RFC 1470
FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices
Internet Tool Catalog MONET
NAME
MONET -- the Hughes LAN Systems SNMP Network Management
Center (formerly the Hughes LAN Systems 9100) software
product runs on a Sun SPARCStation hardware platform.
KEYWORDS
control, graphics, network topology,manager, routing,
status, traffic; bridge, configuration, performance,
alarm management, relational database, mib parser for
RDBMS, intelligent hub management, DECnet, ethernet,
IP; NMS, SNMP; UNIX.
ABSTRACT
Monet provides the capability to manage and control
SNMP-based networking products from any vendor including
those from Hughes LAN Systems.
A comprehensive relational database manages the data and
ensures easy access and control of resources throughout
the network.
Monet provides multivendor management through its
advanced Mib master MIB parser that allows the parsing
of enterprise MIBs (ASN.1 format per RFC1212) directly
into the RDBMS for use by Monet's applications.
Major features include:
Remote access with X:
Use of the X/Motif user-interface, enabling remote
access to the all applications.
Database Management
Stores and retrieves the information required to
administer and configure the network. It can be
used to:
- Store and recall configuration data for all
devices.
- Provide availability history for devices.
- Assign new internet addresses.
- Provide administrative information such as
physical location of devices, responsible
person, maintenance history, asset data,
hardware/software versions, etc.
- Full-function SQL interface.
- User-customizable RDBMS report generation.
Graphics and Network Mapping
The Graphics module enables the user to view the
nodes in the network as "dynamic" icons in
heirarchical maps. The network is represented by
these heirarchical maps. Though there is a
library of device icons, cities and geographical
maps included, the user has access to a
graphics editor that allows customizing and the
creation of new icons and maps.
A Device's icon may be selected to:
- Register/deregister the device,
- Access the open alarms and acknowledge
faults for the selected device,
- Ping the device to determine accessibility,
- Draw graphs of any of the device's numeric
MIB objects, either the values as retrieved
in real-time or the history values
previously stored in the RDBMS by the
Performance Manager,
- Telnet to the device,
- Customize the graphical dynamics (color,
fill, rotation, etc.) of the device's icon
by associating them to the values of the
device's MIB objects.
Configuration Management
- Retrieves configuration information from SNMP
devices.
- Stores device parameters in the RDBMS, with
common sets of parameters used for multiple
devices, or for multiple ports on a device,
stored only once in the RDBMS.
- Configures devices from the parameters stored in
the RDBMS, including those relating to TCP/IP,
DECnet and any other protocol/feature
configurable via SNMP.
- Polls devices to compare their current parameter
values with those in the database and produce
reports of the discrepancies.
- Collect data about the state of the network.
- Learn the parameters of the devices in the
network and populate the database.
Performance Management
- Displays local network traffic graphically, by
packet size, protocol, network utilization,
sources and destinations of packets, etc.
- Provides for the scheduling of jobs to retrieve
MIB values of a device and store them in the RDBMS
for review or summary reporting at a later time.
- Allows high/low thresholds to be set on retrieved
values with alarms generated when thresholds are
exceeded.
Fault Management
- Provides availability monitoring and indicates
potential problems.
- Creates alarms from received SNMP traps, and from
other internally-generated conditions,
- Records alarms in the alarm log in the RDBMS.
- Lists alarms for selected set of devices,
according to various filter conditions,
- Possible causes and suggested actions for the
alarms are listed.
- New alarms are indicated by a flashing icon and
optional audio alert.
- Visual indication of alarms bubbles up the network
map heirarchy.
- Cumulative reports can be produced.
Utilities Function
- View and/or terminate current NMC processes,
- Access to database maintenance utilities.
MECHANISM
SNMP.
CAVEATS
None reported.
BUGS
None known.
LIMITATIONS
Maximum number of nodes that can be monitored is
18,000. This can include Hosts, Terminal Servers, PCs,
Routers, and Bridges.
HARDWARE REQUIRED
The host for the NMC software is a Sun 4 desktop works-
tation. Recommended minimum hardware is the Sun IPX
Color workstation, with a 1/4" SCSI tape drive.
SOFTWARE REQUIRED
MONET V5.0, which is provided on 1/4" tape format, runs on
the Sun 4.1.1 Operating System.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
A commercial product of:
Hughes LAN Systems Inc.
1225 Charleston Road
Mountain View, CA 94043
Phone: (415) 966-7300
Fax: (415) 960-3738
RCA Telex: 276572
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
kishoret@msgate.hls.com
kzm@hls.com
Internet Tool Catalog NET_MONITOR
NAME
net_monitor
KEYWORDS
routing, status; DECnet, IP; curses, ping; UNIX, VMS;
free, sourcelib.
ABSTRACT
Net_monitor uses ICMP echo (and DECnet reachability
information on VAX/VMS) to monitor a network. The mon-
itoring is very simplistic, but has proved useful. It
periodically tests whether hosts are reachable and
reports the results in a full-screen display. It
groups hosts together in common sets. If all hosts in
a set become unreachable, it makes a lot of racket with
bells, since it assumes that this means that some com-
mon piece of hardware that supports that set has
failed. The periodicity of the tests, hosts to test,
and groupings of hosts are controlled with a single
configuration file.
