Saturday, August 23, 2008

Network Monitoring Tools:

  • tcpdump - dump traffic on a network. See discussion below.
    Command line option Description
    -c Exit after receiving count packets.
    -C Specify size of output dump files.
    -i Specify interface if multiple exist. Lowest used by default. i.e. eth0
    -w file-name Write the raw packets to file rather than parsing and printing them out.
    They can later be printed with the -r option.
    -n Improve speed by not performing DNS lookups. Report IP addresses.
    -t Don't print a timestamp on each dump line.

    Filter expressions:
    primitive Description
    host host-name If host has multiple IP's, all will be checked.
    net network-number Network number.
    net network-number mask mask Network number and netmask specified.
    port port-number Port number specified.
    tcp Sniff TCP packets.
    udp Sniff UDP packets.
    icmp Sniff icmp packets.

    Examples:

    • tcpdump tcp port 80 and host server-1
    • tcpdump ip host server-1 and not server-2
  • iptraf - Interactive Colorful IP LAN Monitor
  • nmap - Network exploration tool and security scanner
    • List pingable nodes on network: nmap -sP 192.168.0.0/24
      Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using ping.
  • Ethereal - Network protocol analyzer. Examine data from a live network.
    RPM's required:
    • ethereal-0.8.15-2.i386.rpm - Red Hat 7.1 Powertools CD RPM
    • ucd-snmp-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1
    • ucd-snmp-utils-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1
    • Also: gtk+, glib, glibc, XFree86-libs-4.0.3-5 (base install)
    There is an error in the ethereal package because it does not show the snmp libraries as a dependancies, but you can deduce this from the errors that you get if the ucd-snmp libraries are not installed.
  • EtherApe - Graphical network monitor for Unix modeled after etherman. This is a great network discovery program with cool graphics. (Red Hat Powertools CD 7.1)
  • Gkrellm - Network and system monitor. Good for monitoring your workstation. (Red Hat Powertools CD)
  • IPTraf - ncurses-based IP LAN monitor. (Red Hat Powertools CD)
  • Cheops - Network discovery, location, diagnosis and management. Cheops can identify all of the computers that are on your network, their IP address, their DNS name, the operating system they are running. Cheops can run a port scan on any system on your network. (Red Hat Powertools CD)
  • ntop - Shows network usage in a way similar to what top does for processes. Monitors how much data is being sent and received on your network. (Red Hat Powertools CD)
  • MRTG - Multi Router Traffic Grapher - Monitor network traffic load using SNMP and generate an HTML/GIF report. (See sample output)
  • dnsad - IP traffic capture. Export to Cisco Netflow for network analysis reporting.
  • scotty - Obtain status and configuration information about your network. Supports SNMP, ICMP, DNS, HTTP, SUN RPC, NTP, & UDP. (Red Hat Powertools CD)
  • Big Brother - Monitoring ans services availablility.
  • OpenNMS.org - Network Management using SNMP.
  • Nagios - host, service and network monitoring
  • Angel network monitor

Using tcpdump to monitor the network:

[root]# ifconfig eth0 promisc          - Put nic into promiscuous mode to sniff traffic.
[root]# tcpdump -n host not XXX.XXX.XXX.XXX | more    - Sniff net but ignore IP which is your remote session.
[root]# ifconfig eth0 -promisc         - Pull nic out of promiscuous mode.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)