tech-invite   World Map
3GPP     Specs     Glossaries     UICC       IETF     RFCs     Groups     SIP     ABNFs       T+       Search     Home

RFC 1470

 
 
 

FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices

Part 3 of 5, p. 80 to 119
Prev RFC Part       Next RFC Part

 


prevText      Top       Page 80 
        Internet Tool Catalog                                  MONET

        NAME
               MONET -- the Hughes LAN Systems SNMP Network Management
               Center (formerly the Hughes LAN Systems 9100) software
               product runs on a Sun SPARCStation hardware platform.

        KEYWORDS
               control, graphics, network topology,manager, routing,
               status, traffic; bridge, configuration, performance,
               alarm management, relational database, mib parser for
               RDBMS, intelligent hub management, DECnet, ethernet,
               IP; NMS, SNMP; UNIX.

        ABSTRACT
               Monet provides the capability to manage and control
               SNMP-based networking products from any vendor including
               those from Hughes LAN Systems.

               A comprehensive relational database manages the data and
               ensures easy access and control of resources throughout
               the network.

               Monet provides multivendor management through its
               advanced Mib master MIB parser that allows the parsing
               of enterprise MIBs (ASN.1 format per RFC1212) directly
               into the RDBMS for use by Monet's applications.

               Major features include:

               Remote access with X:
                    Use of the X/Motif user-interface, enabling remote
                    access to the all applications.

               Database Management
                    Stores and retrieves the information required to
                    administer and configure the network.  It can be
                    used to:
                         - Store and recall configuration data for all
                           devices.
                         - Provide availability history for devices.
                         - Assign new internet addresses.
                         - Provide administrative information such as
                           physical location of devices, responsible
                           person, maintenance history, asset data,
                           hardware/software versions, etc.
                         - Full-function SQL interface.
                         - User-customizable RDBMS report generation.

Top       Page 81 
                Graphics and Network Mapping
                     The Graphics module enables the user to view the
                     nodes in the network as "dynamic" icons in
                     heirarchical maps.  The network is represented by
                     these heirarchical maps.  Though there is a
                     library of device icons, cities and geographical
                     maps included, the user has access to a
                     graphics editor that allows customizing and the
                     creation of new icons and maps.
                    A Device's icon may be selected to:
                        - Register/deregister the device,
                        - Access the open alarms and acknowledge
                          faults for the selected device,
                        - Ping the device to determine accessibility,
                        - Draw graphs of any of the device's numeric
                          MIB objects, either the values as retrieved
                          in real-time or the history values
                          previously stored in the RDBMS by the
                          Performance Manager,
                        - Telnet to the device,
                        - Customize the graphical dynamics (color,
                          fill, rotation, etc.) of the device's icon
                          by associating them to the values of the
                          device's MIB objects.

               Configuration Management
                    - Retrieves configuration information from SNMP
                      devices.
                    - Stores device parameters in the RDBMS, with
                      common sets of parameters used for multiple
                      devices, or for multiple ports on a device,
                      stored only once in the RDBMS.
                    - Configures devices from the parameters stored in
                      the RDBMS, including those relating to TCP/IP,
                      DECnet and any other protocol/feature
                      configurable via SNMP.
                    - Polls devices to compare their current parameter
                      values with those in the database and produce
                      reports of the discrepancies.
                    - Collect data about the state of the network.
                    - Learn the parameters of the devices in the
                      network and populate the database.

               Performance Management
                    - Displays local network traffic graphically, by
                      packet size, protocol, network utilization,
                      sources and destinations of packets, etc.
                    - Provides for the scheduling of jobs to retrieve

Top       Page 82 
                      MIB values of a device and store them in the RDBMS
                      for review or summary reporting at a later time.
                    - Allows high/low thresholds to be set on retrieved
                      values with alarms generated when thresholds are
                      exceeded.

               Fault Management
                    - Provides availability monitoring and indicates
                      potential problems.
                    - Creates alarms from received SNMP traps, and from
                      other internally-generated conditions,
                    - Records alarms in the alarm log in the RDBMS.
                    - Lists alarms for selected set of devices,
                      according to various filter conditions,
                    - Possible causes and suggested actions for the
                      alarms are listed.
                    - New alarms are indicated by a flashing icon and
                      optional audio alert.
                    - Visual indication of alarms bubbles up the network
                      map heirarchy.
                    - Cumulative reports can be produced.

               Utilities Function
                    - View and/or terminate current NMC processes,
                    - Access to database maintenance utilities.

        MECHANISM
               SNMP.

        CAVEATS
               None reported.

        BUGS
               None known.

        LIMITATIONS
               Maximum number of nodes that can be monitored is
               18,000.  This can include Hosts, Terminal Servers, PCs,
               Routers, and Bridges.

        HARDWARE REQUIRED
               The host for the NMC software is a Sun 4 desktop works-
               tation.  Recommended minimum hardware is the Sun IPX
               Color workstation, with a 1/4" SCSI tape drive.

        SOFTWARE REQUIRED
               MONET V5.0, which is provided on 1/4" tape format, runs on
               the Sun 4.1.1 Operating System.

Top       Page 83 
        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
               A commercial product of:
                    Hughes LAN Systems Inc.
                    1225 Charleston Road
                    Mountain View, CA 94043
                    Phone: (415) 966-7300
                    Fax: (415) 960-3738
                    RCA Telex: 276572

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
                kishoret@msgate.hls.com
                kzm@hls.com

Top       Page 84 
          Internet Tool Catalog                            NET_MONITOR

          NAME
               net_monitor

          KEYWORDS
               routing, status; DECnet, IP; curses, ping; UNIX, VMS;
               free, sourcelib.

          ABSTRACT
               Net_monitor uses ICMP echo (and DECnet reachability
               information on VAX/VMS) to monitor a network.  The mon-
               itoring is very simplistic, but has proved useful.  It
               periodically tests whether hosts are reachable and
               reports the results in a full-screen display.  It
               groups hosts together in common sets.  If all hosts in
               a set become unreachable, it makes a lot of racket with
               bells, since it assumes that this means that some com-
               mon piece of hardware that supports that set has
               failed.  The periodicity of the tests, hosts to test,
               and groupings of hosts are controlled with a single
               configuration file.

