Internet Tool Catalog MONET NAME MONET -- the Hughes LAN Systems SNMP Network Management Center (formerly the Hughes LAN Systems 9100) software product runs on a Sun SPARCStation hardware platform. KEYWORDS control, graphics, network topology,manager, routing, status, traffic; bridge, configuration, performance, alarm management, relational database, mib parser for RDBMS, intelligent hub management, DECnet, ethernet, IP; NMS, SNMP; UNIX. ABSTRACT Monet provides the capability to manage and control SNMP-based networking products from any vendor including those from Hughes LAN Systems. A comprehensive relational database manages the data and ensures easy access and control of resources throughout the network. Monet provides multivendor management through its advanced Mib master MIB parser that allows the parsing of enterprise MIBs (ASN.1 format per RFC1212) directly into the RDBMS for use by Monet's applications. Major features include: Remote access with X: Use of the X/Motif user-interface, enabling remote access to the all applications. Database Management Stores and retrieves the information required to administer and configure the network. It can be used to: - Store and recall configuration data for all devices. - Provide availability history for devices. - Assign new internet addresses. - Provide administrative information such as physical location of devices, responsible person, maintenance history, asset data, hardware/software versions, etc. - Full-function SQL interface. - User-customizable RDBMS report generation.
Graphics and Network Mapping The Graphics module enables the user to view the nodes in the network as "dynamic" icons in heirarchical maps. The network is represented by these heirarchical maps. Though there is a library of device icons, cities and geographical maps included, the user has access to a graphics editor that allows customizing and the creation of new icons and maps. A Device's icon may be selected to: - Register/deregister the device, - Access the open alarms and acknowledge faults for the selected device, - Ping the device to determine accessibility, - Draw graphs of any of the device's numeric MIB objects, either the values as retrieved in real-time or the history values previously stored in the RDBMS by the Performance Manager, - Telnet to the device, - Customize the graphical dynamics (color, fill, rotation, etc.) of the device's icon by associating them to the values of the device's MIB objects. Configuration Management - Retrieves configuration information from SNMP devices. - Stores device parameters in the RDBMS, with common sets of parameters used for multiple devices, or for multiple ports on a device, stored only once in the RDBMS. - Configures devices from the parameters stored in the RDBMS, including those relating to TCP/IP, DECnet and any other protocol/feature configurable via SNMP. - Polls devices to compare their current parameter values with those in the database and produce reports of the discrepancies. - Collect data about the state of the network. - Learn the parameters of the devices in the network and populate the database. Performance Management - Displays local network traffic graphically, by packet size, protocol, network utilization, sources and destinations of packets, etc. - Provides for the scheduling of jobs to retrieve
MIB values of a device and store them in the RDBMS for review or summary reporting at a later time. - Allows high/low thresholds to be set on retrieved values with alarms generated when thresholds are exceeded. Fault Management - Provides availability monitoring and indicates potential problems. - Creates alarms from received SNMP traps, and from other internally-generated conditions, - Records alarms in the alarm log in the RDBMS. - Lists alarms for selected set of devices, according to various filter conditions, - Possible causes and suggested actions for the alarms are listed. - New alarms are indicated by a flashing icon and optional audio alert. - Visual indication of alarms bubbles up the network map heirarchy. - Cumulative reports can be produced. Utilities Function - View and/or terminate current NMC processes, - Access to database maintenance utilities. MECHANISM SNMP. CAVEATS None reported. BUGS None known. LIMITATIONS Maximum number of nodes that can be monitored is 18,000. This can include Hosts, Terminal Servers, PCs, Routers, and Bridges. HARDWARE REQUIRED The host for the NMC software is a Sun 4 desktop works- tation. Recommended minimum hardware is the Sun IPX Color workstation, with a 1/4" SCSI tape drive. SOFTWARE REQUIRED MONET V5.0, which is provided on 1/4" tape format, runs on the Sun 4.1.1 Operating System.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL A commercial product of: Hughes LAN Systems Inc. 1225 Charleston Road Mountain View, CA 94043 Phone: (415) 966-7300 Fax: (415) 960-3738 RCA Telex: 276572 CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY kishoret@msgate.hls.com kzm@hls.com
Internet Tool Catalog NET_MONITOR NAME net_monitor KEYWORDS routing, status; DECnet, IP; curses, ping; UNIX, VMS; free, sourcelib. ABSTRACT Net_monitor uses ICMP echo (and DECnet reachability information on VAX/VMS) to monitor a network. The mon- itoring is very simplistic, but has proved useful. It periodically tests whether hosts are reachable and reports the results in a full-screen display. It groups hosts together in common sets. If all hosts in a set become unreachable, it makes a lot of racket with bells, since it assumes that this means that some com- mon piece of hardware that supports that set has failed. The periodicity of the tests, hosts to test, and groupings of hosts are controlled with a single configuration file. The idea for this program came from the PC/IP monitor facility, but is an entirely different program with different functionality. MECHANISM Reachability is tested using ICMP echo facilities for TCP/IP hosts (and DECnet reachability information on VAX/VMS). A DECnet node is considered reachable if it appears in the list of hosts in a "show network" com- mand issued on a routing node. CAVEATS This facility has been found to be most useful when run in a window on a workstation rather than on a terminal connected to a host. It could be useful if ported to a PC (looks easy using FTP Software's programming libraries), but this has not been done. Curses is very slow and cpu intensive on VMS, but the tool has been run in a window on a VAXstation 2000. Just don't try to run it on a terminal connected to a 11/750. BUGS None known.
