software

The software is responsible for creating and sending the activation packets that are used to start the monitoring of the network. A
user will send an activation packet out into the network containing the details about the packets they want to monitor and gather.
The user does not need to know the location of the SCNM hosts due to the fact that all hosts listen for packets. Based on the
information that is within the activation packet a filter is set up within a data collection daemon that is also running on an endpoint.
The network and transport layer headers of packets that correspond to the filter are collected. The filter will automatically time out
after a specified amount of time unless it receives another application packet. The packet capture daemon which runs on the SCNM
host uses a tcpdump like packet capture program in order to receive requests and to record the traffic that corresponds to the
requests.
When a problem is detected by the passive monitoring tools, traffic can be generated using the active tools, allowing one to collect
additional data to further study the problem. By having these monitors deployed at every router along the path, we can study only
the section of network that seems to be having the problem.