Mike Petersen

Network Admin, Technical Writer, Programmer, GNU/Linux Fan, etc.

• Home Page
• Documents
  • Deploying Suse Linux Enterprise Server
  • Samba Server Information & Guides
  • GNU/Linux Guides
  • Networking Related Guides
  • Misc Articles I wrote
• Downloads
  • Custom Built GNU/Linux Packages
  • NIMA Virtual Machine
  • Windows SPE Templates for Samba
  • Various Network Utilities I created
  • Misc Code
• Misc / FAQS
  • Contact Information
  • GNU/Linux FAQs
  • Network Admin FAQs
  • My Resume

Network Information & Monitoring Appliance User's Guide for Version 1

Installation
Adjusting System Settings
Network Information Programs
Network Monitoring Programs

NIMA's Network Monitoring Programs

The Network Monitoring programs provided with NIMA are meant to give you an easy way to find out exactly what is happening on your network at any given time. You are able to monitor/graph any traffic travelling to/from your network, view any pictures coming into your network or record packets for future inspection.

Network Monitoring Programs provided with NIMA

NOTE: For these programs to work properly it is necessary to either make adjustments to any switches on your network or to utilize a network hub - see the Installation section of this User's Guide. It is also recommended to run this Virtual Appliance on a Microsoft Windows host, as certain GNU/Linux distributions prevent the Appliance to monitor your network.

Driftnet Image sniffer

http://www.ex-parrot.com/~chris/driftnet/

Driftnet will allow you to view *any* picture travelling to/from your network! I also coupled it with Webcollage so you can set the pictures to be viewed as NIMA's background image (as a collage).

Driftnet showing pictures being viewed on the network

Warning: This program can raise some privacy issues. I ran NIMA running driftnet as the background on a projector during a meeting and everyone's face turned quite a few shade's whiter - The Internet is not Private.

This is a very effective tool to let your users police themselves on the sites they visit. If you have a problem with users viewing pornography, this will stem their habbit.

Parents: This is also very effective at keeping your kids sticking the more appropriate web sites.

Etherape

http://etherape.sourceforge.net/

Etherape provides a nice graphical way to monitor all of the traffic on your network.

Etherape showing traffic to my website mirror

Etherape will show you instantly where all of the traffic is originating from or going to on your network. It also sorts the traffic into different colors dependiing upon what type of traffic it is - Red denotes http traffic.

Ethereal Packet Recorder

http://www.ethereal.com/

Ethereal is a very good packet analyzer/recorder. Most people won't ever need to use this, however, if you are running into network problems that you cannot sort out, this can come in handy.

Ethereal after a packet capture session

To analyze network traffic, there are no other utilities that are as good as Ethereal, I have successfully found brand new viruses and have found faulty network cards using this tool.

IP Traf

http://iptraf.seul.org/

IP Traf is console base LAN Monitor. Using IP Traf you can view various real-time reports about the traffic on your network.

IP Traf running in Traffic Monitor Mode

IP Traf allows you to view different kinds of information depending upon what mode you are running it in. You can view all traffic on your network, Network Interface information, packet-size info, etc.

NetWatch

http://www.slctech.org/~mackay/netwatch.html

Netwatch is a console utility to monitor the hosts that are communicating on your network.

Netwatch in action

Using netwatch you can quickly see what host(s) are using the most bandwidth and who everyone on your network is communicating with.

Currently there is a "bug" with using Netwatch under NIMA, sometimes it can take a few tries to get the program to launch correctly, hopefully this will be fixed in NIMA ver.2

Ntop

http://www.ntop.org/ntop.html

Ntop is a network traffic probe that provides various information through a web interface.

Viewing the local ntop Web Page

Ntop is a great way to view all of the traffic on your netwrok, including what services are using the network. The ntop implementation on NIMA runs constantly, so if you are running NIMA, then ntop is capturing data to be displayed. Simply launch the local web page using the shortcut provided in the "start menu" or click on "Local ntop" link when running firefox.

I somehow forgot the Admin password I used for Ntop, here is the instructions to reset the password:

• Open a root terminal
• stop ntop with: /etc/init.d/ntop stop
• Remove the ntop_pw.db file using: rm /var/lib/ntop/ntop_pw.db
• Run ntop so it will ask you for a password using: ntop
• Restart the Virtual Machine to clear everything.
• Logon to ntop using the web interface and the username of "admin".

Sorry for the inconvenience.

Packet Statistics

http://www.adaptive-enterprises.com.au/~d/software/pktstat/

Pktstat is a nice little utility that will give various information about all of the active packets being transfered on your network.

Pktstat showing some web, mail and CUPS traffic

Pktstat is an easy way to determine exactly what kind of traffic is on your network, as well as finding out how much bandwidth different services are taking.

Tele Traffic Tapper (ttt)

http://www.csl.sony.co.jp/person/kjc/kjc/software.html

The Tele Traffic Tapper program is an excellent utility that shows a graph of the current bandwidth your network is using. It breaks the traffic down into two graphs hosts and protocols.

TTT showing a bandwidth graph

TTT is probably the quickest way to get very accurate information on the status of your Internet Bandwidth. It is a great way to find rogue applications or p2p apps using all of your bandwidth. It is also very useful in figuring out where a network bottleneck is occuring by providing you with a protocol breakdown as well as a host breakdown.

If you have any comments or suggestions for the next version of NIMA, feel free to email me.