Network Information & Monitoring Appliance User's Guide for Version 1
Installation
Adjusting System Settings
Network Information Programs
Network Monitoring Programs
NIMA's Network Information Programs
The Network Information programs provided with NIMA are meant to give you an easy way to "map" out your network, ensure your servers are not vulnerable and to ensure that your network is working correctly.
NIMA's Network Information Programs
Cheops-ng
http://cheops-ng.sourceforge.net/
Cheops-ng is a tool to map out your network - find out what computers are on your network and what OS they are running.
Cheops-ng mapping out a network
To get started with Cheops-ng first launch the "Cheops Agent", this is a small "server" program that the Cheops-ng client program connects to. Then launch the Cheops-ng client program. When it asks for a computer to connect to, simply enter either the IP of your NIMA machine, or simply enter "127.0.0.1". Once the "client" is running, select "Viewspace" - "Add Network".
Once the dialog appears, you must enter a network - An example network would be Network="10.0.0.0", Netmask="255.255.255.0" - then click OK. What cheops will do is query all the hosts on the network, then find out what OS the hosts are running. Once you are finished using Cheops-ng, simply close the client, then close the xterm that is running the Agent.
Cheops-ng does offer some other features, such as host portscanning, but other programs are probably more suited for these tasks.
GNOME Network Tools
http://www.gnome.org/projects/gnome-network/
GNOME Network Tools provide a nice graphical interface to commonly used network diagnostic utilities.
GNOME Network Tools
The Devices Tab provides basic information about your network adapter, IP Address, Hardware MAC, Transmitted and Recieved bytes, etc.
The Ping Tab provides a nice gui interface to the Ping command, simply enter either an IP Address or a hostname and the appliance will send out packets to that address to see if and how fast the reply occurs.
The Netstat Tab provides a quick way to find out the routing table, active network services and the multicast info for the Virtual Appliance.
The Traceroute Tab provides an easy way to find out exactly which computers (and the speed of the computers) are located along the path to a remote address (or hostname). The screenshot above shows a traceroute in action.
The Portscan Tab allows you to scan the ports of any computer to see which services are available from that computer. Note: ensure you are in charge of the computer you are scanning, or have the permission of the person in charge. It is very "rude" to do a portscan of someone elses computer. If you need to scan an entire network of computers please use the NMAP port scanner (see below).
The Lookup Tab provides a nice gui frontend to tools that allow you to query DNS Servers. This is an invaluable tool to troubleshoot any DNS problems you may encounter.
The Finger Tab allows you to query any "Finger" server you need to talk to (this is a somewhat older service that isn't in use too much anymore).
The Whois Tab allows you to gather any information about who is the owner of a certain Internet Domain (such as pcc-services.com).
Nessus Security Scanner
The Nessus Security Scanner provides an extremely easy way to ensure that your servers do not contain any known vulnerablities in it's software.
Starting a Scan with Nessus
When you first launch Nessus, you are required to "login" to it, the username and password you need to use is "vmware" (for both). Once you are logged in, simply go to the Target Tab and enter either the IP Address or the hostname of whichever server you want to scan. Note: you can scan an entire network, for example the target could be "10.0.0.0/24" which would scan any computers at IP addresses 10.0.0.1-10.0.0.254.
Viewing a Nessus Report
After the scan, please do not be alarmed if some items come up! Nessus will report various items as warnings even if you simply have a service running on a particular port. Go through the entire report and see if you need to "patch" any services or simply disable any services. Be especially concerned with any server that is directly connected to the Internet.
NetDiscover - IP/MAC Info
http://nixgeneration.com/~jaime/netdiscover/
Netdiscover provides an easy way to find out what computers are on your network and find out what their IP - MAC address is.
Netdiscover showing results of a scan
To use Netdiscover you can simply lauch the application and it will watch the network for hosts. If you want quicker results you can set it to only scan your network, to do this open a "root terminal" (under Misc. Programs) then type in "leafpad /usr/share/bin/start-netdiscover", this will open a text editor to edit the launcher:
Now where it says "xterm -geometry 80x42 -e /usr/bin/netdiscover -r 10.0.0.0/24" - change the "-r 10.0.0.0/24" to whatever IP range your network is using. Now simply launch the app using the "start menu" and the program will now scan the IP range you entered.
NMAP Port Scanner
NMAP is a fully configurable Port Scanner. It is used to query every port on the target and give information about what is available on the port.
NMAP showing the results of a scan
With NMAP you can configure it to scan your entire network, simply use the following as your address "10.0.0.0/24", where 10.0.0.0 is your network range and /24 is the netmask (255.255.255.0 translates to 24).
NOTE: Again, ensure you either control or have permission to scan any computers, it is very "rude" to do a portscan without permission.
Next - NIMA's Network Monitoring Programs