LIMITATIONS This tool is not meant to be a replacement for a more comprehensive network management facility such as is provided with SNMP. HARDWARE REQUIRED A host with a network connection. SOFTWARE REQUIRED Curses, 4.xBSD UNIX socket programming libraries (lim- ited set) and some flavor of TCP/IP that supports ICMP echo request (ping). It has been run on VAX/VMS run- ning WIN/TCP and several flavors of 4BSD UNIX (includ- ing SunOS 3.2, 4.0, and 4.3BSD). It could be ported to any platform that provides a BSD-style programming li- brary with an ICMP echo request facility and curses. AVAILABILITY Requests should be sent to the author: Dale Smith Asst Dir of Network Services University of Oregon Computing Center Eugene, OR 97403-1211 Internet: dsmith@oregon.uoregon.edu. BITNET: dsmith@oregon.bitnet UUCP: ...hp-pcd!uoregon!dsmith Voice: (503)686-4394 With the source code, a makefile is provided for most any UNIX box and a VMS makefile compatible with the make distributed with PMDF. A VMS DCL command file is also provided, for use by those VMS sites without "make." The author will attempt to fix bugs, but no support is promised. The tool is copyrighted, but free (for now).
Internet Tool Catalog NETLABS_CMOT_AGENT NAME Netlabs CMOT Agent KEYWORDS manager, status; IP, OSI; NMS. ABSTRACT Netlabs' CMOT code debuted in Interop 89. The CMOT code comes with an Extensible MIB, which allows users to add new MIB variables. The code currently supports all the MIB variables in RFC 1095 via the data types in RFC 1065, as well as the emerging MIB-II, which is currently in experimental stage. The CMOT has been benchmarked at 100 Management Operations per Second (MOPS) for a 1-MIPS machine. MECHANISM The Netlabs CMOT agent supports the control and moni- toring of network resources by use of CMOT message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Portable to most hardware. SOFTWARE REQUIRED Portable to most operating systems. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam)
Internet Tool Catalog NETLABS_DUAL_MANAGER NAME Dual Manager KEYWORDS alarm, control, manager, map, security, status; IP, OSI; NMS, SNMP, X; UNIX; library. ABSTRACT Netlabs' Dual Manager provides management of TCP/IP networks using both SNMP and CMOT protoocls. Such management can be initiated either through the X- Windows user interface (both Motif and Openlook), or through OSI Network Management (CMIP) commands. The Dual Manager provides for configuration, fault, secu- rity and performance management. It provides extensive map management features, including scanned maps in the background. It provides simple mechanisms to extend the MIB and assign specific lists of objects to specific network elements, thereby providing for the management of all vendors' specific MIB extensions. It provides an optional relational DBMS for storing and retrieving MIB and alarm information. Finally, the Dual Manager is an open platform, in that it provides several Application Programming Interfaces (APIs) for users to extend the functionality of the Dual Manager. The Dual Manager is expected to work as a TCP/IP "branch manager" under DEC's EMA, AT&T's UNMA and other OSI-conformant enterprise management architectures. MECHANISM The Netlabs Dual Manager supports the control and moni- toring of network resources by use of both CMOT and SNMP message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Runs on Sun/3 and Sun/4s.