The idea for this program came from the PC/IP monitor
facility, but is an entirely different program with
different functionality.
MECHANISM
Reachability is tested using ICMP echo facilities for
TCP/IP hosts (and DECnet reachability information on
VAX/VMS). A DECnet node is considered reachable if it
appears in the list of hosts in a "show network" com-
mand issued on a routing node.
CAVEATS
This facility has been found to be most useful when run
in a window on a workstation rather than on a terminal
connected to a host. It could be useful if ported to a
PC (looks easy using FTP Software's programming
libraries), but this has not been done. Curses is very
slow and cpu intensive on VMS, but the tool has been
run in a window on a VAXstation 2000. Just don't try
to run it on a terminal connected to a 11/750.
BUGS
None known.
LIMITATIONS
This tool is not meant to be a replacement for a more
comprehensive network management facility such as is
provided with SNMP.
HARDWARE REQUIRED
A host with a network connection.
SOFTWARE REQUIRED
Curses, 4.xBSD UNIX socket programming libraries (lim-
ited set) and some flavor of TCP/IP that supports ICMP
echo request (ping). It has been run on VAX/VMS run-
ning WIN/TCP and several flavors of 4BSD UNIX (includ-
ing SunOS 3.2, 4.0, and 4.3BSD). It could be ported to
any platform that provides a BSD-style programming li-
brary with an ICMP echo request facility and curses.
AVAILABILITY
Requests should be sent to the author:
Dale Smith
Asst Dir of Network Services
University of Oregon
Computing Center
Eugene, OR 97403-1211
Internet: dsmith@oregon.uoregon.edu.
BITNET: dsmith@oregon.bitnet
UUCP: ...hp-pcd!uoregon!dsmith
Voice: (503)686-4394
With the source code, a makefile is provided for most
any UNIX box and a VMS makefile compatible with the
make distributed with PMDF. A VMS DCL command file is
also provided, for use by those VMS sites without
"make."
The author will attempt to fix bugs, but no support is
promised. The tool is copyrighted, but free (for now).
Internet Tool Catalog NETLABS_CMOT_AGENT
NAME
Netlabs CMOT Agent
KEYWORDS
manager, status; IP, OSI; NMS.
ABSTRACT
Netlabs' CMOT code debuted in Interop 89. The CMOT
code comes with an Extensible MIB, which allows users
to add new MIB variables. The code currently supports
all the MIB variables in RFC 1095 via the data types in
RFC 1065, as well as the emerging MIB-II, which is
currently in experimental stage. The CMOT has been
benchmarked at 100 Management Operations per Second
(MOPS) for a 1-MIPS machine.
MECHANISM
The Netlabs CMOT agent supports the control and moni-
toring of network resources by use of CMOT message
exchanges.
CAVEATS
None.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
Portable to most hardware.
SOFTWARE REQUIRED
Portable to most operating systems.
AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)
Internet Tool Catalog NETLABS_DUAL_MANAGER
NAME
Dual Manager
KEYWORDS
alarm, control, manager, map, security, status; IP,
OSI; NMS, SNMP, X; UNIX; library.
ABSTRACT
Netlabs' Dual Manager provides management of TCP/IP
networks using both SNMP and CMOT protoocls. Such
management can be initiated either through the X-
Windows user interface (both Motif and Openlook), or
through OSI Network Management (CMIP) commands. The
Dual Manager provides for configuration, fault, secu-
rity and performance management. It provides extensive
map management features, including scanned maps in the
background. It provides simple mechanisms to extend
the MIB and assign specific lists of objects to
specific network elements, thereby providing for the
management of all vendors' specific MIB extensions. It
provides an optional relational DBMS for storing and
retrieving MIB and alarm information. Finally, the
Dual Manager is an open platform, in that it provides
several Application Programming Interfaces (APIs) for
users to extend the functionality of the Dual Manager.
The Dual Manager is expected to work as a TCP/IP
"branch manager" under DEC's EMA, AT&T's UNMA and other
OSI-conformant enterprise management architectures.
MECHANISM
The Netlabs Dual Manager supports the control and moni-
toring of network resources by use of both CMOT and
SNMP message exchanges.
CAVEATS
None.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
Runs on Sun/3 and Sun/4s.
SOFTWARE REQUIRED
Available on System V or SCO Open Desktop environments.
Uses X-Windows for the user interface.
AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)
Internet Tool Catalog NETLABS_SNMP_AGENT
NAME
Netlabs SNMP Agent.
KEYWORDS
manager, status; IP; NMS, SNMP.
ABSTRACT
Netlabs' SNMP code debuted in Interop 89, where it
showed interoperation of the code with several imple-
mentations on the show floor. The SNMP code comes with
an Extensible MIB, which allows users to add new MIB
variables. The code currently supports all the MIB
variables in RFC 1066 via the data types in RFC 1065,
as well as the emerging MIB-II, which is currently in
experimental stage. The SNMP has been benchmarked at
200 Management Operations per Second (MOPS) for a 1-
MIPS machine.