               The idea for this program came from the PC/IP monitor
               facility, but is an entirely different program with
               different functionality.

          MECHANISM
               Reachability is tested using ICMP echo facilities for
               TCP/IP hosts (and DECnet reachability information on
               VAX/VMS).  A DECnet node is considered reachable if it
               appears in the list of hosts in a "show network" com-
               mand issued on a routing node.

          CAVEATS
               This facility has been found to be most useful when run
               in a window on a workstation rather than on a terminal
               connected to a host.  It could be useful if ported to a
               PC (looks easy using FTP Software's programming
               libraries), but this has not been done.  Curses is very
               slow and cpu intensive on VMS, but the tool has been
               run in a window on a VAXstation 2000.  Just don't try
               to run it on a terminal connected to a 11/750.

          BUGS
               None known.

Top       Page 85 
          LIMITATIONS
               This tool is not meant to be a replacement for a more
               comprehensive network management facility such as is
               provided with SNMP.

          HARDWARE REQUIRED
               A host with a network connection.

          SOFTWARE REQUIRED
               Curses, 4.xBSD UNIX socket programming libraries (lim-
               ited set) and some flavor of TCP/IP that supports ICMP
               echo request (ping).  It has been run on VAX/VMS run-
               ning WIN/TCP and several flavors of 4BSD UNIX (includ-
               ing SunOS 3.2, 4.0, and 4.3BSD).  It could be ported to
               any platform that provides a BSD-style programming li-
               brary with an ICMP echo request facility and curses.

          AVAILABILITY
               Requests should be sent to the author:

               Dale Smith
               Asst Dir of Network Services
               University of Oregon
               Computing Center
               Eugene, OR  97403-1211

               Internet: dsmith@oregon.uoregon.edu.
               BITNET: dsmith@oregon.bitnet
               UUCP: ...hp-pcd!uoregon!dsmith
               Voice: (503)686-4394

               With the source code, a makefile is provided for most
               any UNIX box and a VMS makefile compatible with the
               make distributed with PMDF.  A VMS DCL command file is
               also provided, for use by those VMS sites without
               "make."

               The author will attempt to fix bugs, but no support is
               promised.  The tool is copyrighted, but free (for now).

Top       Page 86 
          Internet Tool Catalog                     NETLABS_CMOT_AGENT

          NAME
               Netlabs CMOT Agent

          KEYWORDS
               manager, status; IP, OSI; NMS.

          ABSTRACT
               Netlabs' CMOT code debuted in Interop 89.  The CMOT
               code comes with an Extensible MIB, which allows users
               to add new MIB variables.  The code currently supports
               all the MIB variables in RFC 1095 via the data types in
               RFC 1065, as well as the emerging MIB-II, which is
               currently in experimental stage.  The CMOT has been
               benchmarked at 100 Management Operations per Second
               (MOPS) for a 1-MIPS machine.

          MECHANISM
               The Netlabs CMOT agent supports the control and moni-
               toring of network resources by use of CMOT message
               exchanges.

          CAVEATS
               None.

          BUGS
               None known.

          LIMITATIONS
               None reported.

          HARDWARE REQUIRED
               Portable to most hardware.

          SOFTWARE REQUIRED
               Portable to most operating systems.

          AVAILABILITY
               Commercially available from:
                    Netlabs Inc
                    11693 Chenault Street Ste 348
                    Los Angeles CA 90049
                    (213) 476-4070
                    lam@netlabs.com (Anne Lam)

Top       Page 87 
          Internet Tool Catalog                   NETLABS_DUAL_MANAGER

          NAME
               Dual Manager

          KEYWORDS
               alarm, control, manager, map, security, status; IP,
               OSI; NMS, SNMP, X; UNIX; library.

          ABSTRACT
               Netlabs' Dual Manager provides management of TCP/IP
               networks using both SNMP and CMOT protoocls.  Such
               management can be initiated either through the X-
               Windows user interface (both Motif and Openlook), or
               through OSI Network Management (CMIP) commands.  The
               Dual Manager provides for configuration, fault, secu-
               rity and performance management.  It provides extensive
               map management features, including scanned maps in the
               background.  It provides simple mechanisms to extend
               the MIB and assign specific lists of objects to
               specific network elements, thereby providing for the
               management of all vendors' specific MIB extensions.  It
               provides an optional relational DBMS for storing and
               retrieving MIB and alarm information.  Finally, the
               Dual Manager is an open platform, in that it provides
               several Application Programming Interfaces (APIs) for
               users to extend the functionality of the Dual Manager.

               The Dual Manager is expected to work as a TCP/IP
               "branch manager" under DEC's EMA, AT&T's UNMA and other
               OSI-conformant enterprise management architectures.

          MECHANISM
               The Netlabs Dual Manager supports the control and moni-
               toring of network resources by use of both CMOT and
               SNMP message exchanges.

          CAVEATS
               None.

          BUGS
               None known.

          LIMITATIONS
               None reported.

          HARDWARE REQUIRED
               Runs on Sun/3 and Sun/4s.

Top       Page 88 
          SOFTWARE REQUIRED
               Available on System V or SCO Open Desktop environments.
               Uses X-Windows for the user interface.

          AVAILABILITY
               Commercially available from:
                    Netlabs Inc
                    11693 Chenault Street Ste 348
                    Los Angeles CA 90049
                    (213) 476-4070
                    lam@netlabs.com (Anne Lam)

Top       Page 89 
          Internet Tool Catalog                     NETLABS_SNMP_AGENT

          NAME
               Netlabs SNMP Agent.

          KEYWORDS
               manager, status; IP; NMS, SNMP.