SOFTWARE REQUIRED Available on System V or SCO Open Desktop environments. Uses X-Windows for the user interface. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam)
Internet Tool Catalog NETLABS_SNMP_AGENT NAME Netlabs SNMP Agent. KEYWORDS manager, status; IP; NMS, SNMP. ABSTRACT Netlabs' SNMP code debuted in Interop 89, where it showed interoperation of the code with several imple- mentations on the show floor. The SNMP code comes with an Extensible MIB, which allows users to add new MIB variables. The code currently supports all the MIB variables in RFC 1066 via the data types in RFC 1065, as well as the emerging MIB-II, which is currently in experimental stage. The SNMP has been benchmarked at 200 Management Operations per Second (MOPS) for a 1- MIPS machine. MECHANISM The Netlabs SNMP agent supports the control and moni- toring of network resources by use of SNMP message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Portable to most hardware. SOFTWARE REQUIRED Portable to most operating systems. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam)
Internet Tool Catalog NetMetrix-Load-Monitor NAME NetMetrix Load Monitor KEYWORDS alarm,traffic; Ethernet, FDDI, IP, Ring; Eavesdrop, SNMP, X; UNIX; ABSTRACT The NetMetrix Load Monitor is a distributed client-server monitoring tool for ethernet, token ring, and FDDI networks. A unique "dual" architecture provides compatibility with both RMON and X windows. RMON allows interoperability and an enterprise-wide view, while X windows enables much more powerful, intelligent applications at remote segments and saves network bandwidth. The Load Monitor provides extensive traffic statistics. It looks at load by time interval, source node, destination node, application, protocol or packet size. A powerful ZOOM feature allows extensive correlational analysis which is displayed in a wide variety of graphs and tables. You can answer questions such as: Which sources are generating most of the load on the network when it is most heavily loaded and where is this load going? Which source/destination pairs generate the most traffic over the day? Where should bridges and routers be located to optimally partition the network? How much load do applications, like the X Windows protocol, put on the network and who is generating that load when it is the greatest. A floating license allows easy access to the software tool anywhere you need it. MECHANISM NetMetrix turns the network interface into promiscuous mode to capture packets. CAVEATS none. BUGS none known.
LIMITATIONS none. HARDWARE REQUIRED SPARC system SOFTWARE REQUIRED SunOS 4.0 or higher AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from: Sales Department Metrix Network Systems, Inc. One Tara Boulevard Nashua, New Hampshire 03062 telephone: 603-888-7000 fax: 603-891-2796 email: info@metrix.com Government agencies please note that NetMetrix is on the GSA schedule. CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Norma Shepperd Marketing Administrator 603-888-7000 norma@metrix.com
Internet Tool Catalog NetMetrix-NFS-Monitor NAME NetMetrix NFS Monitor KEYWORDS traffic; Ethernet, FDDI, NFS, Ring; Eavesdrop, SNMP, X; UNIX ABSTRACT The NetMetrix NFS Monitor is a distributed network monitoring tool which monitors and graphs NFS load, response time, retransmits, rejects and errors by server, client, NFS procedure, or time interval. Breakdown server activity by file system and client activity by user. A powerful ZOOM feature lets you correlate monitoring variables. You can see client/server relationships, compare server performance, evaluate NFS performance enhancement strategies. A floating license and the X Window protocol allows monitoring of remote ethernet, token ring and FDDI segments from a central enterprise-wide display. MECHANISM NetMetrix turns the network interface into promiscuous mode to capture packets. CAVEATS none. BUGS none known. LIMITATIONS none. HARDWARE REQUIRED SPARC system SOFTWARE REQUIRED SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from: Sales Department Metrix Network Systems, Inc. One Tara Boulevard Nashua, New Hampshire 03062 telephone: 603-888-7000 fax: 603-891-2796 email: info@metrix.com Government agencies please note that NetMetrix is on the GSA schedule. CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Norma Shepperd Marketing Administrator 603-888-7000 norma@metrix.com
Internet Tool Catalog NetMetrix-Protocol-Analyzer NAME NetMetrix Protocol Analyzer KEYWORDS alarm, analyzer, traffic; DECnet, DNS, Ethernet, FDDI, IP, OSI, NFS, Ring, SMTP; Eavesdrop, SNMP, X; UNIX; Library ABSTRACT The NetMetrix Protocol Analyzer is a distributed client-server monitoring tool for ethernet, token ring, and FDDI networks. A unique "dual" architecture provides compatibility with both RMON and X windows. RMON allows interoperability, while X windows enables much more powerful, intelligent applications at remote segments and saves network bandwidth. With the Protocol Analyzer, you can decode and display packets as they are being captured. Extensive filters let you sift through packets either before or after trace capture. The capture filter may be specified by source, destination between hosts, protocol, packet size, pattern match, or by a complete expression using an extensive filter expression language. Full 7-layer packet decodes are available for all major protocols including DECnet, Appletalk, Novell, XNS, SNA, BANYAN, OSI and TCP/IP. The decodes for the TCP/IP stack have all major protocols including NFS, YP, DNS, SNMP, OSPF, etc. Request and reply packets are matched. Packets can be displayed in summary, detail or hex, with multiple views to see packet dialogues side by side. A complete developers' kit is available for custom decodes. A floating license allows easy acess to the software tool anywhere you need it. MECHANISM NetMetrix turns the network interface into promiscuous mode to capture packets.