MECHANISM
The Netlabs SNMP agent supports the control and moni-
toring of network resources by use of SNMP message
exchanges.
CAVEATS
None.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
Portable to most hardware.
SOFTWARE REQUIRED
Portable to most operating systems.
AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)
Internet Tool Catalog NetMetrix-Load-Monitor
NAME
NetMetrix Load Monitor
KEYWORDS
alarm,traffic; Ethernet, FDDI, IP, Ring; Eavesdrop,
SNMP, X; UNIX;
ABSTRACT
The NetMetrix Load Monitor is a distributed
client-server monitoring tool for ethernet, token
ring, and FDDI networks. A unique "dual" architecture
provides compatibility with both RMON and X windows.
RMON allows interoperability and an enterprise-wide
view, while X windows enables much more powerful,
intelligent applications at remote segments and saves
network bandwidth.
The Load Monitor provides extensive traffic
statistics. It looks at load by time interval, source
node, destination node, application, protocol or
packet size. A powerful ZOOM feature allows extensive
correlational analysis which is displayed in a wide
variety of graphs and tables.
You can answer questions such as: Which sources are
generating most of the load on the network when it is
most heavily loaded and where is this load going?
Which source/destination pairs generate the most
traffic over the day? Where should bridges and
routers be located to optimally partition the network?
How much load do applications, like the X Windows
protocol, put on the network and who is generating that
load when it is the greatest.
A floating license allows easy access to the software
tool anywhere you need it.
MECHANISM
NetMetrix turns the network interface into promiscuous
mode to capture packets.
CAVEATS
none.
BUGS
none known.
LIMITATIONS
none.
HARDWARE REQUIRED
SPARC system
SOFTWARE REQUIRED
SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com
Government agencies please note that NetMetrix is on the GSA
schedule.
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com
Internet Tool Catalog NetMetrix-NFS-Monitor
NAME
NetMetrix NFS Monitor
KEYWORDS
traffic; Ethernet, FDDI, NFS, Ring; Eavesdrop, SNMP, X;
UNIX
ABSTRACT
The NetMetrix NFS Monitor is a distributed network
monitoring tool which monitors and graphs NFS load,
response time, retransmits, rejects and errors by
server, client, NFS procedure, or time
interval. Breakdown server activity by file system
and client activity by user.
A powerful ZOOM feature lets you correlate monitoring
variables. You can see client/server relationships,
compare server performance, evaluate NFS performance
enhancement strategies.
A floating license and the X Window protocol allows
monitoring of remote ethernet, token ring and FDDI
segments from a central enterprise-wide display.
MECHANISM
NetMetrix turns the network interface into promiscuous
mode to capture packets.
CAVEATS
none.
BUGS
none known.
LIMITATIONS
none.
HARDWARE REQUIRED
SPARC system
SOFTWARE REQUIRED
SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com
Government agencies please note that NetMetrix is on
the GSA schedule.
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com
Internet Tool Catalog NetMetrix-Protocol-Analyzer
NAME
NetMetrix Protocol Analyzer
KEYWORDS
alarm, analyzer, traffic; DECnet, DNS, Ethernet, FDDI,
IP, OSI, NFS, Ring, SMTP; Eavesdrop, SNMP, X; UNIX;
Library
ABSTRACT
The NetMetrix Protocol Analyzer is a distributed
client-server monitoring tool for ethernet, token
ring, and FDDI networks. A unique "dual" architecture
provides compatibility with both RMON and
X windows. RMON allows interoperability, while X
windows enables much more powerful, intelligent
applications at remote segments and saves network
bandwidth.
With the Protocol Analyzer, you can decode and display
packets as they are being captured. Extensive filters
let you sift through packets either before or after
trace capture. The capture filter may be specified by
source, destination between hosts, protocol, packet
size, pattern match, or by a complete expression using
an extensive filter expression language.
Full 7-layer packet decodes are available for all
major protocols including DECnet, Appletalk, Novell,
XNS, SNA, BANYAN, OSI and TCP/IP. The decodes for the
TCP/IP stack have all major protocols including NFS,
YP, DNS, SNMP, OSPF, etc.
Request and reply packets are matched. Packets can be
displayed in summary, detail or hex, with multiple
views to see packet dialogues side by side.
A complete developers' kit is available for custom
decodes.
A floating license allows easy acess to the software
tool anywhere you need it.
MECHANISM
NetMetrix turns the network interface into promiscuous
mode to capture packets.
CAVEATS
none.
BUGS
none known.
LIMITATIONS
none.
HARDWARE REQUIRED
SPARC system
SOFTWARE REQUIRED
SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com
Government agencies please note that NetMetrix is on the
GSA schedule.
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com
Internet Tool Catalog NetMetrix-Traffic-Generator
NAME
NetMetrix Traffic Generator
KEYWORDS
Debugger, Generator, Traffic; Ethernet, FDDI, IP,
Ring; Eavesdrop, SNMP, X; UNIX; Library
ABSTRACT
The NetMetrix Traffic Generator is a distributed
software tool which allows you to simulate network
load or test packet dialogues between nodes on your
ethernet, token ring, or FDDI segments. The Traffic
Generator can also be used to test and validate
management station alarms, routers, bridges, hubs, etc.
