Mind the Ether with Network
Monitors for Windows and Linux
The wise network admin employs an array of tools to monitor network activity. There are almost as many monitoring apps as network admins, here are some I've found to be useful and versatile. I like color pictures and graphs, you can't beat scary little red icons for quickly identifying trouble spots.
A note on downloading: please be sure to use any method offered to verify the file integrity and authenticity of your downloaded files. MD5 is a common checksum utility, it works on many platforms, including Linux and Windows. Youll often find MD5 signatures in ftp directories, next to their associated files, or in the download instructions on the vendor's Web site. Simply put the MD5 executable in the same directory as your downloaded file, change to that directory, then type
There may be an extended period of nothing happening before it reports the result. An MD5 signature is a long string of letters and numbers, like
If the signatures don't match, most likely the download is corrupted, just try it again. Worst case is the ftp server has been compromised by a malicious user.
Big Brother operates in real time. It displays the information in both HTML and WML, for display on Web pages, and on WAP-enabled devices, such as wireless phones and PDAs. It uses standard client-server architecture, for networks or single machines. To monitor a single machine simply install the server and client components on the same machine. Use it to monitor CPU status, disk quotas, services, databases- it even comes with a hook for MRTG, Multi-Router Traffic Grapher, for monitoring bandwidth. One very nice use for BB is monitoring your Service Level Agreements- you'll see quickly if they are not being kept, and have the data to prove it.
Out of the box, Big Brother supports a wide range of testing and reporting; it also supports creating additional plug-ins, written in the language of your choice. It supports email paging, alpha-numeric paging, or even write a custom module for the alert notification of your choice.
Of course, Big Brother uses port 1984, officially assigned by IANA, Internet Assigned Numbers Authority.
The documentation is good, here are a few important points:
On Unix/Linux, it must be installed from source. If you're not comfortable with this, check the documentation for your OS, also see the Resources section below. Install Big Brother as root, but do not run it as root. Create a user account just for Big Brother, call it anything you like, as long it is not root. You might want to restrict access to BB's Web or WAP pages, and definitely restrict incoming connections to authorized IPs only, via /etc/security.
MRTG, The Multi-Router
Warning: CERT has issued an alert concerning multiple vulnerabilities in SNMP. As SNMP is widely used, chances are your network is affected. Please see http://www.cert.org/advisories/CA-2002-03.html for details.
One of its nicest features is the efficient way it limits log file size, without losing data. The uses for MRTG are limited only by your imagination. Some users have adapted it to monitor:
MRTG works on Unix/Linux/BSD, and Win32.
The LAN station monitor tracks nodes by their MAC addresses. As MAC addresses are a bit difficult to relate to, IPTraf allows assigning descriptions in colon-delimited text-format:
Don't put any colons or periods in the MAC address. A really slick benefit of this format is it allows linking to a database- most useful when you have a lot of nodes to track.
And of course there is filtering, to fine-tune the data you wish to view, and logging. IPTraf will even run in the background. View the logs to see what went on when you werent looking.
IPTraf runs nicely on an older Pentium II, the minimum requirements are PII 200 mhz, 16 megs RAM. Realistically, more RAM is better, at least 64 megs, depending on how many nodes it is monitoring. Plug it in into any IP network.
Mon is extremely configurable and customizable. It was developed to run on Linux, but as it is written in Perl, it is possible to port it to other platforms without too much aggravation. Write your own extensions and modifications, or take advantage of the many community-created tools. Mon is great for the do-it-yourselfer, probably too painful for the admin who wants something that works "out of the box".
Visit the Web sites of these fine monitors to learn more. Each one has good documentation, and good user mailing lists.
2004 Jupitermedia Corporation All Rights Reserved.
Questions or problems regarding this web site should be directed to firstname.lastname@example.org.
Copyright © 2008 Art Beckman. All rights reserved.
Last Modified: March 9, 2008