CAVEATS none. BUGS none known. LIMITATIONS none. HARDWARE REQUIRED SPARC system SOFTWARE REQUIRED SunOS 4.0 or higher AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from: Sales Department Metrix Network Systems, Inc. One Tara Boulevard Nashua, New Hampshire 03062 telephone: 603-888-7000 fax: 603-891-2796 email: info@metrix.com Government agencies please note that NetMetrix is on the GSA schedule. CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Norma Shepperd Marketing Administrator 603-888-7000 norma@metrix.com
Internet Tool Catalog NetMetrix-Traffic-Generator NAME NetMetrix Traffic Generator KEYWORDS Debugger, Generator, Traffic; Ethernet, FDDI, IP, Ring; Eavesdrop, SNMP, X; UNIX; Library ABSTRACT The NetMetrix Traffic Generator is a distributed software tool which allows you to simulate network load or test packet dialogues between nodes on your ethernet, token ring, or FDDI segments. The Traffic Generator can also be used to test and validate management station alarms, routers, bridges, hubs, etc. An easy-to-use programming interface provides complete flexibility over variables such as bandwidth, packet sequence, and conditional responses. A floating license and the X Window System protocol allows testing of remote ethernet, token ring and FDDI segments from a central console. MECHANISM NetMetrix turns the network interface into promiscuous mode to capture packets. CAVEATS none. BUGS none known. LIMITATIONS none. HARDWARE REQUIRED SPARC system SOFTWARE REQUIRED SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from: Sales Department Metrix Network Systems, Inc. One Tara Boulevard Nashua, New Hampshire 03062 telephone: 603-888-7000 fax: 603-891-2796 email: info@metrix.com Government agencies please note that NetMetrix is on the GSA schedule. CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Norma Shepperd Marketing Administrator 603-888-7000 norma@metrix.com
Internet Tool Catalog NETMON_MITRE NAME NETMON and iptrace KEYWORDS traffic; IP; eavesdrop; UNIX; free. ABSTRACT NETMON is a facility to enable communication of net- working events from the BSD UNIX operating system to a user-level network monitoring or management program. Iptrace is a program interfacing to NETMON which logs TCP-IP traffic for performance measurement and gateway monitoring. It is easy to build other NETMON-based tools using iptrace as a model. NETMON resides in the 4.3BSD UNIX kernel. It is independent of hardware-specific code in UNIX. It is transparent to protocol and network type, having no internal assumptions about the network protocols being recorded. It is installed in BSD-like kernels by adding a standard function call (probe) to a few points in the input and output routines of the protocols to be logged. NETMON is analogous to Sun Microsystems' NIT, but the interface tap function is extended by recording more context information. Aside from the timestamp, the choice of information recorded is up to the installer of the probes. The NETMON probes added to the BSD IP code supplied with the distribution include as context: input and output queue lengths, identification of the network interface, and event codes labeling packet dis- cards. (The NETMON distribution is geared towards measuring the performance of BSD networking protocols in an IP gateway). NETMON is designed so that it can reside within the monitored system with minimal interference to the net- work processing. The estimated and measured overhead is around five percent of packet processing. The user-level tool "iptrace" is provided with NETMON. This program logs IP traffic, either at IP-level only, or as it passes through the network interface drivers as well. As a separate function, iptrace produces a host traffic matrix output. Its third type of output
is abbreviated sampling, in which only a pre-set number of packets from each new host pair is logged. The three output types are configured dynamically, in any combination. OSITRACE, another logging tool with a NETMON interface, is available separately (and documented in a separate entry in this catalog). MECHANISM Access to the information logged by NETMON is through a UNIX special file, /dev/netmon. User reads are blocked until the buffer reaches a configurable level of full- ness. Several other parameters of NETMON can be tuned at com- pile time. A diagnostic program, netmonstat, is included in the distribution. CAVEATS None. BUGS Bug reports and questions should be addressed to: ie-tools@gateway.mitre.org Requests to join this mailing list: ie-tools-request@gateway.mitre.org Questions and suggestions can also be directed to: Allison Mankin (703)883-7907 mankin@gateway.mitre.org LIMITATIONS A NETMON interface for tcpdump and other UNIX protocol analyzers is not included, but it is simple to write. NETMON probes for a promiscuous ethernet interface are similarly not included. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX-like network protocols or the ability to install the BSD publicly available network protocols in the system to be monitored.
AVAILABILITY The NETMON distribution is available by anonymous FTP in pub/netmon.tar or pub/netmon.tar.Z from aelred- 3.ie.org. A short user's and installation guide, NETMON.doc, is available in the same location. The NETMON distribution is provided "as is" and requires retention of a copyright text in code derived from it. It is copyrighted by the MITRE-Washington Networking Center.