          ABSTRACT
               Netlabs' SNMP code debuted in Interop 89, where it
               showed interoperation of the code with several imple-
               mentations on the show floor.  The SNMP code comes with
               an Extensible MIB, which allows users to add new MIB
               variables.  The code currently supports all the MIB
               variables in RFC 1066 via the data types in RFC 1065,
               as well as the emerging MIB-II, which is currently in
               experimental stage.  The SNMP has been benchmarked at
               200 Management Operations per Second (MOPS) for a 1-
               MIPS machine.

          MECHANISM
               The Netlabs SNMP agent supports the control and moni-
               toring of network resources by use of SNMP message
               exchanges.

          CAVEATS
               None.

          BUGS
               None known.

          LIMITATIONS
               None reported.

          HARDWARE REQUIRED
               Portable to most hardware.

          SOFTWARE REQUIRED
               Portable to most operating systems.

          AVAILABILITY
               Commercially available from:
                    Netlabs Inc
                    11693 Chenault Street Ste 348
                    Los Angeles CA 90049
                    (213) 476-4070
                    lam@netlabs.com (Anne Lam)

Top       Page 90 
        Internet Tool Catalog                 NetMetrix-Load-Monitor

        NAME
                NetMetrix Load Monitor

        KEYWORDS
                alarm,traffic; Ethernet, FDDI, IP, Ring; Eavesdrop,
                SNMP, X; UNIX;

        ABSTRACT
                The NetMetrix Load Monitor is a distributed
                client-server monitoring tool for ethernet, token
                ring, and FDDI networks.  A unique "dual" architecture
                provides compatibility with both RMON and X windows.
                RMON allows interoperability and an enterprise-wide
                view, while X windows enables much more powerful,
                intelligent applications at remote segments and saves
                network bandwidth.

                The Load Monitor provides extensive traffic
                statistics.  It looks at load by time interval, source
                node, destination node, application, protocol or
                packet size. A powerful ZOOM feature allows extensive
                correlational analysis which is displayed in a wide
                variety of graphs and tables.

                You can answer questions such as: Which sources are
                generating most of the load on the network when it is
                most heavily loaded and where is this load going?
                Which source/destination pairs generate the most
                traffic over the day?  Where should bridges and
                routers be located to optimally partition the network?
                How much load do applications, like the X Windows
                protocol, put on the network and who is generating that
                load when it is the greatest.

                A floating license allows easy access to the software
                tool anywhere you need it.

        MECHANISM
                NetMetrix turns the network interface into promiscuous
                mode to capture packets.

        CAVEATS
                none.

        BUGS
                none known.

Top       Page 91 
        LIMITATIONS
                none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                SunOS 4.0 or higher

        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
            NetMetrix is available from:
                    Sales Department
                    Metrix Network Systems, Inc.
                    One Tara Boulevard
                    Nashua, New Hampshire 03062
                    telephone: 603-888-7000
                    fax: 603-891-2796
                    email: info@metrix.com

        Government agencies please note that NetMetrix is on the GSA
        schedule.

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
            Norma Shepperd
            Marketing Administrator
            603-888-7000
            norma@metrix.com

Top       Page 92 
        Internet Tool Catalog                  NetMetrix-NFS-Monitor

        NAME
              NetMetrix NFS Monitor

        KEYWORDS
              traffic; Ethernet, FDDI, NFS, Ring; Eavesdrop, SNMP, X;
              UNIX

        ABSTRACT
                The NetMetrix NFS Monitor is a distributed network
                monitoring tool which monitors and graphs NFS load,
                response time, retransmits, rejects and errors by
                server, client, NFS procedure, or time
                interval.  Breakdown server activity by file system
                and client activity by user.

                A powerful ZOOM feature lets you correlate monitoring
                variables.  You can see client/server relationships,
                compare server performance, evaluate NFS performance
                enhancement strategies.

                A floating license and the X Window protocol allows
                monitoring of remote ethernet, token ring and FDDI
                segments from a central enterprise-wide display.

        MECHANISM
                NetMetrix turns the network interface into promiscuous
                mode to capture packets.

        CAVEATS
                none.

        BUGS
                none known.

        LIMITATIONS
                none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                SunOS 4.0 or higher

Top       Page 93 
        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
            NetMetrix is available from:
                    Sales Department
                    Metrix Network Systems, Inc.
                    One Tara Boulevard
                    Nashua, New Hampshire 03062
                    telephone: 603-888-7000
                    fax: 603-891-2796
                    email: info@metrix.com

                Government agencies please note that NetMetrix is on
                the GSA schedule.

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
            Norma Shepperd
            Marketing Administrator
            603-888-7000
            norma@metrix.com

Top       Page 94 
        Internet Tool Catalog            NetMetrix-Protocol-Analyzer

        NAME
              NetMetrix Protocol Analyzer

        KEYWORDS
                alarm, analyzer, traffic; DECnet, DNS, Ethernet, FDDI,
                IP, OSI, NFS, Ring, SMTP; Eavesdrop, SNMP, X; UNIX;
                Library

        ABSTRACT
                The NetMetrix Protocol Analyzer is a distributed
                client-server monitoring tool for ethernet, token
                ring, and FDDI networks.  A unique "dual" architecture
                provides compatibility with both RMON and
                X windows.  RMON allows interoperability, while X
                windows enables much more powerful, intelligent
                applications at remote segments and saves network
                bandwidth.

                With the Protocol Analyzer, you can decode and display
                packets as they are being captured. Extensive filters
                let you sift through packets either before or after
                trace capture.  The capture filter may be specified by
                source, destination between hosts, protocol, packet
                size, pattern match, or by a complete expression using
                an extensive filter expression language.

                Full 7-layer packet decodes are available for all
                major protocols including DECnet, Appletalk, Novell,
                XNS, SNA, BANYAN, OSI and TCP/IP.  The decodes for the
                TCP/IP stack have all major protocols including NFS,
                YP, DNS, SNMP, OSPF, etc.

                Request and reply packets are matched. Packets can be
                displayed in summary, detail or hex, with multiple
                views to see packet dialogues side by side.

                A complete developers' kit is available for custom
                decodes.

