Network Monitoring

From ChekMate Security Group

• ANL Web100 based Network Configuration Tester http://miranda.ctd.anl.gov:7123/ tests the reliablity and operational status of your network link.
• Gomez http://www.gomez.com/ Website performance monitoring, QA, and load testing services.
• Internet Detective http://detective.internet2.edu/ is a small Windows application that offers computer users easy access to the status and capabilities of their current network connection by providing information about advanced network capabilities, including connectivity to an Internet2 backbone network, an estimate of available bandwidth and multicast capabilities.
• JetMon http://jetmon.uoregon.edu/ is a client-server link monitoring tool for NOC operations, written in Java. The server pings a list of network devices, reporting the state to the clients.
• Lachesis ftp://ftp.intel.com/pub/papers/lachesis.ps a tool from Intel to monitor and report on response time and packet loss to "landmark" Internet sites. It is based on the publically available tool Imeter ftp://ftp.intel.com/pub/ietf/ippm/.
• LinkRank http://linkrank.cs.ucla.edu/ BGP dynamics visualization tool "LinkRank" also presented at Nanog 32 at Reston, VA (http://www.nanog.org/mtg-0410/lad.html).
• mrtg http://www.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html Multi Router Traffic Grapher. Also available from OPENXTRA http://www.openxtra.com/.
• NetLogger tools to make it easy to instrument distributed applications and visualize the results. http://www-didc.lbl.gov/NetLogger/
• NetNow http://www.merit.edu/ipma/analysis/ a prototype tool providing realtime NAP & ISP backbone delay & packet loss performance statistics.
• netstat http://snowhite.cis.uoguelph.ca/course_info/27420/netstat.html
• NetStat Live http://www.analogx.com/contents/download/network/nsl.htm is a small, easy to use TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data.
• NetTest http://www-itg.lbl.gov/nettest/ Nettest is a secure, real-time network monitoring utility. The nettest framework is designed to incorporate existing and new network tests, and be run as a daemon or an interactive process. Requests for network tests are received via a SSL connection or the user interface and are authorized using an ACL list (in the future authorization using Akenti will also be supported).
• Network Diagnostic Tool (NDT) http://miranda.ctd.anl.gov:7123/ a web100 Java applet developed to test the reliablity and operational status of your desktop computer and network connection.
• ns http://www.isi.edu/nsnam/ns/index.html network simulator is a discrete event simulator targeted at networking research.
• NIST Net http://snad.ncsl.nist.gov/itg/nistnet/ allows a single Linux PC set up as a router to emulate a wide variety of network conditions.
• Ntop http://www.ntop.org/ntop.html is a Unix tool that shows the network usage, similar to the popular top Unix command.
• NOCOL http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html#Nocol
• nslookup http://www.stopspam.org/usenet/mmf/man/nslookup.html
• OWAMP http://www.slac.stanford.edu/xorg/nmtf/e2epi.internet2.edu/owamp/ One Way Active Measurement Program from Internet 2. provides one way delay measurements.
• Qcheck http://www.qcheck.net/ checks network response time, throughput, and streaming performance, by means of thin agents installed on hosts that are to be checked.
• RANCID http://www.shrubbery.net/rancid/ monitors a router's (or device's) configuration, including software and hardware (cards, serial numbers, etc), using CVS. Rancid logs into each of the devices in a router table file, runs various commands, chomps the output, and emails any differences ( sample) from the previous collection to a mail list.
• RouteViews http://www.antc.uoregon.edu/route-views/ is a tool for Internet operators to obtain real-time information about the global routing system from the perspectives of several different backbones and locations around the Internet.
• Spong http://spong.monsters.org/spong/www-spong Son of Pong (spong) is a simple system monitoring package, that will monitor system attributes and network services on a variety of machines. It will gather status reports and contact staff if there are problems. It will also summarize the information and display it via a web interface
• Sting http://www.cs.washington.edu/homes/savage/sting/ end-to-end active monitoring tool that estimates one way loss through careful manipulation and observation of TCP behavior.
• TCPtune http://moat.nlanr.net/Software/TCPtune/ a TCP stack tuner for Windows
• Zabbix http://zabbix.sourceforge.net/ is software for application and network monitoring. Zabbix supports both polling and trapping techniques to collect data from monitored hosts. Flexible notification mechanism allows easy and quckly configure email notifications for pre-defined events.