Internet Tool Catalog NETMON_WINDOWS_SNMP_RESEARCH NAME NETMON for Windows -- an SNMP-based network management tool that runs under Microsoft Windows 3.0 from SNMP Research. KEYWORDS alarm, control, manager, map, routing; DECnet, Ethernet, IP, OSI, ring, star; NMS, SNMP; DOS; sourcelib. ABSTRACT The NETMON application implements a powerful network management station based on a low-cost DOS platform. NETMON's network management tools for configuration, performance, security, and fault management have been used successfully with a wide assortment of wide- and local-area-network topologies and medias. Multiprotocol devices are supported including those using TCP/IP, DECnet, and OSI protocols. Some features of NETMON's network management tools include: o Fault management tool displays a map of the network configuration with node and link state indicated in one of several colors to indicate current status; o Configuration management tool may be used to edit the network management information base stored in the NMS to reflect changes occurring in the network; o Graphs and tabular tools for use in fault and performance management; o Mechanisms by which additional variables, such as vendor- specific variables, may be added; o Alarms may be enabled to alert the operator of events occurring in the network; o Events are logged to disk; o Output data may be transferred via flat files for additional report generation by a variety of statistical packages. The NETMON application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages.
MECHANISM The NETMON for Windows application is based on the Simple Network Management Protocol (SNMP). Polling is performed via the powerful SNMP get-next operator and the SNMP get operator. Trap directed polling is used to regulate the focus and intensity of the polling. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED The minimum system is a IBM 386 computer, or compatible, with hard disk drive. SOFTWARE REQUIRED DOS 5.0 or later, Windows 3.0 in 386 mode, and TCP/IP kernel software from FTP Software. AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from: SNMP Research 3001 Kimberlin Heights Road Knoxville, TN 37920-9716 Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX) CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY users@seymour1.cs.utk.edu
Internet Tool Catalog NETscout NAME NETscout(tm) KEYWORDS Alarm, Analyzer, Manager, Status, Traffic; DECnet, Ethernet, IP, OSI, NFS, Ring, Star, Eavesdrop; NMS, SNMP; UNIX; ABSTRACT The NETscout family of distributed LAN Analyzer devices are intended to provide network users with a comprehensive capability to identify and isolate fault conditions in data communications networks. NETscout has the capability to collect wide ranging statistical data, to display selectively captured and fully decoded network traffic, to set user-defined alarm conditions, and to obtain real-time updates from all segments of a widely dispersed internetwork from a centralized SNMP-compatible network management console. The NETscout family is based on standards so that operation may be realized in heterogeneous networks which constitute a multi-protocol, multi-topology, multi-vendor environment. The fundamental standards upon which NETscout is based are the Simple Network Management Protocol (SNMP), which defines the protocol for all inter-communications between NETscout devices, and the Remote Monitoring Management Information Base (RMON-MIB), which defines the type of information which is to be gathered and made available to the user for each network segment. NETscout clients provide a full array of monitoring and analysis features including intelligent seven level decoding of all majorprotocol stacks: DOD including TCP/IP XNS Novell DECNET including LAT ISO APPLETALK IBM Token Ring Vines NETBIOS/SMB SNMP including RMON-MIB SUN-NFS SMT NETscout agents support all nine groups of the RMON-MIB standard. NETscout agents can work with any SNMP-based network management system and currently
support Ethernet and Token Ring. MECHANISM The operation of the NETscout family is divided into two distinct subcategories. The first is the "Client" which is the user console from which operational commands are issued and where all results and diagnostic information are displayed. In a NETscout topology it is feasible to have multiple clients active simultaneously within a single network. The second category is the "Agent", a hardware/software device which is attached to a specific network segment and which gathers statistical information for that segment as well as providing a window into that segment where network traffic may be observed and gathered for more detailed user analysis. A typical network will have multiple segments and multiple agents up to the point of having one agent for each logical network segment. NETscout Model 9210 is a software package which, when combined in a Sun SPARCstation in conjunction with SunNet Manager running under Open Windows, implements the NETscout client function. SunNet Manager provides the background operational tools for client operation while the NETscout software provides application-specific functions related to RMON-MIB support as well as all software necessary to perform the protocol decode function. SunNet Manager also implements a network map file which includes a topographical display of the entire network and is the mechanism for selecting network elements to perform operations. NETscout Model 9215 is a software package that operates in conjunction with SunNet Manager and implements the statistics monitoring function only. That is, it does not include the protocol decode function or the mechanism to retrieve actual data from a remote agent. It does, however, include complete statistics gathering and event and alarm generation. Frontier NETscout Models 9510 and 9515, and Model 9610 and 9615 are agent software packages that implement selected network diagnostic functions when loaded into a Sun SPARCstation (9510, 9515) or a SynOptics LattisNet Hub (9610, 9615) respectively which is
connected to an Ethernet network segment using conventional network interface hardware. Models 9510 and 9610 support all nine RMON-MIB groups including "filters" and "packet capture" and thus provide for complete protocol monitoring and decode when used with a client equipped with protocol decode software. Models 9515 an 9615 include support for seven RMON-MIB groups which excludes "filters" and "data capture" and therefore perform network monitoring only through collection and presentation of network statistics, events, and alarms. All models also support the MIB2 system and interface groups. Frontier NETscout Models 9520 and 9525, and Model 9620 and 9625 are agent software packages that are identical in function to their respective models described above except that they are for use on Token Ring segments. CAVEATS The RMON-MIB standard for Token Ring applications has not yet beenformally released and is not approved. NETscout products correspond to the latest draft for Token Ring functions and will be updated as required to conform to the standard as it is approved. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Sun SPARCstation or LattisNet Hub depending upon Model number. SOFTWARE REQUIRED Sun OS 4.1.1 for client and agent, SunNet Manager for client.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NETscout products are available commercially. For information regarding your local representative, contact: Frontier Software Development, Inc. 1501 Main Street Tewksbury, MA 01876 Phone: 508-851-8872 Fax: 508-851-6956 CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Marketing Frontier Software
Internet Tool Catalog NETSTAT NAME netstat KEYWORDS routing; IP; UNIX, VMS; free. ABSTRACT Netstat is a program that accesses network related data structures within the kernel, then provides an ASCII format at the terminal. Netstat can provide reports on the routing table, TCP connections, TCP and UDP "listens", and protocol memory management. MECHANISM Netstat accesses operating system memory to read the kernel routing tables. CAVEATS Kernel data structures can change while netstat is run- ning. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX or related OS, or VMS. AVAILABILITY Available via anonymous FTP from uunet.uu.net, in directory bsd-sources/src/ucb. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP.
