Network performance monitoring is essential for managing a network efficiently and for ensuring reliable operation of the network. In this paper we introduce a scalable network monitoring framework,{\em (NOMAD)}, that detects network anomalies such as router overload and misconfiguration, overloaded or intermittent links and network intrusion, through the characterization of the dynamic statistical properties of network traffic. NOMAD relies on high resolution measurements and on-line analysis of network traffic to provide realtime alarms in the incipient phase of network anomalies. It incorporates a suite of anomaly identification algorithms based on path changes, flow shift, and packet delay variance, and relies extensively on IP packet header inforamtion, such as TTL, source/destination address and packet length, and router's timestamps. NOMAD can be deployed in a single backbone router or incrementally in a regional or large scale network for detecting and locating network anomalies by correlating spatial and temporal network state information.