                A floating license allows easy acess to the software
                tool anywhere you need it.

        MECHANISM
                NetMetrix turns the network interface into promiscuous
                mode to capture packets.

Top       Page 95 
        CAVEATS
                none.

        BUGS
                none known.

        LIMITATIONS
                none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                 SunOS 4.0 or higher

        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
            NetMetrix is available from:
                    Sales Department
                    Metrix Network Systems, Inc.
                    One Tara Boulevard
                    Nashua, New Hampshire 03062
                    telephone: 603-888-7000
                    fax: 603-891-2796
                    email: info@metrix.com

                Government agencies please note that NetMetrix is on the
                GSA schedule.

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
            Norma Shepperd
            Marketing Administrator
            603-888-7000
            norma@metrix.com

Top       Page 96 
        Internet Tool Catalog            NetMetrix-Traffic-Generator

        NAME
                 NetMetrix Traffic Generator

        KEYWORDS
                Debugger, Generator, Traffic; Ethernet, FDDI, IP,
                Ring; Eavesdrop, SNMP, X; UNIX; Library

        ABSTRACT
                The NetMetrix Traffic Generator is a distributed
                software tool which allows you to simulate network
                load or test packet dialogues between nodes on your
                ethernet, token ring, or FDDI segments.  The Traffic
                Generator can also be used to test and validate
                management station alarms, routers, bridges, hubs, etc.

                An easy-to-use programming interface provides complete
                flexibility over variables such as bandwidth, packet
                sequence, and conditional responses.

                A floating license and the X Window System protocol
                allows testing of remote ethernet, token ring and FDDI
                segments from a central console.

        MECHANISM
                NetMetrix turns the network interface into promiscuous
                mode to capture packets.

        CAVEATS
                none.

        BUGS
                none known.

        LIMITATIONS
                none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                SunOS 4.0 or higher

Top       Page 97 
        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
            NetMetrix is available from:
                    Sales Department
                    Metrix Network Systems, Inc.
                    One Tara Boulevard
                    Nashua, New Hampshire 03062
                    telephone: 603-888-7000
                    fax: 603-891-2796
                    email: info@metrix.com

                Government agencies please note that NetMetrix is on
                the GSA schedule.

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
            Norma Shepperd
            Marketing Administrator
            603-888-7000
            norma@metrix.com

Top       Page 98 
          Internet Tool Catalog                           NETMON_MITRE

          NAME
               NETMON and iptrace

          KEYWORDS
               traffic; IP; eavesdrop; UNIX; free.

          ABSTRACT
               NETMON is a facility to enable communication of net-
               working events from the BSD UNIX operating system to a
               user-level network monitoring or management program.
               Iptrace is a program interfacing to NETMON which logs
               TCP-IP traffic for performance measurement and gateway
               monitoring. It is easy to build other NETMON-based
               tools using iptrace as a model.

               NETMON resides in the 4.3BSD UNIX kernel.  It is
               independent of hardware-specific code in UNIX.  It is
               transparent to protocol and network type, having no
               internal assumptions about the network protocols being
               recorded.  It is installed in BSD-like kernels by
               adding a standard function call (probe) to a few points
               in the input and output routines of the protocols to be
               logged.

               NETMON is analogous to Sun Microsystems' NIT, but the
               interface tap function is extended by recording more
               context information.  Aside from the timestamp, the
               choice of information recorded is up to the installer
               of the probes.  The NETMON probes added to the BSD IP
               code supplied with the distribution include as context:
               input and output queue lengths, identification of the
               network interface, and event codes labeling packet dis-
               cards.  (The NETMON distribution is geared towards
               measuring the performance of BSD networking protocols
               in an IP gateway).

               NETMON is designed so that it can reside within the
               monitored system with minimal interference to the net-
               work processing.  The estimated and measured overhead
               is around five percent of packet processing.

               The user-level tool "iptrace" is provided with NETMON.
               This program logs IP traffic, either at IP-level only,
               or as it passes through the network interface drivers
               as well.  As a separate function, iptrace produces a
               host traffic matrix output.  Its third type of output

Top       Page 99 
               is abbreviated sampling, in which only a pre-set number
               of packets from each new host pair is logged.  The
               three output types are configured dynamically, in any
               combination.

               OSITRACE, another logging tool with a NETMON interface,
               is available separately (and documented in a separate
               entry in this catalog).

          MECHANISM
               Access to the information logged by NETMON is through a
               UNIX special file, /dev/netmon.  User reads are blocked
               until the buffer reaches a configurable level of full-
               ness.

               Several other parameters of NETMON can be tuned at com-
               pile time.  A diagnostic program, netmonstat, is
               included in the distribution.

          CAVEATS
               None.

          BUGS
               Bug reports and questions should be addressed to:
                    ie-tools@gateway.mitre.org
               Requests to join this mailing list:
                    ie-tools-request@gateway.mitre.org
               Questions and suggestions can also be directed to:
                    Allison Mankin (703)883-7907
                    mankin@gateway.mitre.org

          LIMITATIONS
               A NETMON interface for tcpdump and other UNIX protocol
               analyzers is not included, but it is simple to write.
               NETMON probes for a promiscuous ethernet interface are
               similarly not included.

          HARDWARE REQUIRED
               No restrictions.

          SOFTWARE REQUIRED
               BSD UNIX-like network protocols or the ability to
               install the BSD publicly available network protocols in
               the system to be monitored.

Top       Page 100 
          AVAILABILITY
               The NETMON distribution is available by anonymous FTP
               in pub/netmon.tar or pub/netmon.tar.Z from aelred-
               3.ie.org.  A short user's and installation guide,
               NETMON.doc, is available in the same location.  The
               NETMON distribution is provided "as is" and requires
               retention of a copyright text in code derived from it.
               It is copyrighted by the MITRE-Washington Networking
               Center.

Top       Page 101 
        Internet Tool Catalog           NETMON_WINDOWS_SNMP_RESEARCH

        NAME
                NETMON for Windows -- an SNMP-based network management
                tool that runs under Microsoft Windows 3.0 from SNMP
                Research.