Internet Tool Catalog NETWORK_INTEGRATOR NAME Network Integrator I KEYWORDS map, traffic; ethernet; UNIX. ABSTRACT This tool monitors traffic on network segments. All information is dumped to either a log file or, for real-time viewing, to a command tool window. Data is time-stamped according to date and time. Logging can continue for up to 24 hours. The tool is flexible in data collection and presenta- tion. Traffic filters can be specified according to header values of numerous protocols, including those used by Apple, DEC, Sun, HP, and Apollo. Bandwidth utilization can be monitored, as well as actual load and peak throughput. Additionally, the Network Integrator can analyze a network's topology, and record the location of all operational nodes on a network. Data can be displayed in six separate formats of bar graphs. In addition, there are several routines for producing statistical summaries of the data collected. MECHANISM The tools work through RPC and XDR calls. CAVEATS Although the tool adds only little traffic to a net- work, generation of statistics from captured files requires a significant portion of a workstation's CPU. BUGS None known. LIMITATIONS Must be root to run monitor. There does not seem to be a limit to the number of nodes, since it monitors by segments. The only major limitation is the amount of disk space that a user can commit to the log files. The size of the log files, however, can be controlled through the tool's parameters.
HARDWARE REQUIRED Sun3 or Sun4. SOFTWARE REQUIRED 4.0BSD UNIX or greater, or related OS. AVAILABILITY Copyrighted, commercially available from Network Integrators, (408) 927-0412.
Internet Tool Catalog NFSwatch NAME nfswatch KEYWORDS Traffic; Ethernet, IP, NFS; Curses, Eavesdrop; UNIX; Free ABSTRACT Nfswatch monitors all incoming ethernet traffic to an NFS file server and divides it into several categories. The number and percentage of packets received in each category is displayed on the screen in a continuously updated display. By default, nfswatch monitors all packets destined for the local host over a single network interface. Options are provided to specify the specific interface to be monitored, or all interfaces at once. NFS traffic to the local host, to a remote host, from a specific host, between two hosts, or all NFS traffic on the network may be monitored. Categories of packets monitored and counted include: ND Read, ND Write, NFS Read, NFS Write, NFS Mount, Yellow Pages (NIS), RPC Authorization, Other RPC, TCP, UDP, ICMP, RIP, ARP, RARP, Ethernet Broadcast, and Other. Packets are also tallied either by file system or file (specific files may be watched as an option), NFS procedure name (RPC call), or NFS client hostname. Facilities for taking "snapshots" of the screen, as well as saving data to a log file for later analysis (the analysis tool is included) are also available. MECHANISM Nfswatch uses the Network Interface Tap, nit(4) under SunOS 4.x, and the Packet Filter, packetfilter(4), under Ultrix 4.x, to place the ethernet interface into promiscuous mode. It filters out NFS packets, and decodes the file handles in order to determine how to count the packet.
