stability of the whole
network. The structure of the paper is as follows, the SNMP
network management protocol is introduced in section 2, based
on which the design of test IP network monitoring system
model based on SNMP is discussed, and then the
implementation of test IP network monitoring system is
proposed in section 3. At last, the conclusion of the test IP
network monitoring system is summarized.
II. SNMP NETWORK MANAGEMENT PROTOCOL
SNMP is based on the management of the working
end/agent model and the computer which running the network
management system (NMS) is usually a network management
workstation. Agent is a process that runs on a network device
and management workstation to get network equipment
working status and performance through agency inquiries. The
agent is responsible for handling and responding to requests
from the management station, and reporting the major events to
the management station. The management station can receive
the Trap message sent by the agent, and the Trap message is a
message sent to the management end by the agent who has
important relations between the local and the network state.
The destination address of Trap needs to be specified in
advance at the proxy. The management terminal first analyzes
the information in the Trap information, and then judges the
events and monitors the working status of the network interface
to achieve real-time communication line monitoring network,
which can implement the purpose of understanding the line
status in time. The network devices running the agent network
are routers, switches, host and other equipment. The network
management system in the network can monitor the device
which enabled the SNMP protocol, which is the central
nervous system in the whole network and the expert database
can be stored here. Network monitoring system is the
combination of software and hardware.
Network monitoring is the network management personnel
obtaining all kinds of network equipment network information
through the network monitoring system and the process of
analyzing and processing the information. In the use of SNMP
protocol for network management, the introduction of the
management information base (MIB) is a standard document,
which describes the query information that the agent can
provide for the management of the workstation. Usually the
network device MIB document is divided into standard MIB
document and private document. The standard MIB document
2124
is led by internet engineering task force (IETF), while the
private MIB document formulated by a network device GetRequest GetRequest
manufacturer, which defines the specific management
information described in the device support. GetNextRequest GetNextRequest
㖇㔒㌱
The proposed network monitoring system can implement 㖇㔒ⴇ 㔕㻡㇗
real-time monitor all the network device interface in the test IP ⎁㌱㔕 SetRequest 䇴༽ԙ SetRequest
network, such as interface name, interface status, interface flow, ㇗⨼ㄥ ⨼ㄥ
etc. The data of real-time and historical interface flow can be GetResponse
GetResponse
query and send to expert database to judge the health of the
network system. At the same time, the design of the Trap
Trap
message processing module can receive the Trap message sent Trap
by the network equipment in real time.
Request
Dynamic UDP
III. DESIGN OF IP NETWORK MONITORING SYSTEM MODEL UDP Port Port 161
UDP Response UDP
BASED ON SNMP Dynamic
UDP
The IP network monitoring system based on SNMP Port 162 UDP Port
includes active query model, event wait model and SNMP Trap
query operation. In the network monitoring system based on IP layer IP layer
SNMP, the network management module of the network
system performance monitoring, network equipment condition Bottom network interface Bottom network interface
monitoring and so on, can take the initiative inquiry way to
realize the management of the network system. It is connected
to an IP network management workstation running on the
network management system, the timing of the query NetWork
information sent to the network equipment specified, return to
the management end to query information from the network
equipment agent. Network management system operator
chooses the network equipment which needs to be monitored Fig. 1. Schematic diagram of SNMP network management system model
through the network communication module to send the
request to the remote agent on the network equipment, and to SNMP is a kind of communication protocol [4], which
wait for the return of the query result. After receiving the solves the format of interaction information and the time
request, the agent sends out the instruction to execute the query sequence of information exchange between communication
request. The proxy side is waiting for the result of the query, entities. The defined PDU in the communication protocol
and the result is returned to the system through the network common includes five formats SNMP PDU, which are the
communication module to send the results of the query. The query and setting operation PDU that the management end
management end can process and analyze the return send to the agent, the response PDU of the agent and the Trap
information and show the processing results through the PDU that the agent report the local event to the management.
window for network managers to use.