        KEYWORDS
                alarm, control, manager, map, routing;
                DECnet, Ethernet, IP, OSI, ring, star;
                NMS, SNMP;
                DOS;
                sourcelib.

        ABSTRACT
                The NETMON application implements a powerful network
                management station based on a low-cost DOS platform.
                NETMON's network management tools for configuration,
                performance, security, and fault management have been
                used successfully with a wide assortment of wide- and
                local-area-network topologies and medias.  Multiprotocol
                devices are supported including those using TCP/IP,
                DECnet, and OSI protocols.

        Some features of NETMON's network management tools include:

                o Fault management tool displays a map of the network
                  configuration with node and link state indicated
                  in one of several colors to indicate current status;
                o Configuration management tool may be used to edit the
                  network management information base stored in the
                  NMS to reflect changes occurring in the network;
                o Graphs and tabular tools for use in fault and performance
                  management;
                o Mechanisms by which additional variables, such as vendor-
                  specific variables, may be added;
                o Alarms may be enabled to alert the operator of events
                  occurring in the network;
                o Events are logged to disk;
                o Output data may be transferred via flat files for
                  additional report generation by a variety of
                  statistical packages.

        The NETMON application comes complete with source code
        including a powerful set of portable libraries for generating
        and parsing SNMP messages.

Top       Page 102 
        MECHANISM
                The NETMON for Windows application is based on the
                Simple Network Management Protocol (SNMP).  Polling is
                performed via the powerful SNMP get-next operator and
                the SNMP get operator.  Trap directed polling is used
                to regulate the focus and intensity of the polling.

        CAVEATS
                None.

        BUGS
                None known.

        LIMITATIONS
                None reported.

        HARDWARE REQUIRED
                The minimum system is a IBM 386 computer, or
                compatible, with hard disk drive.

        SOFTWARE REQUIRED
                DOS 5.0 or later, Windows 3.0 in 386 mode, and TCP/IP
                kernel software from FTP Software.

        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
                This is a commercial product available under license
                from:
                        SNMP Research
                        3001 Kimberlin Heights Road
                        Knoxville, TN  37920-9716
                        Attn:  John Southwood, Sales and Marketing
                        (615) 573-1434 (Voice)  (615) 573-9197 (FAX)

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
                users@seymour1.cs.utk.edu

Top       Page 103 
        Internet Tool Catalog                               NETscout

        NAME
                NETscout(tm)

        KEYWORDS
                Alarm, Analyzer, Manager, Status, Traffic;
                DECnet, Ethernet, IP, OSI, NFS, Ring, Star, Eavesdrop;
                NMS, SNMP;
                UNIX;

        ABSTRACT
                The NETscout family of distributed LAN Analyzer
                devices are intended to provide network users with a
                comprehensive capability to identify and isolate fault
                conditions in data communications networks.
                NETscout has the capability to collect wide ranging
                statistical data, to display selectively captured and
                fully decoded network traffic, to set user-defined
                alarm conditions, and to obtain real-time updates
                from all segments of a widely dispersed internetwork
                from a centralized SNMP-compatible network management
                console.

                The NETscout family is based on standards so that
                operation may be realized in heterogeneous networks
                which constitute a multi-protocol, multi-topology,
                multi-vendor environment.  The fundamental standards
                upon which NETscout is based are the Simple Network
                Management Protocol (SNMP), which defines the protocol
                for all inter-communications between NETscout devices,
                and the Remote Monitoring Management Information Base
                (RMON-MIB), which defines the type of information
                which is to be gathered and made available to the
                user for each network segment.

                NETscout clients provide a full array of monitoring
                and analysis features including intelligent seven
                level decoding of all majorprotocol stacks:

                DOD including TCP/IP    XNS       Novell
                DECNET including LAT    ISO       APPLETALK
                IBM Token Ring          Vines     NETBIOS/SMB
                SNMP including RMON-MIB SUN-NFS   SMT

                NETscout agents support all nine groups of the
                RMON-MIB standard.  NETscout agents can work with any
                SNMP-based network management system and currently

Top       Page 104 
                support Ethernet and Token Ring.

        MECHANISM
                The operation of the NETscout family is divided into
                two distinct subcategories.  The first is the "Client"
                which is the user console from which operational
                commands are issued and where all results and
                diagnostic information are displayed. In a NETscout
                topology it is feasible to have multiple clients
                active simultaneously within a single network.  The
                second category is the "Agent", a hardware/software
                device which is attached to a specific network
                segment and which gathers statistical information for
                that segment as well as providing a window into that
                segment where network traffic may be observed and
                gathered for more detailed user analysis.  A
                typical network will have multiple segments and
                multiple agents up to the point of having one agent
                for each logical network segment.

                NETscout Model 9210 is a software package which, when
                combined in a Sun SPARCstation in conjunction with
                SunNet Manager running under Open Windows, implements
                the NETscout client function.  SunNet Manager provides
                the background operational tools for client operation
                while the NETscout software provides
                application-specific functions related to RMON-MIB
                support as well as all software necessary to
                perform the protocol decode function.
                SunNet Manager also implements a network map file
                which includes a topographical display of the entire
                network and is the mechanism for selecting
                network elements to perform operations.

                NETscout Model 9215 is a software package that
                operates in conjunction with SunNet Manager and
                implements the statistics monitoring function only.
                That is, it does not include the protocol
                decode function or the mechanism to retrieve actual
                data from a remote agent.  It does, however, include
                complete statistics gathering and event and alarm
                generation.

                Frontier NETscout Models 9510 and 9515, and Model 9610
                and 9615 are agent software packages that implement
                selected network diagnostic functions when loaded into
                a Sun SPARCstation (9510, 9515) or a SynOptics
                LattisNet Hub (9610, 9615) respectively which is

Top       Page 105 
                connected to an Ethernet network segment
                using conventional network interface hardware.  Models
                9510 and 9610 support all nine RMON-MIB groups
                including "filters" and "packet capture" and thus
                provide for complete protocol monitoring and decode
                when used with a client
                equipped with protocol decode software.  Models 9515
                an 9615 include support for seven RMON-MIB groups
                which excludes "filters" and "data capture" and
                therefore perform network monitoring only through
                collection and presentation of network statistics,
                events, and alarms.  All models also support the MIB2
                system and interface groups.