Contents 1 FTP 2 Mapping 3 Monitoring Infrastructures 4 Path Characterization 5 Ping 6 RRDtool 7 SNMP 8 Throughput Tools 9 Traceroute

FTP

• Autobuf http://dast.nlanr.net/Features/Autobuf_v1.0/ is an auto tuning-enabled FTP client and server. The client, a modification of the NcFTP Client, enables Auto Tuning to calculate optimal window sizes before files are transferred. The client is compatible with most other FTP servers. The server, a modification of the WuFtp FTP server, allows connecting clients to reset its buffer size dynamically by using a SITE option.
• bbcp http://www.slac.stanford.edu/~abh/bbcp/ a secure peer to peer file copy program supporting large windows and multiple streams. See also the presentation and the PDF paper.
• bbftp http://ccweb.in2p3.fr/bbftp/ is designed to quickly transfer files across a wide area network. The package comprises of a server and clients. It also provides compression and secures the transmission of the username and password by using the cryptolib of the OpenSSL project.
• Firehose http://heroinewarrior.com/firehose.php3 Firehose uses multiple interfaces to stripe a bulk data transfer (it's geared towards files, the home-grown protocol includes sending a filename and the client requires a file) over multiple network interfaces.
• GSIFTP http://www.globus.org/security/v1.1/ftp/install.html is an ftp client and server with built in kerberos and GSI (globus) security, and also allows you to set the TCP buffers on both the client and server.
• SafeTP http://www.cs.berkeley.edu/~smcpeak/SafeTP/ operates by installing a transparent proxy in the Windows networking stack which detects outgoing FTP connections from any Windows FTP client, and silently secures them using modern cryptographic techniques.
• NcFTP http://www.ncftp.com/ has a popular free FTP client that adds support for firewalls, intelligent ls caching, background and scheduled processing, and Microsoft Windows.
• RFT http://www-unix.mcs.anl.gov/~madduri/RFT.html Reliable File Transfer Service is a service that allows byte streams to be transferred in a reliable manner. Reliability, in this context, means that problems of less than a certain, user defined magnitude are dealt with automatically. i.e. problems like dropped connections, machine reboots, temporary network outages, etc are dealt with automatically (usually via retry) until they either resume or meet some "ultimate failure" condition
• WU-FTPD http://www.wuftpd.org/ is a popular FTP server from Washington University.

Mapping

• GeoPlot http://www.caida.org/tools/visualization/geoplot/ is a light-weight java applet which allows users to create a geographical image of a data set.
• Mapnet http://www.caida.org/Tools/Mapnet/Backbones/ from NLANR/CAIDA is a tool for visualizing the infrastructure of multiple backbone providers simultaneously (Mapnet), and for updating and correcting information that may be invalid or out of date (Mapnet Update)
• NetGeo http://www.caida.org/tools/utilities/netgeo/ is a database and collection of Perl scripts used to map IP addresses, domain names and AS numbers to geographical locations.

