Native Monitoring Point (NMP) in a user environment

The AppNeta Native Monitoring Point (NMP) provides low-impact active network monitoring on Mac or Windows computers. This article provides network and security personnel an overview of the product, network, and workstation considerations, and the firewall configuration required to allow it to operate.

How it works

As with all AppNeta Monitoring Points, the NMP’s monitoring engine probes a network to user-specified targets using short bursts of packets and waits for the replies. It uses information like the time the packets take to go from a source to a target and back, the delay between packets on their return, packet reordering, and the number of packets lost, to directly measure key network performance metrics (Round-trip time (RTT), Latency, Jitter, and Data loss), and to infer others (Total and Utilized Capacity). At the same time, it can determine the paths packets are taking between the Monitoring Point and its targets and determine if there are Quality of Service (QoS) changes along these paths. All of this network performance information is sent to AppNeta Performance Manager for analysis and presentation. It is important to note that the Monitoring Point does not inspect any other traffic on the network. For more information see TruPath.

Network considerations

Continuous active network monitoring averages 2 Kbps (by default, tests occur every 60 seconds) and only 10-200 Kbps during a diagnostic test (to gather additional detail when a network dysfunction is detected). For very slow speed links or networks with other restrictions like small maximum MTU size, monitoring traffic loads are automatically adjusted to minimize network impact even further.

Workstation performance considerations

Operating system requirements are as follows:

  • Windows - Windows 8.1 or newer and Windows Server 2012 or newer are supported.
  • Mac - macOS 10.14 (Mojave), 10.15 (Catalina), or 11.0 (Big Sur) are supported.

Hardware requirements are as follows:

  • Disk - 10 MB
  • Memory - 512 MB
  • CPU - 2.0 GHz processor

The NMP’s CPU usage is minimal - typically <1% for continuous monitoring.

Data security

Most performance data collected by the NMP is sent to SaaS-based AppNeta Performance Manager (hosted on AWS) over TLS 1.2 for analysis and presentation. Host and wireless metrics are the exception. This information is cached locally in an encrypted database.

AppNeta’s security, compliance, and operational control, have been independently audited and have achieved SOC 2 Type 2. For details, see our Security page.

Firewall configuration

The NMP requires access to all monitoring targets (to send test packets to) and to AppNeta Performance Manager (to send monitoring data to).

Office firewall

If the NMP is behind an office firewall, the firewall must be configured as follows:

Direction Protocol Port(s) Address(es) Comments
Outbound TCP 8080 or 80,
443
*.pm.appneta.com Access to AppNeta Performance Manager
Inbound &
Outbound
TCP 443 * Delivery monitoring
Inbound &
Outbound
ICMP     Delivery monitoring
Inbound UDP 7
33434
* Delivery monitoring
Inbound &
Outbound
UDP 3239
45056-49151
* Delivery monitoring
Outbound UDP 49152-65535 * Delivery monitoring
Outbound TCP 53 * Optional - for Path Plus testing
Outbound UDP 53 * Optional - for Path Plus testing
Inbound TCP 3236 * Optional - for Path Plus testing
Inbound &
Outbound
UDP 5060
1720
* Optional - for Voice/Video testing

macOS NMP

When a macOS NMP is not behind an office firewall, the macOS firewall (Apple menu () > ​System Preferences​ > Security & Privacy > Firewall) must be configured to:

  • Enable “Automatically allow downloaded signed software to receive incoming connections”.
  • Disable “Enable stealth mode”.

Screenshot of the macOS firewall with Automatically allow downloaded signed software to receive incoming connections enabled and Enable stealth mode disabled.

Windows NMP

When you install the Windows NMP software on a Windows machine, firewall rules are automatically added during the installation process. They are all inbound rules and include:

  • Allow ICMPv4 “Echo Reply” (Type 0, Code Any) packets to the NMP
  • Allow ICMPv4 “Destination Unreachable” packets to the NMP
  • Allow UDP packets to the NMP
  • Allow ICMPv4 “Time Exceeded” packets to any program

If the Windows NMP is to serve as a target for single-ended paths, you need to add an inbound rule to allow ICMPv4 “Echo Request” packets to any program.

FAQs

Does AppNeta monitor my browsing history?

No, AppNeta does not monitor or collect any browsing history. AppNeta creates monitoring traffic that is independent of the user and is only sent to a specific target or destination for the purpose of determining network health, speed, data loss, and other network health metrics.

Does AppNeta inspect any of my network traffic?

No, the AppNeta Native Monitoring Points for Windows and Mac cannot and do not collect or inspect any traffic payloads or information generated by the user.

What information is AppNeta collecting?

AppNeta only collects information pertaining to the use and performance of the network and the host.

Is any personal information being collected?

AppNeta only collects information about the machine and the network being used. Computer hostname, public IP address, and WiFi connection information such as channel, protocol, SSID, or BSSID.