CAVEATS Because the NFS file handle is a non-standard (server private) piece of data, nfswatch must be modified to understand file handles used by various implementations. It currently knows about the SunOS 4.x and Ultrix file handle formats. BUGS Does not monitor FDDI interfaces. (It should be a simple change, but neither author has access to a system with FDDI interfaces for testing.) LIMITATIONS Up to 256 exported file systems and 256 individual files can be monitored at any time. Only NFS requests are counted; the NFS traffic generated by a server in response to those packets is not counted. HARDWARE REQUIRED Any Ultrix system (VAX or DEC RISC hardware) SOFTWARE REQUIRED Ultrix release 4.0 or later. For Ultrix 4.1, may require the patched "if_ln.o" kernel module, available from Digital's Customer Support Center. AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Copyrighted, but freely distributable. Available via anonymous FTP from harbor.ecn.purdue.edu, ftp.erg.sri.com, and gatekeeper.dec.com, as well as numerous other sites around the Internet. The current version is Version 3.0 from January 1991. Contact points: Dave Curry Jeff Mogul Purdue University Digital Equipment Corp. Engineering Computer Network Western Research Laboratory 1285 Electrical Engineering Bldg. 100 Hamilton Avenue West Lafayette, IN 47907-1285 Palo Alto, CA 94301 davy@ecn.purdue.edu mogul@decwrl.dec.com CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY Dave Curry (see address above).
Internet Tool Catalog NHFSSTONE NAME nhfsstone KEYWORDS benchmark, generator; NFS; spoof; UNIX; free. ABSTRACT Nhfsstone (pronounced n-f-s-stone, the "h" is silent) is an NFS benchmarking program. It is used on an NFS client to generate an artificial load with a particular mix of NFS operations. It reports the average response time of the server in milliseconds per call and the load in calls per second. The nhfsstone distribution includes a script, "nhfsnums" that converts test results into plot(5) format so that they can be graphed using graph(1) and other tools. MECHANISM Nhfsstone is an NFS traffic generator. It adjusts its calling patterns based on the client's kernel NFS statistics and the elapsed time. Load can be generated over a given time or number of NFS calls. CAVEATS Nhfsstone will compete for system resources with other applications. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED 4.xBSD-based UNIX
AVAILABILITY Available via anonymous FTP from bugs.cs.wisc.edu. Alternatively, Legato Systems will provide the program free of charge, if certain conditions are met. Send name and both email and U.S. mail addresses to: Legato Systems, Inc. Nhfsstone 260 Sheridan Avenue Palo Alto, California 94306 A mailing list is maintained for regular information and bug fixes: nhfsstone@legato.com or uunet!legato.com!nhfsstone. To join the list: nhfsstone-request@legato.com or uunet!legato.com!nhfsstone-request.
Internet Tool Catalog NNSTAT NAME NNStat KEYWORDS manager, status, traffic; ethernet, IP; eavesdrop, NMS; UNIX; free. ABSTRACT NNStat is a collection of programs that provides an internet statistic collecting capability. The NNStat strategy for statistic collection is to collect traffic statistics via a promiscuous ethernet tap on the local networks, versus instrumenting the gateways. If all traffic entering or leaving a network or set of net- works traverses a local ethernet, then by stationing a statistic gathering agent on each local network a pro- file of network traffic can be gathered. Statistical data is retrieved from the local agents by a global manager. A program called "statspy" performs the data gathering function. Essentially, statspy reads all packets on an ethernet interface and records all information of interest. Information of interest is gathered by exa- mining each packet and determining if the source or destination IP address is one that is being monitored, typically a gateway address. If so then the contents of the packet are examined to see if they match further criteria. A program called "collect" performs global data collec- tion. It periodically polls various statspy processes in the domain of interest to retrieve locally logged statistical data. The NNSTAT distribution comes with several sample awk programs which process the logged output of the collect program. MECHANISM Local agents (statspy processes) collect raw traffic data via a promiscuous ethernet tap. Statistical, fil- tered or otherwise reduced data is retrieved from the local agents by a global manager (the "collect" pro- cess).
CAVEATS None. BUGS Bug fixes, extensions, and other pointers are discussed in the electronic mail forum, bytecounters. To join, send a request to bytecounters-request@venera.isi.edu. Forum exchanges are archived in the file bytecounters/bytecounters.mail, available via anonymous FTP from venera.isi.edu. LIMITATIONS NNStat presumes a topology of one or more long haul networks gatewayed to local ethernets. A kernel mod required to run with SunOS4. These mods are described in the bytecounters archive. HARDWARE REQUIRED Ethernet interface. Sun 3, Sun 4 (SPARC), or PC RT workstation. SOFTWARE REQUIRED Distribution is for BSD UNIX, could easily be adapted to any UNIX with promiscuous ethernet support. AVAILABILITY Distribution is available via anonymous FTP from venera.isi.edu, in file pub/NNStat.tar.Z. Documenta- tion is in pub/NNStat.userdoc.ms.Z.