Monitoring Infrastructures

• Cheops http://www.marko.net/cheops/ is an Open Source Network User Interface designed to unify your network utilities.
• CycleTraders http://www.cycletraders.com/, is a cooperative network of users that gather critical information about the status of each other's website.
• Ganglia http://ganglia.sourceforge.net/ is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids.
• Mon http://www.kernel.org/software/mon/ is a general-purpose resource monitoring system, which can be used to monitor network service availability, server problems, environmental conditions such as the temperature in a room, or any number of things.
• Nagios http://www.nagios.org/ (used to be NetSaint) is an open source host, service and network monitoring program. It is designed to run under Linux, although it should work under most other *NIX variants. It can run either as a normal process or as a daemon, intermittently running checks on various services that you specify. The actual service checks are performed by external "plugins" which return service information to Nagios. Several CGI programs are included with Nagios in order to allow you to view the current service status, history, etc. via a web browser.
• NetMeter http://www.ccaba.upc.es/netmeter/ This application provides an integrated graphical interface for a set of tools that allows the measurement of QoS parameters over IPv4 and IPv6 networks. Network Performance Meter (netmeter) is an Tcl/Tk application which tries to solve these tasks in a flexible and modular way.
• Network Performance Advisor http://dast.nlanr.net/Projects/Advisor/ is a single application which integrates the measuring, analyzing, and displaying of network performance statistics.
• NIMI http://www.psc.edu/networking/nimi/welcome.html
• OSSMON http://www.crystalballinc.com/vlad/software/ossmon/ is a web-based monitoring package based on OSSWEB application framework. It supports SNMP monitoring as well as specific services like POP3, SMTP, Ping.
• PingER http://www-iepm.slac.stanford.edu/pinger/ End-to-end active measurement using ping to monitor end-to-end performance of Internet links.
• SCAMPI http://www.ist-scampi.org/ SCAMPI is a platform for passive monitoring. It can use several different hardware monitoring adapters (SCAMPI adapters developed in the project, DAG cards produced by Endace and regular NIC cards). It provides MAPI (Monitoring API) as a high-level abstraction of passive monitoring for easy creation of portable monitoring applications.
• Scriptroute http://www.cs.washington.edu/research/networking/scriptroute/ is a flexible network measurement and debugging system. Measurements are expressed as scripts that run as an ordinary user, and a priviledged daemon schedules and manages the packet exchange. The goal is to allow any user to connect to any server and execute any safe network measurement.
• Website Monitoring http://checkwebsite.org/ is a free website monitoring application released under the GPL that provides an uptime monitoring tool.
• Wombat http://wombot.net/ monitors the availability and operation of websites. When your website goes down or produces a defineable error, WOMbot will automatically notify you via SMS and Email.

Path Characterization

• ABwE http://moat.nlanr.net/PAM2003/PAM2003papers/3781.pdf Available Bandwidth Estimator.
• Bandwidth Estimation Tools http://www.icir.org/models/tools.html a compendium of tools maintained by Sally Floyd.
• Bing http://spengler.econ.duke.edu/~ferizs/bing.txt is a point-to-point bandwidth measurement tool (hence the 'b'), based on ping. You can download it from here
• Bprobe & cprobe http://cs-people.bu.edu/carter/tools/Tools.html provide measurement of bottleneck and congestion bandwidth using ping.
• Clink http://rocky.wellesley.edu/downey/clink/ is a tool for estimating Internet link characteristics.
• Nettimer http://mosquitonet.stanford.edu/~laik/projects/nettimer/ is a project to do end-to-end network performance measurement. It can listen passively to existing network traffic or actively probe the network
• Pathchar ftp://ftp.ee.lbl.gov/pathchar/ is a tool to infer the characteristics of Internet paths. There are some usage notes from CAIDA. There is also a SIGCOMM '99 paper on Using pathchar to estimate Inernet link characteristics by Allen Downey.
• PathChirp http://moat.nlanr.net/PAM2003/PAM2003papers/3824.pdf
• Pathload http://www.cc.gatech.edu/fac/Constantinos.Dovrolis/bw.html measures the available bandwidth of a link.
• Pathprobe http://www.psc.edu/~web100/pathprobe/ is a MIB tool that uses TCP and web100 to probe and characterize the path between two hosts. The goal of this tool is to run hop-by-hop tests to determine if the paths along the way are capable of supporting the desired end-to-end target bandwidth between the sender and receiver.
• Pathrate http://www.cc.gatech.edu/fac/Constantinos.Dovrolis/pathrate_tutorial.html measures end-to-end capacity
• Pchar http://www.employees.org/~bmah/Software/pchar/ an independent implementation of Van Jacobsens pathchar with more intelligible output. Available for FreeBSD, Solaris, Linux, IRIX
• Pipechar http://www.dsd.lbl.gov/OldProjects/NCS/generic/net-tools.html a tool for reporting dynamic network characteristics in particular the bottleneck bandwidth.
• STAB http://www.spin.rice.edu/Software/STAB/ short for spatio-temporal available bandwidth estimator, locate congested links on an end-to-end network path.