The query PDU can be implemented by Get operation,
In the network monitoring system based on SNMP, the which a query PDU is sent from the management monitoring
network event processing can take the way of event waiting. end to the agent. The query PDU can request querying the
The network management system is run on the management value of one or more instances of an object in the management
workstation which connected to the IP network and waiting for workstation. In the query operation, once the object instance of
the Trap information send by the network equipment. The OID is determined, the query is carried out by PDU
monitoring system opens SNMP services and Trap settings for GetRequest command. GetRequest command is one of the
the network device needing monitor and register the IP address most frequently used in the SNMP, which is the basic way to
of the management and network port in the monitoring get the management information from the network equipment
software. When an open service network device has an and it is a common way to inquire the specific information.
abnormal event occurs, such as a change in the interface state GetNextRequest command can get the value of the next object
of the switch, the network device will initiative send Trap of the current object from the SNMP agent of a network device,
information to the management end which has registered. and often use this command to traverse an object tree or a table.
When the management end receives the sent Trap information If the agent enables the correct configuration of the Trap, once
of the network equipment, the received protocol data unit the relevant network events occur, the agent will send the
(PDU) message will be decoded [3], based on which the corresponding Trap to the destination host. When the operation
specific circumstances of the incident will be analyzed. status change of a network interface is monitored at the agent
Furthermore, the network management personnel can receive a end, the Trap message of the network event is reported to the
warning through the pop-up window so as to solve the management side to take the initiative to inform the abnormal
abnormal situation occurred in the network, and timely solve event of the device in the network management system.
network problems may occur. The management system model Therefore, the management monitoring system can real-time
is shown in Fig.1.

2125
track the whole network and the network manager can handle
the network event in time.
IV. IMPLEMENTATION OF TEST IP NETWORK MONITORING
SYSTEM
The test IP network monitoring system [5] mainly includes
performance monitoring of network equipment, the network
event processing in monitoring system and the network
equipment state monitoring. The main problems caused by the
change of the performance of the network equipment are the
high utilization rate of the system memory and high utilization
rate of CPU. Therefore, the test IP network monitoring system
is designed to monitor the CPU utilization of network
equipment, system memory share parameters of the function,
in order to achieve the ability to monitor network performance.
In the software design, the utilization rate of CPU and
memory can be obtained by data timing thread which is created
according to the timer queue. The time interval is 1 minutes.
The utilization rate of CPU and memory can be real-time
collected and recorded, which will be stored in the database for
further analysis. The data can be display as curve to show the
performance of the device. Meanwhile, a separate thread is
created to real-time shows the utilization rate of CPU and
memory. The processing flow of monitoring equipment
performance is shown in Fig.2.
Winsock initialization
SNMP class initialization
SNMP class query
No
Success Exit
Yes
Data storage
Fig. 2. Flow chart for monitoring the performance of equipment
Data collected function can be implemented by the function
GetCpuMem(CString &ip, CString &community, CString
&oid1, CString &oid2, CString &oid3, unsigned long&r1,
unsigned long &r2,unsigned long &r3) and the code of this
function can be given by
//winscok initialization
Snmp::socket_startup();
......
2126
status = snmp.get(pdu, *target);
pdu.get_vb(vb,0);
vb.get_value(r1);
pdu.get_vb(vb,1);
vb.get_value(r2);
pdu.get_vb(vb,2);
vb.get_value(r3);
//close winsocket
Snmp::socket_cleanup();
The data of utilization rate of CPU and memory is
processed by timer function, and then the real-time
performance and historical performance are shown by display
device. The thread which can handle the Trap message is
created, and then the Trap message can be active transmitted
through the SNMP network. The Trap message can be
centralized processing and the results of the analysis will be
sent to user in time. The network event processing flow is
shown in Fig.3.