An easy-to-use programming interface provides complete
flexibility over variables such as bandwidth, packet
sequence, and conditional responses.
A floating license and the X Window System protocol
allows testing of remote ethernet, token ring and FDDI
segments from a central console.
MECHANISM
NetMetrix turns the network interface into promiscuous
mode to capture packets.
CAVEATS
none.
BUGS
none known.
LIMITATIONS
none.
HARDWARE REQUIRED
SPARC system
SOFTWARE REQUIRED
SunOS 4.0 or higher
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com
Government agencies please note that NetMetrix is on
the GSA schedule.
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com
Internet Tool Catalog NETMON_MITRE
NAME
NETMON and iptrace
KEYWORDS
traffic; IP; eavesdrop; UNIX; free.
ABSTRACT
NETMON is a facility to enable communication of net-
working events from the BSD UNIX operating system to a
user-level network monitoring or management program.
Iptrace is a program interfacing to NETMON which logs
TCP-IP traffic for performance measurement and gateway
monitoring. It is easy to build other NETMON-based
tools using iptrace as a model.
NETMON resides in the 4.3BSD UNIX kernel. It is
independent of hardware-specific code in UNIX. It is
transparent to protocol and network type, having no
internal assumptions about the network protocols being
recorded. It is installed in BSD-like kernels by
adding a standard function call (probe) to a few points
in the input and output routines of the protocols to be
logged.
NETMON is analogous to Sun Microsystems' NIT, but the
interface tap function is extended by recording more
context information. Aside from the timestamp, the
choice of information recorded is up to the installer
of the probes. The NETMON probes added to the BSD IP
code supplied with the distribution include as context:
input and output queue lengths, identification of the
network interface, and event codes labeling packet dis-
cards. (The NETMON distribution is geared towards
measuring the performance of BSD networking protocols
in an IP gateway).
NETMON is designed so that it can reside within the
monitored system with minimal interference to the net-
work processing. The estimated and measured overhead
is around five percent of packet processing.
The user-level tool "iptrace" is provided with NETMON.
This program logs IP traffic, either at IP-level only,
or as it passes through the network interface drivers
as well. As a separate function, iptrace produces a
host traffic matrix output. Its third type of output
is abbreviated sampling, in which only a pre-set number
of packets from each new host pair is logged. The
three output types are configured dynamically, in any
combination.
OSITRACE, another logging tool with a NETMON interface,
is available separately (and documented in a separate
entry in this catalog).
MECHANISM
Access to the information logged by NETMON is through a
UNIX special file, /dev/netmon. User reads are blocked
until the buffer reaches a configurable level of full-
ness.
Several other parameters of NETMON can be tuned at com-
pile time. A diagnostic program, netmonstat, is
included in the distribution.
CAVEATS
None.
BUGS
Bug reports and questions should be addressed to:
ie-tools@gateway.mitre.org
Requests to join this mailing list:
ie-tools-request@gateway.mitre.org
Questions and suggestions can also be directed to:
Allison Mankin (703)883-7907
mankin@gateway.mitre.org
LIMITATIONS
A NETMON interface for tcpdump and other UNIX protocol
analyzers is not included, but it is simple to write.
NETMON probes for a promiscuous ethernet interface are
similarly not included.
HARDWARE REQUIRED
No restrictions.
SOFTWARE REQUIRED
BSD UNIX-like network protocols or the ability to
install the BSD publicly available network protocols in
the system to be monitored.
AVAILABILITY
The NETMON distribution is available by anonymous FTP
in pub/netmon.tar or pub/netmon.tar.Z from aelred-
3.ie.org. A short user's and installation guide,
NETMON.doc, is available in the same location. The
NETMON distribution is provided "as is" and requires
retention of a copyright text in code derived from it.
It is copyrighted by the MITRE-Washington Networking
Center.
Internet Tool Catalog NETMON_WINDOWS_SNMP_RESEARCH
NAME
NETMON for Windows -- an SNMP-based network management
tool that runs under Microsoft Windows 3.0 from SNMP
Research.
KEYWORDS
alarm, control, manager, map, routing;
DECnet, Ethernet, IP, OSI, ring, star;
NMS, SNMP;
DOS;
sourcelib.
ABSTRACT
The NETMON application implements a powerful network
management station based on a low-cost DOS platform.
NETMON's network management tools for configuration,
performance, security, and fault management have been
used successfully with a wide assortment of wide- and
local-area-network topologies and medias. Multiprotocol
devices are supported including those using TCP/IP,
DECnet, and OSI protocols.
Some features of NETMON's network management tools include:
o Fault management tool displays a map of the network
configuration with node and link state indicated
in one of several colors to indicate current status;
o Configuration management tool may be used to edit the
network management information base stored in the
NMS to reflect changes occurring in the network;
o Graphs and tabular tools for use in fault and performance
management;
o Mechanisms by which additional variables, such as vendor-
specific variables, may be added;
o Alarms may be enabled to alert the operator of events
occurring in the network;
o Events are logged to disk;
o Output data may be transferred via flat files for
additional report generation by a variety of
statistical packages.