Internet Tool Catalog NOCOL(8) NAME nocol - network monitoring tools for an IP network SYNOPSIS This is an overview of the NOCOL software. DESCRIPTION NOCOL (Network Operations Center On-Line) is a collection of network monitoring programs that run on Unix systems. The software consists of a number of monitoring agents that poll various parameters from any system and put it in a format suitable for post-processing. The post-processors can be a display agent, an automated troubleshooting program, an event logging program, etc. Presently, monitors for tracking reachability, SNMP traps, data throughput rate, and nameservers have been developed and are in use. Addition of more monitoring agents is easy and they will be added as necessary. A display agent- nocol(1) using curses has already been developed. Work on an "intelligent" module is currently in progress for event logging and some automatic troubleshooting. All data collected by the monitoring agents follows a fixed (non-readable) format. Each data entry is termed an event in NOCOL, and each event has certain flags and severity associated with it. The display agent nocol(1), displays the output of these monitoring agents depending on the severity of the event. There can be multiple displays running simultanously and all process the same set of monitored data. There are four levels of severity associated with an event- CRITICAL, ERROR, WARNING and INFO. The severity level is controlled independently by the monitoring agents, and the decision to raise or set an event's severity to any level depends on the logic imbedded in the monitoring agent. As an example, for the pingmon(8) monitor, if a site is unreachable via ping, it would be assigned a severity of WARNING by pingmon, which would then elevate to CRITICAL if the site is still unreachable after some time. In the case of trapmon(8), an SNMP trap message of EGP neighbor lost would be directly assigned a severity level of CRITICAL, while an Warm Start trap is
assigned a severity of WARNING. The display agent (and other data post-processors) would use this event severity to decide whether to display it (or troubleshoot/log it) depending on the user selected display severity level. The software is very flexible and allows enhancements and development with a minimum amount of effort. The display module processes all the files present in the data directory, and displays them sequentially. This allows new monitoring programs to simply start generating data in the data directory and the display module will automatically start displaying the new data. The monitoring tools can be changed, and the only element that has to remain common between all the modules is the EVENT data structure. CURRENT MODULES NOCOL presently consists of the following modules: nocol which simply displays the data collected by the monitoring agents. It uses the curses screen management system to support a wide variety of terminal types. The criterion for displaying an event is: 1. Severity level of the event is higher than the severity level set in the display. 2. The display filter (if set) matches some string in the event line. The display can be in regular 80 column mode or in extended 132 column mode. Critical events are displayed in reverse video (if the terminal type supports it). Additional features like displaying informational messages in a part of the window, automatic resizing window sizes, operator acknowledgement via a bell when a new event goes critical are also available. ippingmon which monitors the reachability of a site via "ICMP" ping packets (ICMP was preferred over SNMP for many obvious reasons). This program can use the default out- put from the system's ping program, but an accompanying program ( multiping) can ping multiple IP sites at the
same time and is preferable for monitoring a large list of sites. A site is marked unreachable if a certain number of packets is lost, and the severity level is increased each time that the site tests unreachable. osipingmon which is similar to the ippingmon module but uses the OSI ping program instead. No multiple ping program for OSI sites has been developed at this time. The only requirement is that the system's ping program output match the typical BSD IP ping program's output. nsmon which monitors the nameservers (named) on the list of specified hosts. It periodically sends an SOA query for the default domain and if the queried nameservers cannot resolve the query, then the site is elevated to CRITICAL status. tpmon For monitoring the throughput (kbits per second) to a list of hosts. The program connects to the discard socket on the remote machine (using a STREAM socket) and sends large packets for a small amount of time to evaluate the effective throughput. It elevates a site to WARNING level if the throughput drops below a certain threshold (set in the configuration file). trapmon Converts all SNMP traps into a format suitable for displaying using NOCOL. The severity of the various traps is preset (and can be changed during compilation time). PLATFORM Any Unix system with the curses screen management library and IP (Internet Protocol) programming facility. It has been tested on Sun Sparc 4.1.1, Ultrix, and NeXT systems. Porting to other platforms might require minor adjustments depending on the vagaries of the different vendors (mostly in the include files). AVAILABILITY NOCOL was developed at JvNCnet and has been in use for monitoring the JvNCnet wide area network since 1989. It is available via anonymous FTP from ftp.jvnc.net under pub/jvncnet-packages/nocol.tar.Z. The system running at
JvNCet can be viewed by logging into the host nocol.jvnc.net with username nocol (an rlogin instead of telnet will handle your X window terminal types better). To be added to the NOCOL mailing list (for future updates and bug fixes), send a message to nocol-users- request@jvnc.net with your email address. FUTURE DEVELOPMENTS Possible future enhancements are: 1. Event logging. 2. Addition of an automated troubleshooting mechanism when a site severity level reaches a particular level. 3. SNMP monitors to watch the state of certain vari- ables (interface errors, packet rate, route state changes). AUTHOR The software was developed at JvNCnet over a period of time. The overall design and initial development was done by Vikas Aggarwal and Sze-Ying Wuu. Additional development is being done and coordinated by Vikas Aggarwal (vikas@jvnc.net). Copyright 1992 JvNCnet. (See the file COPYRIGHT for full details) SEE ALSO nocol(1) nocol(3) tpmon(8) tsmon(8) nsmon(8)