Winsock initialization
SNMP object created
Trap message thread created
Trap message processing
Results analysis
Fig. 3. The network event processing flow
The network management system provides the equipment
information configuration management function mainly
includes: equipment network interface information, equipment
interface flow information and other main equipment
information. When the user selects the equipment in the list
needing monitor, the display device can show the interface
index, the name of the interface and the interface information,
such as the state, the flow rate and the statistical time etc. the
network equipment monitoring flow is shown in Fig.4. The
network equipment monitoring implement by the detection
thread which is created according to the timer sequence. In the
initialization stage, it needs to obtain the IP address of the
equipment at first. Also the network interface index, the name
of the interface and the initial state of the interface must be
configured. This information can be collected and processed
according to the network event processing flow. Meanwhile,
the processing results and the data must be stored to the The interface traffic query can be implemented by the
database for expert statistic. function of SNMP class, such as GetNext() function. The query
results is stored in the form of a variable, which is a
Interface infomation CStringArray type variable. the detail code can be given by
configuration
status=snmp.get_next(pdu, *target);
pdu.get_vb(vb,0);
Get IP adress MIB document reply_oid=vb.get_printable_oid();
reply_value=vb.get_printable_value();
……
Value.Add(reply_value);
Initialization work
Once the state and traffic query of the interface is
completed, the real-time monitoring data can send to the
database as the part of the historical data. For the test IP
Winsock object SNMP object UDP object network, the fault state can be divided into several categories
based on the analysis of the historical data. Thus the processing
results of the real-time monitoring data can provide the fault
state type to the network managers by comparing with the
Object created
expert system. Also the real-time collected data is taken as
historical to add the information for expert system to correct
and improve the fault categories. As a result, the network
Interface state query manager can find and judge the network fault in time and
maintain the network in time.

V. CONCLUSION
Interface traffic query
This work proposed a test IP network monitoring system
based on SNMP. The application of SNMP in the network
management is deeply studied and the characteristics of the test
Database IP network are analyzed, and then a test IP network monitoring
system based on SNMP and database technology has is
designed and implement on VC++6.0 platform. The historical
and the real-time collected data are stored in the database. The
Expert system
expert system is established according to the historical data of
the test IP network, and the network fault classification can be
used to the real-time collected data of an equipment to provide
Display device real-time monitoring of the test IP network. The system
provides for real-time monitoring of complex network
operation means for network management, through the system
Fig. 4. The network equipment monitoring flow administrator can discover network problems, improve the
reliability and stability of IP network test.
In the interface state query module, it needs to initialize the
SNMP and Winsock and constructed the object of SNMP and REFERENCES
UDP address. The function GetPort(CString &ip, CString
&community, CString &oid_port) can complete this work, the
[1] ;Liu, H. Liang and Z. X. Xuan, “Telemetry vibration signal anomaly
detail code can be given by detection method based on the fuzzy entropy of wavelet modulus
maxima,” Journal of Vibration and Shock, Vol. 35, No.6, pp. 147-151,
ĂĂ 2016.
Snmp::socket_startup(); [2] N. Zhang, X. S. Qiu, “Research and implementation of telecom netwrok
//construct the address object management architecture based on Web services,” Application Research
UdpAddress address((LPCTSTR)ip); of Computers, Vol.25, No.6, pp. 1882-1885, 2008.
address.set_port(161); [3] C. Y. Xie, W. M. Li, “Research on PDU standard in the DIS-based
//construct OID object command training & simulation system,” Journal of Air Force
Oid Baseoid((LPCTSTR) oid_str); Engineering University (Natural Science Edition), Vol.3, No.1, pp. 69-
62, 2002.
snmp_version version=version1;
Snmp snmp(status, 0, false); [4] W. Gao, C. Y. Xiao, “Design of infrared alarm system based on GSM
and PDU encoding process,” Wireless Internet Technology, Vol.12, pp.
//construct PDU 19-20, 2014.
Pdu pdu; [5] A. M. Wei, H. B. Wang, Y. Lin and S. D. Cheng, “The achievements of
Vb vb; bandwidth measurement techniques in IP networks,” Acta Electronica
vb.set_oid(Baseoid); Sinica, Vol.34, No.7, pp. 1301-1310, 2006.
pdu += vb;

2127