                Frontier NETscout Models 9520 and 9525, and Model 9620
                and 9625 are agent software packages that are
                identical in function to their respective models
                described above except that they are for use on
                Token Ring segments.

        CAVEATS
                The RMON-MIB standard for Token Ring applications has
                not yet beenformally released and is not approved.
                NETscout products correspond to the latest draft for
                Token Ring functions and will be updated as
                required to conform to the standard as it is approved.

        BUGS
                None known.

        LIMITATIONS
                None reported.

        HARDWARE REQUIRED
                Sun SPARCstation or LattisNet Hub depending upon Model
                number.

        SOFTWARE REQUIRED
                Sun OS 4.1.1 for client and agent, SunNet Manager for
                client.

Top       Page 106 
        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
                NETscout products are available commercially.  For
                information regarding your local representative, contact:
                        Frontier Software Development, Inc.
                        1501 Main Street
                        Tewksbury, MA  01876
                        Phone:  508-851-8872
                        Fax: 508-851-6956

        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
                        Marketing
                        Frontier Software

Top       Page 107 
          Internet Tool Catalog                                NETSTAT

          NAME
               netstat

          KEYWORDS
               routing; IP; UNIX, VMS; free.

          ABSTRACT
               Netstat is a program that accesses network related data
               structures within the kernel, then provides an ASCII
               format at the terminal.  Netstat can provide reports on
               the routing table, TCP connections, TCP and UDP
               "listens", and protocol memory management.

          MECHANISM
               Netstat accesses operating system memory to read the
               kernel routing tables.

          CAVEATS
               Kernel data structures can change while netstat is run-
               ning.

          BUGS
               None known.

          LIMITATIONS
               None reported.

          HARDWARE REQUIRED
               No restrictions.

          SOFTWARE REQUIRED
               BSD UNIX or related OS, or VMS.

          AVAILABILITY
               Available via anonymous FTP from uunet.uu.net, in
               directory bsd-sources/src/ucb.  Available with 4.xBSD
               UNIX and related operating systems.  For VMS, available
               as part of TGV MultiNet IP software package, as well as
               Wollongong's WIN/TCP.

Top       Page 108 
          Internet Tool Catalog                     NETWORK_INTEGRATOR

          NAME
               Network Integrator I

          KEYWORDS
               map, traffic; ethernet; UNIX.

          ABSTRACT
               This tool monitors traffic on network segments.  All
               information is dumped to either a log file or, for
               real-time viewing, to a command tool window.  Data is
               time-stamped according to date and time.  Logging can
               continue for up to 24 hours.

               The tool is flexible in data collection and presenta-
               tion.  Traffic filters can be specified according to
               header values of numerous protocols, including those
               used by Apple, DEC, Sun, HP, and Apollo.  Bandwidth
               utilization can be monitored, as well as actual load
               and peak throughput.  Additionally, the Network
               Integrator can analyze a network's topology, and record
               the location of all operational nodes on a network.

               Data can be displayed in six separate formats of bar
               graphs.  In addition, there are several routines for
               producing statistical summaries of the data collected.

          MECHANISM
               The tools work through RPC and XDR calls.

          CAVEATS
               Although the tool adds only little traffic to a net-
               work, generation of statistics from captured files
               requires a significant portion of a workstation's CPU.

          BUGS
               None known.

          LIMITATIONS
               Must be root to run monitor.  There does not seem to be
               a limit to the number of nodes, since it monitors by
               segments.  The only major limitation is the amount of
               disk space that a user can commit to the log files.
               The size of the log files, however, can be controlled
               through the tool's parameters.

Top       Page 109 
          HARDWARE REQUIRED
               Sun3 or Sun4.

          SOFTWARE REQUIRED
               4.0BSD UNIX or greater, or related OS.

          AVAILABILITY
               Copyrighted, commercially available from
               Network Integrators,
               (408) 927-0412.

Top       Page 110 
        Internet Tool Catalog                               NFSwatch

        NAME
                nfswatch

        KEYWORDS
                Traffic; Ethernet, IP, NFS; Curses, Eavesdrop; UNIX;
                Free

        ABSTRACT
                Nfswatch monitors all incoming ethernet traffic to an
                NFS file server and divides it into several
                categories.  The number and percentage of packets
                received in each category is displayed on
                the screen in a continuously updated display.

                By default, nfswatch monitors all packets destined for
                the local host over a single network interface.
                Options are provided to specify the specific interface
                to be monitored, or all interfaces at once.  NFS
                traffic to the local host, to a remote host, from a
                specific host, between two hosts, or all NFS traffic
                on the network may be monitored.

                Categories of packets monitored and counted include:
                ND Read, ND Write, NFS Read, NFS Write, NFS Mount,
                Yellow Pages (NIS), RPC Authorization, Other RPC, TCP,
                UDP, ICMP, RIP, ARP, RARP, Ethernet Broadcast, and
                Other.

                Packets are also tallied either by file system or file
                (specific files may be watched as an option), NFS
                procedure name (RPC call), or NFS client hostname.

                Facilities for taking "snapshots" of the screen, as
                well as saving data to a log file for later analysis
                (the analysis tool is included) are also available.

        MECHANISM
                Nfswatch uses the Network Interface Tap, nit(4) under
                SunOS 4.x, and the Packet Filter, packetfilter(4),
                under Ultrix 4.x, to place the ethernet interface into
                promiscuous mode.  It filters out NFS packets, and
                decodes the file handles in order to determine how to
                count the packet.

Top       Page 111 
        CAVEATS
                Because the NFS file handle is a non-standard (server
                private) piece of data, nfswatch must be modified to
                understand file handles used by various
                implementations.  It currently knows
                about the SunOS 4.x and Ultrix file handle formats.