The NETMON application comes complete with source code
including a powerful set of portable libraries for generating
and parsing SNMP messages.
MECHANISM
The NETMON for Windows application is based on the
Simple Network Management Protocol (SNMP). Polling is
performed via the powerful SNMP get-next operator and
the SNMP get operator. Trap directed polling is used
to regulate the focus and intensity of the polling.
CAVEATS
None.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
The minimum system is a IBM 386 computer, or
compatible, with hard disk drive.
SOFTWARE REQUIRED
DOS 5.0 or later, Windows 3.0 in 386 mode, and TCP/IP
kernel software from FTP Software.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
This is a commercial product available under license
from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing
(615) 573-1434 (Voice) (615) 573-9197 (FAX)
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu
Internet Tool Catalog NETscout
NAME
NETscout(tm)
KEYWORDS
Alarm, Analyzer, Manager, Status, Traffic;
DECnet, Ethernet, IP, OSI, NFS, Ring, Star, Eavesdrop;
NMS, SNMP;
UNIX;
ABSTRACT
The NETscout family of distributed LAN Analyzer
devices are intended to provide network users with a
comprehensive capability to identify and isolate fault
conditions in data communications networks.
NETscout has the capability to collect wide ranging
statistical data, to display selectively captured and
fully decoded network traffic, to set user-defined
alarm conditions, and to obtain real-time updates
from all segments of a widely dispersed internetwork
from a centralized SNMP-compatible network management
console.
The NETscout family is based on standards so that
operation may be realized in heterogeneous networks
which constitute a multi-protocol, multi-topology,
multi-vendor environment. The fundamental standards
upon which NETscout is based are the Simple Network
Management Protocol (SNMP), which defines the protocol
for all inter-communications between NETscout devices,
and the Remote Monitoring Management Information Base
(RMON-MIB), which defines the type of information
which is to be gathered and made available to the
user for each network segment.
NETscout clients provide a full array of monitoring
and analysis features including intelligent seven
level decoding of all majorprotocol stacks:
DOD including TCP/IP XNS Novell
DECNET including LAT ISO APPLETALK
IBM Token Ring Vines NETBIOS/SMB
SNMP including RMON-MIB SUN-NFS SMT
NETscout agents support all nine groups of the
RMON-MIB standard. NETscout agents can work with any
SNMP-based network management system and currently
support Ethernet and Token Ring.
MECHANISM
The operation of the NETscout family is divided into
two distinct subcategories. The first is the "Client"
which is the user console from which operational
commands are issued and where all results and
diagnostic information are displayed. In a NETscout
topology it is feasible to have multiple clients
active simultaneously within a single network. The
second category is the "Agent", a hardware/software
device which is attached to a specific network
segment and which gathers statistical information for
that segment as well as providing a window into that
segment where network traffic may be observed and
gathered for more detailed user analysis. A
typical network will have multiple segments and
multiple agents up to the point of having one agent
for each logical network segment.
NETscout Model 9210 is a software package which, when
combined in a Sun SPARCstation in conjunction with
SunNet Manager running under Open Windows, implements
the NETscout client function. SunNet Manager provides
the background operational tools for client operation
while the NETscout software provides
application-specific functions related to RMON-MIB
support as well as all software necessary to
perform the protocol decode function.
SunNet Manager also implements a network map file
which includes a topographical display of the entire
network and is the mechanism for selecting
network elements to perform operations.
NETscout Model 9215 is a software package that
operates in conjunction with SunNet Manager and
implements the statistics monitoring function only.
That is, it does not include the protocol
decode function or the mechanism to retrieve actual
data from a remote agent. It does, however, include
complete statistics gathering and event and alarm
generation.
Frontier NETscout Models 9510 and 9515, and Model 9610
and 9615 are agent software packages that implement
selected network diagnostic functions when loaded into
a Sun SPARCstation (9510, 9515) or a SynOptics
LattisNet Hub (9610, 9615) respectively which is
connected to an Ethernet network segment
using conventional network interface hardware. Models
9510 and 9610 support all nine RMON-MIB groups
including "filters" and "packet capture" and thus
provide for complete protocol monitoring and decode
when used with a client
equipped with protocol decode software. Models 9515
an 9615 include support for seven RMON-MIB groups
which excludes "filters" and "data capture" and
therefore perform network monitoring only through
collection and presentation of network statistics,
events, and alarms. All models also support the MIB2
system and interface groups.
Frontier NETscout Models 9520 and 9525, and Model 9620
and 9625 are agent software packages that are
identical in function to their respective models
described above except that they are for use on
Token Ring segments.
CAVEATS
The RMON-MIB standard for Token Ring applications has
not yet beenformally released and is not approved.
NETscout products correspond to the latest draft for
Token Ring functions and will be updated as
required to conform to the standard as it is approved.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
Sun SPARCstation or LattisNet Hub depending upon Model
number.