Ping

• fping http://rpmfind.net/linux/rpm2html/search.php?query=fping is similar to ping but is optimized to ping a large number of hosts in parallel. You may be able to download from here.
• Fpinger http://www.kilievich.com/ Visualizes your computer network as an animated screen that lets you perform administration functions, monitoring, pinging, scanning, exporting, looking for software and hardware over the network.
• FREEping http://www.tools4ever.com/products/free/freeping/ will ping all your 2003-XP-2000-NT servers (or any other IP address) in free-definable intervals. FREEping will send you a popup when one of the 2003-XP-2000-NT servers stops responding
• Just-ping http://just-ping.com/ pings from 8 locations worldwide to a host you select.
• MTR http://www.bitwizard.nl/mtr/ combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
• pathping is built into Windows 2000, it pings all nodes along a route.
• Ping 'Classic' ftp://ftp.arl.mil/pub/ping.shar and the Nikhef Ping ftp://ftp.nikhef.nl/pub/network/ping.tar.Z variant and its man page.
• The SLAC/HEPNRC PingER suite of ping tools for monitoring response time, packet loss etc. are available via the PingER Tools from the ICFA-NTF WG on Monitoring page http://www.slac.stanford.edu/xorg/icfa/ntf/tool.html.
• Pingroute.pl http://www.slac.stanford.edu/comp/net/pingroute.readme is a simple Perl script to ping all nodes along a traceroute and provide min, max, avg response time, plus packet loss analysis for 100 and 1400 byte packets. The source is freely available for SunOS, Solaris, Linux, AIX and Digital OSF1.
• TCP based pings use TCP to figure out the Round Trip Time (RTT)
  • Synack http://www-iepm.slac.stanford.edu/tools/synack/ measures the Round Trip Time to establish a TCP session using the SYN request and SYN/ACK response, allows specification of the TCP port.
  • Tping http://www.eecs.umich.edu/~azeitoun/tools.html also also can ping more than one host at a time.
• Traceping http://slacvx.slac.stanford.edu:8097/www/traceping_description.html measures the packet loss to nodes along a route.
• TRIUMF's Visual Ping http://vancouver-webpages.com/net/about-visual-ping.html provides a Web page that the user can make ping transfer rate measurements between the Web server and the browser.
• hping2 http://www.kyuzz.org/antirez/hping2.html is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping do with ICMP replies.
• Zinger http://img.cmpnet.com/windows/fixes/zinger.zip a small Perl program that pings the closest router on network and reports any loss of connection. When it detects a problem, it does two things. First, it announces the problem over the PC speakers. Then, it writes the time and date to a log file. When the connection comes back up, the program writes another entry in the log and announces the happy event over the speakers again.

RRDtool

(Round Robin Database tool) is a system to store and display time-series data.

• Bronc http://bronc.blueaspen.com/ is a package of utilities that allow you to gather and visualize data in the form of graphs. It uses RRD and is similar in function to Cricket and MRTG, though it is claimed to be faster.
• Cricket http://cricket.sourceforge.net/ is a high performance, flexible system for monitoring trends in time-series data. The collector runs from cron every 5 minutes (by default), and stores data into a file-based database managed by the RRD Tool. Later, when you want to check on the data you have collected, you can use a web-based interface to view graphs of the data.
• Host Grapher II http://software.foxlink.org/hostgrapher2/ is a light program that uses RRD to draw graphics of Hosts for Network, Processes, CPU, Memory etc. Writing addicional plugins is quite simple. Works on all major UNIX platforms and on win32.
• NMIS http://www.sins.com.au/nmis/ Network Management Information System is an SNMP polling and statistics viewer front-end to Tobi Oetiker's RRDTool.
• Orca http://www.orcaware.com/orca/ is a tool useful for plotting arbitrary data from text files onto a directory on a Web server.
• remstats http://remstats.sourceforge.net/release/releasenotes.html Remstats is a system of programs to: gather data from servers and routers, store and maintain the data for long periods, produce graphs and web-pages tieing them together, and monitor the data for anomalous behavious and issue alerts. This software is a pretty good hack to wrap around rrdtool as collector and presenter, easy to set up with not to much prerequesits. It only needs a some perlmodules and perl. Its under GPL and is able to maintain and monitor big environments.
• SmokePing http://people.ee.ethz.ch/~oetiker/webtools/smokeping/ measures latency and packet loss in your network. Uses RRDtool to maintain a longterm datastore and to draw pretty graphs giving up to the minute information on the state of each network connection.