        BUGS
                Does not monitor FDDI interfaces.  (It should be a
                simple change, but neither author has access to a
                system with FDDI interfaces for testing.)

        LIMITATIONS
                Up to 256 exported file systems and 256 individual
                files can be monitored at any time.

                Only NFS requests are counted; the NFS traffic
                generated by a server in response to those packets
                is not counted.

        HARDWARE REQUIRED
                Any Ultrix system (VAX or DEC RISC hardware)

        SOFTWARE REQUIRED
                Ultrix release 4.0 or later.  For Ultrix 4.1, may
                require the patched "if_ln.o" kernel module, available
                from Digital's Customer Support Center.

        AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
                Copyrighted, but freely distributable.  Available via
                anonymous FTP from harbor.ecn.purdue.edu,
                ftp.erg.sri.com, and gatekeeper.dec.com, as well as
                numerous other sites around the Internet.  The current
                version is Version 3.0 from January 1991.

        Contact points:

        Dave Curry                              Jeff Mogul
        Purdue University                       Digital Equipment Corp.
        Engineering Computer Network            Western Research Laboratory
        1285 Electrical Engineering Bldg.       100 Hamilton Avenue
        West Lafayette, IN 47907-1285           Palo Alto, CA 94301
        davy@ecn.purdue.edu                     mogul@decwrl.dec.com


        CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
                Dave Curry (see address above).

Top       Page 112 
          Internet Tool Catalog                              NHFSSTONE

          NAME
               nhfsstone

          KEYWORDS
               benchmark, generator; NFS; spoof; UNIX; free.

          ABSTRACT
               Nhfsstone (pronounced n-f-s-stone, the "h" is silent)
               is an NFS benchmarking program.  It is used on an NFS
               client to generate an artificial load with a particular
               mix of NFS operations.  It reports the average response
               time of the server in milliseconds per call and the
               load in calls per second.  The nhfsstone distribution
               includes a script, "nhfsnums" that converts test
               results into plot(5) format so that they can be graphed
               using graph(1) and other tools.

          MECHANISM
               Nhfsstone is an NFS traffic generator.  It adjusts its
               calling patterns based on the client's kernel NFS
               statistics and the elapsed time.  Load can be generated
               over a given time or number of NFS calls.

          CAVEATS
               Nhfsstone will compete for system resources with other
               applications.

          BUGS
               None known.

          LIMITATIONS
               None reported.

          HARDWARE REQUIRED
               No restrictions.

          SOFTWARE REQUIRED
               4.xBSD-based UNIX

Top       Page 113 
          AVAILABILITY
               Available via anonymous FTP from bugs.cs.wisc.edu.
               Alternatively, Legato Systems will provide the program
               free of charge, if certain conditions are met.  Send
               name and both email and U.S. mail addresses to:
                    Legato Systems, Inc.
                    Nhfsstone
                    260 Sheridan Avenue
                    Palo Alto, California  94306

               A mailing list is maintained for regular information
               and bug fixes: nhfsstone@legato.com or
               uunet!legato.com!nhfsstone.  To join the list:
               nhfsstone-request@legato.com or
               uunet!legato.com!nhfsstone-request.

Top       Page 114 
          Internet Tool Catalog                                 NNSTAT

          NAME
               NNStat

          KEYWORDS
               manager, status, traffic; ethernet, IP; eavesdrop, NMS;
               UNIX; free.

          ABSTRACT
               NNStat is a collection of programs that provides an
               internet statistic collecting capability.  The NNStat
               strategy for statistic collection is to collect traffic
               statistics via a promiscuous ethernet tap on the local
               networks, versus instrumenting the gateways.  If all
               traffic entering or leaving a network or set of net-
               works traverses a local ethernet, then by stationing a
               statistic gathering agent on each local network a pro-
               file of network traffic can be gathered.  Statistical
               data is retrieved from the local agents by a global
               manager.

               A program called "statspy" performs the data gathering
               function.  Essentially, statspy reads all packets on an
               ethernet interface and records all information of
               interest.  Information of interest is gathered by exa-
               mining each packet and determining if the source or
               destination IP address is one that is being monitored,
               typically a gateway address.  If so then the contents
               of the packet are examined to see if they match further
               criteria.

               A program called "collect" performs global data collec-
               tion.  It periodically polls various statspy processes
               in the domain of interest to retrieve locally logged
               statistical data.

               The NNSTAT distribution comes with several sample awk
               programs which process the logged output of the collect
               program.

          MECHANISM
               Local agents (statspy processes) collect raw traffic
               data via a promiscuous ethernet tap.  Statistical, fil-
               tered or otherwise reduced data is retrieved from the
               local agents by a global manager (the "collect" pro-
               cess).

Top       Page 115 
          CAVEATS
               None.

          BUGS
               Bug fixes, extensions, and other pointers are discussed
               in the electronic mail forum, bytecounters.  To join,
               send a request to bytecounters-request@venera.isi.edu.
               Forum exchanges are archived in the file
               bytecounters/bytecounters.mail, available via anonymous
               FTP from venera.isi.edu.

          LIMITATIONS
               NNStat presumes a topology of one or more long haul
               networks gatewayed to local ethernets.

               A kernel mod required to run with SunOS4.  These mods
               are described in the bytecounters archive.

          HARDWARE REQUIRED
               Ethernet interface.  Sun 3, Sun 4 (SPARC), or PC RT
               workstation.

          SOFTWARE REQUIRED
               Distribution is for BSD UNIX, could easily be adapted
               to any UNIX with promiscuous ethernet support.

          AVAILABILITY
               Distribution is available via anonymous FTP from
               venera.isi.edu, in file pub/NNStat.tar.Z.  Documenta-
               tion is in pub/NNStat.userdoc.ms.Z.

Top       Page 116 
          Internet Tool Catalog                               NOCOL(8)

          NAME
               nocol - network monitoring tools for an IP network

          SYNOPSIS
               This is an overview of the NOCOL software.