SOFTWARE REQUIRED
Sun OS 4.1.1 for client and agent, SunNet Manager for
client.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
NETscout products are available commercially. For
information regarding your local representative, contact:
Frontier Software Development, Inc.
1501 Main Street
Tewksbury, MA 01876
Phone: 508-851-8872
Fax: 508-851-6956
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Marketing
Frontier Software
Internet Tool Catalog NETSTAT
NAME
netstat
KEYWORDS
routing; IP; UNIX, VMS; free.
ABSTRACT
Netstat is a program that accesses network related data
structures within the kernel, then provides an ASCII
format at the terminal. Netstat can provide reports on
the routing table, TCP connections, TCP and UDP
"listens", and protocol memory management.
MECHANISM
Netstat accesses operating system memory to read the
kernel routing tables.
CAVEATS
Kernel data structures can change while netstat is run-
ning.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
No restrictions.
SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.
AVAILABILITY
Available via anonymous FTP from uunet.uu.net, in
directory bsd-sources/src/ucb. Available with 4.xBSD
UNIX and related operating systems. For VMS, available
as part of TGV MultiNet IP software package, as well as
Wollongong's WIN/TCP.
Internet Tool Catalog NETWORK_INTEGRATOR
NAME
Network Integrator I
KEYWORDS
map, traffic; ethernet; UNIX.
ABSTRACT
This tool monitors traffic on network segments. All
information is dumped to either a log file or, for
real-time viewing, to a command tool window. Data is
time-stamped according to date and time. Logging can
continue for up to 24 hours.
The tool is flexible in data collection and presenta-
tion. Traffic filters can be specified according to
header values of numerous protocols, including those
used by Apple, DEC, Sun, HP, and Apollo. Bandwidth
utilization can be monitored, as well as actual load
and peak throughput. Additionally, the Network
Integrator can analyze a network's topology, and record
the location of all operational nodes on a network.
Data can be displayed in six separate formats of bar
graphs. In addition, there are several routines for
producing statistical summaries of the data collected.
MECHANISM
The tools work through RPC and XDR calls.
CAVEATS
Although the tool adds only little traffic to a net-
work, generation of statistics from captured files
requires a significant portion of a workstation's CPU.
BUGS
None known.
LIMITATIONS
Must be root to run monitor. There does not seem to be
a limit to the number of nodes, since it monitors by
segments. The only major limitation is the amount of
disk space that a user can commit to the log files.
The size of the log files, however, can be controlled
through the tool's parameters.
HARDWARE REQUIRED
Sun3 or Sun4.
SOFTWARE REQUIRED
4.0BSD UNIX or greater, or related OS.
AVAILABILITY
Copyrighted, commercially available from
Network Integrators,
(408) 927-0412.
Internet Tool Catalog NFSwatch
NAME
nfswatch
KEYWORDS
Traffic; Ethernet, IP, NFS; Curses, Eavesdrop; UNIX;
Free
ABSTRACT
Nfswatch monitors all incoming ethernet traffic to an
NFS file server and divides it into several
categories. The number and percentage of packets
received in each category is displayed on
the screen in a continuously updated display.
By default, nfswatch monitors all packets destined for
the local host over a single network interface.
Options are provided to specify the specific interface
to be monitored, or all interfaces at once. NFS
traffic to the local host, to a remote host, from a
specific host, between two hosts, or all NFS traffic
on the network may be monitored.
Categories of packets monitored and counted include:
ND Read, ND Write, NFS Read, NFS Write, NFS Mount,
Yellow Pages (NIS), RPC Authorization, Other RPC, TCP,
UDP, ICMP, RIP, ARP, RARP, Ethernet Broadcast, and
Other.
Packets are also tallied either by file system or file
(specific files may be watched as an option), NFS
procedure name (RPC call), or NFS client hostname.
Facilities for taking "snapshots" of the screen, as
well as saving data to a log file for later analysis
(the analysis tool is included) are also available.
MECHANISM
Nfswatch uses the Network Interface Tap, nit(4) under
SunOS 4.x, and the Packet Filter, packetfilter(4),
under Ultrix 4.x, to place the ethernet interface into
promiscuous mode. It filters out NFS packets, and
decodes the file handles in order to determine how to
count the packet.
CAVEATS
Because the NFS file handle is a non-standard (server
private) piece of data, nfswatch must be modified to
understand file handles used by various
implementations. It currently knows
about the SunOS 4.x and Ultrix file handle formats.
BUGS
Does not monitor FDDI interfaces. (It should be a
simple change, but neither author has access to a
system with FDDI interfaces for testing.)
LIMITATIONS
Up to 256 exported file systems and 256 individual
files can be monitored at any time.
Only NFS requests are counted; the NFS traffic
generated by a server in response to those packets
is not counted.
HARDWARE REQUIRED
Any Ultrix system (VAX or DEC RISC hardware)
SOFTWARE REQUIRED
Ultrix release 4.0 or later. For Ultrix 4.1, may
require the patched "if_ln.o" kernel module, available
from Digital's Customer Support Center.
AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
Copyrighted, but freely distributable. Available via
anonymous FTP from harbor.ecn.purdue.edu,
ftp.erg.sri.com, and gatekeeper.dec.com, as well as
numerous other sites around the Internet. The current
version is Version 3.0 from January 1991.
Contact points:
Dave Curry Jeff Mogul
Purdue University Digital Equipment Corp.
Engineering Computer Network Western Research Laboratory
1285 Electrical Engineering Bldg. 100 Hamilton Avenue
West Lafayette, IN 47907-1285 Palo Alto, CA 94301
davy@ecn.purdue.edu mogul@decwrl.dec.com
CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Dave Curry (see address above).
Internet Tool Catalog NHFSSTONE
NAME
nhfsstone
KEYWORDS
benchmark, generator; NFS; spoof; UNIX; free.
ABSTRACT
Nhfsstone (pronounced n-f-s-stone, the "h" is silent)
is an NFS benchmarking program. It is used on an NFS
client to generate an artificial load with a particular
mix of NFS operations. It reports the average response
time of the server in milliseconds per call and the
load in calls per second. The nhfsstone distribution
includes a script, "nhfsnums" that converts test
results into plot(5) format so that they can be graphed
using graph(1) and other tools.
MECHANISM
Nhfsstone is an NFS traffic generator. It adjusts its
calling patterns based on the client's kernel NFS
statistics and the elapsed time. Load can be generated
over a given time or number of NFS calls.
CAVEATS
Nhfsstone will compete for system resources with other
applications.
BUGS
None known.
LIMITATIONS
None reported.
HARDWARE REQUIRED
No restrictions.
SOFTWARE REQUIRED
4.xBSD-based UNIX
AVAILABILITY
Available via anonymous FTP from bugs.cs.wisc.edu.
Alternatively, Legato Systems will provide the program
free of charge, if certain conditions are met. Send
name and both email and U.S. mail addresses to:
Legato Systems, Inc.
Nhfsstone
260 Sheridan Avenue
Palo Alto, California 94306
A mailing list is maintained for regular information
and bug fixes: nhfsstone@legato.com or
uunet!legato.com!nhfsstone. To join the list:
nhfsstone-request@legato.com or
uunet!legato.com!nhfsstone-request.
Internet Tool Catalog NNSTAT
NAME
NNStat
KEYWORDS
manager, status, traffic; ethernet, IP; eavesdrop, NMS;
UNIX; free.
ABSTRACT
NNStat is a collection of programs that provides an
internet statistic collecting capability. The NNStat
strategy for statistic collection is to collect traffic
statistics via a promiscuous ethernet tap on the local
networks, versus instrumenting the gateways. If all
traffic entering or leaving a network or set of net-
works traverses a local ethernet, then by stationing a
statistic gathering agent on each local network a pro-
file of network traffic can be gathered. Statistical
data is retrieved from the local agents by a global
manager.
A program called "statspy" performs the data gathering
function. Essentially, statspy reads all packets on an
ethernet interface and records all information of
interest. Information of interest is gathered by exa-
mining each packet and determining if the source or
destination IP address is one that is being monitored,
typically a gateway address. If so then the contents
of the packet are examined to see if they match further
criteria.
A program called "collect" performs global data collec-
tion. It periodically polls various statspy processes
in the domain of interest to retrieve locally logged
statistical data.
The NNSTAT distribution comes with several sample awk
programs which process the logged output of the collect
program.
MECHANISM
Local agents (statspy processes) collect raw traffic
data via a promiscuous ethernet tap. Statistical, fil-
tered or otherwise reduced data is retrieved from the
local agents by a global manager (the "collect" pro-
cess).
CAVEATS
None.
BUGS
Bug fixes, extensions, and other pointers are discussed
in the electronic mail forum, bytecounters. To join,
send a request to bytecounters-request@venera.isi.edu.
Forum exchanges are archived in the file
bytecounters/bytecounters.mail, available via anonymous
FTP from venera.isi.edu.
LIMITATIONS
NNStat presumes a topology of one or more long haul
networks gatewayed to local ethernets.
A kernel mod required to run with SunOS4. These mods
are described in the bytecounters archive.
HARDWARE REQUIRED
Ethernet interface. Sun 3, Sun 4 (SPARC), or PC RT
workstation.
SOFTWARE REQUIRED
Distribution is for BSD UNIX, could easily be adapted
to any UNIX with promiscuous ethernet support.
AVAILABILITY
Distribution is available via anonymous FTP from
venera.isi.edu, in file pub/NNStat.tar.Z. Documenta-
tion is in pub/NNStat.userdoc.ms.Z.
Internet Tool Catalog NOCOL(8)
NAME
nocol - network monitoring tools for an IP network
SYNOPSIS
This is an overview of the NOCOL software.
DESCRIPTION
NOCOL (Network Operations Center On-Line) is a
collection of network monitoring programs that run on
Unix systems. The software consists of a number of
monitoring agents that poll various parameters from any
system and put it in a format suitable for
post-processing. The post-processors can be a display
agent, an automated troubleshooting program, an
event logging program, etc. Presently, monitors for
tracking reachability, SNMP traps, data throughput
rate, and nameservers have been developed and are in
use. Addition of more monitoring agents is easy and
they will be added as necessary. A display agent-
nocol(1) using curses has already been developed. Work
on an "intelligent" module is currently in progress for
event logging and some automatic troubleshooting.