SNMP

• Analyse It http://mechsoft1.tripod.com/ is a shareware device poller that produces graphical performance reports for devices. You use it for trend analysis. The reports are in HTTP format for global organization view ability. Enables pro active network availability, performance, reliability and utilization reporting.
• CMU SNMP ftp://lancaster.andrew.cmu.edu/pub/snmp-dist/ or for a Perl5 extension module
• STC http://serprest.pt/cocoon/serprest/tool/stc.html is a free command line tool to get and compare, side by side, SNMP tables entries from different computers. The output is always in XML format which is by default associated with a XSL script. So it can be processed later or immediately viewed with a WEB browser.
• Tricklet man pages and code
• UCD SNMP public domain tools http://www.firstlinux.com/cgi-bin/package/content.cgi?ID=7013

Throughput Tools

• bulk http://www.terena.nl/conferences/tnc2005/programme/presentations/show.php?pres_id=95 is achievable performance measurement tool (iperf-like), which allows real-time monitoring of any socket options and their members, particularly TCP_INFO option, which provides useful clues for performance debugging. You can monitor rtt, cwnd, ssthresh, retransmits, etc. down to per sent segment, if you wish. The tool does not require root access or any kernel patch (even though it works with an accompanying AIMD patch for per-socket AIMD tuning). Download
• gen_send/gen_recv http://www.citi.umich.edu/projects/qbone/generator.html a simple UDP trafic generator.
• I2perf http://www.internet2.edu/~shalunov/i2perf
• IPerf http://dast.nlanr.net/Projects/Iperf/ is a tool for measuring maximum TCP and UDP bandwidth, reminiscent of tools such as ttcp. It has been written to overcome the shortcomings of those aging tools.
• The MGEN toolset http://manimac.itd.nrl.navy.mil/MGEN/ provides programs for sourcing/sinking real-time multicast/unicast UDP/IP traffic flows.
• netperf http://onet1.external.hp.com/netperf/NetperfPage.html maintained by HP, is a general measure of performance of a network. Provides a measure of latency between request and response of generic transactions across a TCP/IP network.
• RUDE http://www.atm.tut.fi/rude/ stands for Real-time UDP Data Emitter and CRUDE for Collector for RUDE. RUDE is a small and flexible program that generates traffic to the network, which can be received and logged on the other side of the network with the CRUDE.
• Tcpspray http://www.mnis.fr/home/linux/appli/communication/tcpspray.html sends data to either the discard or echo TCP service on the specified host and prints the average throughput.
• thrulay http://www.internet2.edu/~shalunov/thrulay/ measures achievable UDP and TCP single stream throughputs (currently only supports Linix) also provides RTT estimates.
• TReno http://www.psc.edu/~mathis/ippm/ a tool to function as a basis for a formal bulk transfer metric for the Internet.
• ttcp ftp://ftp.arl.mil/pub/ttcp/
• UDPmon http://www.hep.man.ac.uk/~rich/net/tools/net_test_programs_v2-5.pdf This is a set of tools using UDP and TCP to give estimates of the request-response latency and bandwidth found in the route between the two end nodes.

Traceroute

• Gtrace http://www.caida.org/tools/visualization/gtrace/ is a traceroute visualization tool that uses a combination of methods to either determine or guess at the physical location of a node in the traceroute path. It is flexible enough to support addition of new databases, heuristics to map IP addresses to physical location and maps.
• mturoute http://www.elifulkerson.com/projects/mturoute.php is a small Windows tool to determine the path MTU between you and a specified host. In traceroute mode it will additionally show you the mtu at every hop between you and the specified host.
• NeoTrace http://www.neotrace.com/ provides graphical traceroute information.
• pathping a Windows NT utility to do a traceroute and then measure to each node along the route.
• Prtraceroute ftp://ftp.ripe.net/pride/tools/README is a version of traceroute, from the RIPE Internet Routing Registry toolset, that presents routing policy information together with the real time packet trace obtained from traceroute. It adds AS information to the normal traceroute output, making use of Routing Registry (RR) database information.
• TCPtraceroute http://michael.toren.net/code/tcptraceroute/ uses TCP to a port at the end node to do a traceroute.
• The tracepath for Linux is like traceroute but does not need superuser and has no fancy options. It does discover the PMTU along the route.
• Traceroute-nanog http://packages.debian.org/unstable/net/traceroute-nanog.html has additional features like AS lookup, TOS support, microsecond timestamps, path MTU discovery, parallel probing and others.
• VisualRoute http://www.visualroute.com/ a GUI based traceroute for Windows.