          DESCRIPTION
               NOCOL (Network Operations Center On-Line) is a
               collection of network monitoring programs that run on
               Unix systems.  The software consists of a number of
               monitoring agents that poll various parameters from any
               system and put it in a format suitable for
               post-processing. The post-processors can be a display
               agent, an automated troubleshooting program, an
               event logging program, etc.  Presently, monitors for
               tracking reachability, SNMP traps, data throughput
               rate, and nameservers have been developed and are in
               use.  Addition of more monitoring agents is easy and
               they will be added as necessary.  A display agent-
               nocol(1) using curses has already been developed. Work
               on an "intelligent" module is currently in progress for
               event logging and some automatic troubleshooting.

               All data collected by the monitoring agents follows a
               fixed (non-readable) format. Each data entry is termed
               an event in NOCOL, and each event has certain flags and
               severity associated with it. The display agent
               nocol(1), displays the output of these monitoring
               agents depending on the severity of the event. There
               can be multiple displays running simultanously and
               all process the same set of monitored data.

               There are four levels of severity associated with an
               event- CRITICAL, ERROR, WARNING and INFO. The severity
               level is controlled independently by the monitoring
               agents, and the decision to raise or set an event's
               severity to any level depends on the logic imbedded in
               the monitoring agent.

               As an example, for the pingmon(8) monitor, if a site is
               unreachable via ping, it would be assigned a severity
               of WARNING by pingmon, which would then elevate to
               CRITICAL if the site is still unreachable after some
               time. In the case of trapmon(8), an SNMP trap message
               of EGP neighbor lost would be directly assigned a
               severity level of CRITICAL, while an Warm Start trap is

Top       Page 117 
               assigned a severity of WARNING.

               The display agent (and other data post-processors)
               would use this event severity to decide whether to
               display it (or troubleshoot/log it) depending on the
               user selected display severity level.

               The software is very flexible and allows enhancements
               and development with a minimum amount of effort. The
               display module processes all the files present in the
               data directory, and displays them sequentially. This
               allows new monitoring programs to simply start
               generating data in the data directory and the display
               module will automatically start displaying the new
               data. The monitoring tools can be changed, and the only
               element that has to remain common between all the
               modules is the EVENT data structure.

          CURRENT MODULES
               NOCOL presently consists of the following modules:

          nocol
               which simply displays the data collected by the
               monitoring agents.  It uses the curses screen
               management system to support a wide variety of terminal
               types. The criterion for displaying an event is:

               1. Severity level of the event is higher than the
                  severity level set in the display.

               2. The display filter (if set) matches some string in
                  the event line.

               The display can be in regular 80 column mode or in
               extended 132 column mode.  Critical events are
               displayed in reverse video (if the terminal type
               supports it). Additional features like displaying
               informational messages in a part of the window,
               automatic resizing window sizes, operator
               acknowledgement via a bell when a new event goes
               critical are also available.

          ippingmon
               which monitors the reachability of a site via "ICMP"
               ping packets (ICMP was preferred over SNMP for many
               obvious reasons). This program can use the default out-
               put from the system's ping program, but an accompanying
               program ( multiping) can ping multiple IP sites at the

Top       Page 118 
               same time and is preferable for monitoring a large list
               of sites.  A site is marked unreachable if a certain
               number of packets is lost, and the severity level is
               increased each time that the site tests unreachable.

          osipingmon
               which is similar to the ippingmon module but uses the
               OSI ping program instead. No multiple ping program for
               OSI sites has been developed at this time.  The only
               requirement is that the system's ping program output
               match the typical BSD IP ping program's output.

          nsmon
               which monitors the nameservers (named) on the list of
               specified hosts. It periodically sends an SOA query for
               the default domain and if the queried nameservers
               cannot resolve the query, then the site is elevated to
               CRITICAL status.

          tpmon
               For monitoring the throughput (kbits per second) to a
               list of hosts.  The program connects to the discard
               socket on the remote machine (using  a  STREAM  socket)
               and sends large packets for a small amount of time to
               evaluate the effective throughput. It elevates a site
               to WARNING level if the throughput drops below a
               certain threshold (set in the configuration file).

          trapmon
               Converts all SNMP traps into a format suitable for
               displaying using NOCOL.  The severity of the various
               traps is preset (and can be changed during compilation
               time).


     PLATFORM
          Any Unix system with the curses screen management library
          and IP (Internet Protocol) programming facility. It has been
          tested on Sun Sparc 4.1.1, Ultrix, and NeXT systems. Porting
          to other platforms might require minor adjustments depending
          on the vagaries of the different vendors (mostly in the
          include files).

     AVAILABILITY
          NOCOL was developed at JvNCnet and has been in use for
          monitoring the JvNCnet wide area network since 1989.
          It is available via anonymous FTP from ftp.jvnc.net under
          pub/jvncnet-packages/nocol.tar.Z.  The system running at

Top       Page 119 
          JvNCet can be viewed by logging into the host nocol.jvnc.net
          with username nocol (an rlogin instead of telnet will handle
          your X window terminal types better).
          To be added to the NOCOL mailing list (for future updates
          and bug fixes), send a message to nocol-users-
          request@jvnc.net with your email address.

     FUTURE DEVELOPMENTS

          Possible future enhancements are:

          1. Event logging.

          2. Addition of an automated  troubleshooting  mechanism
             when  a  site  severity  level  reaches a particular
             level.

          3. SNMP monitors to watch the state  of  certain  vari-
             ables  (interface  errors,  packet rate, route state
             changes).

     AUTHOR
          The software was developed at JvNCnet over a period of time.
          The overall design and initial development was done by Vikas
          Aggarwal and Sze-Ying Wuu.  Additional development is being
          done and coordinated by Vikas Aggarwal (vikas@jvnc.net).
          Copyright 1992 JvNCnet. (See the file COPYRIGHT for full
          details)

     SEE ALSO
          nocol(1) nocol(3) tpmon(8) tsmon(8) nsmon(8)


Next RFC Part