All data collected by the monitoring agents follows a
fixed (non-readable) format. Each data entry is termed
an event in NOCOL, and each event has certain flags and
severity associated with it. The display agent
nocol(1), displays the output of these monitoring
agents depending on the severity of the event. There
can be multiple displays running simultanously and
all process the same set of monitored data.
There are four levels of severity associated with an
event- CRITICAL, ERROR, WARNING and INFO. The severity
level is controlled independently by the monitoring
agents, and the decision to raise or set an event's
severity to any level depends on the logic imbedded in
the monitoring agent.
As an example, for the pingmon(8) monitor, if a site is
unreachable via ping, it would be assigned a severity
of WARNING by pingmon, which would then elevate to
CRITICAL if the site is still unreachable after some
time. In the case of trapmon(8), an SNMP trap message
of EGP neighbor lost would be directly assigned a
severity level of CRITICAL, while an Warm Start trap is
assigned a severity of WARNING.
The display agent (and other data post-processors)
would use this event severity to decide whether to
display it (or troubleshoot/log it) depending on the
user selected display severity level.
The software is very flexible and allows enhancements
and development with a minimum amount of effort. The
display module processes all the files present in the
data directory, and displays them sequentially. This
allows new monitoring programs to simply start
generating data in the data directory and the display
module will automatically start displaying the new
data. The monitoring tools can be changed, and the only
element that has to remain common between all the
modules is the EVENT data structure.
CURRENT MODULES
NOCOL presently consists of the following modules:
nocol
which simply displays the data collected by the
monitoring agents. It uses the curses screen
management system to support a wide variety of terminal
types. The criterion for displaying an event is:
1. Severity level of the event is higher than the
severity level set in the display.
2. The display filter (if set) matches some string in
the event line.
The display can be in regular 80 column mode or in
extended 132 column mode. Critical events are
displayed in reverse video (if the terminal type
supports it). Additional features like displaying
informational messages in a part of the window,
automatic resizing window sizes, operator
acknowledgement via a bell when a new event goes
critical are also available.
ippingmon
which monitors the reachability of a site via "ICMP"
ping packets (ICMP was preferred over SNMP for many
obvious reasons). This program can use the default out-
put from the system's ping program, but an accompanying
program ( multiping) can ping multiple IP sites at the
same time and is preferable for monitoring a large list
of sites. A site is marked unreachable if a certain
number of packets is lost, and the severity level is
increased each time that the site tests unreachable.
osipingmon
which is similar to the ippingmon module but uses the
OSI ping program instead. No multiple ping program for
OSI sites has been developed at this time. The only
requirement is that the system's ping program output
match the typical BSD IP ping program's output.
nsmon
which monitors the nameservers (named) on the list of
specified hosts. It periodically sends an SOA query for
the default domain and if the queried nameservers
cannot resolve the query, then the site is elevated to
CRITICAL status.
tpmon
For monitoring the throughput (kbits per second) to a
list of hosts. The program connects to the discard
socket on the remote machine (using a STREAM socket)
and sends large packets for a small amount of time to
evaluate the effective throughput. It elevates a site
to WARNING level if the throughput drops below a
certain threshold (set in the configuration file).
trapmon
Converts all SNMP traps into a format suitable for
displaying using NOCOL. The severity of the various
traps is preset (and can be changed during compilation
time).
PLATFORM
Any Unix system with the curses screen management library
and IP (Internet Protocol) programming facility. It has been
tested on Sun Sparc 4.1.1, Ultrix, and NeXT systems. Porting
to other platforms might require minor adjustments depending
on the vagaries of the different vendors (mostly in the
include files).
AVAILABILITY
NOCOL was developed at JvNCnet and has been in use for
monitoring the JvNCnet wide area network since 1989.
It is available via anonymous FTP from ftp.jvnc.net under
pub/jvncnet-packages/nocol.tar.Z. The system running at
JvNCet can be viewed by logging into the host nocol.jvnc.net
with username nocol (an rlogin instead of telnet will handle
your X window terminal types better).
To be added to the NOCOL mailing list (for future updates
and bug fixes), send a message to nocol-users-
request@jvnc.net with your email address.
FUTURE DEVELOPMENTS
Possible future enhancements are:
1. Event logging.
2. Addition of an automated troubleshooting mechanism
when a site severity level reaches a particular
level.
3. SNMP monitors to watch the state of certain vari-
ables (interface errors, packet rate, route state
changes).
AUTHOR
The software was developed at JvNCnet over a period of time.
The overall design and initial development was done by Vikas
Aggarwal and Sze-Ying Wuu. Additional development is being
done and coordinated by Vikas Aggarwal (vikas@jvnc.net).
Copyright 1992 JvNCnet. (See the file COPYRIGHT for full
details)
SEE ALSO
nocol(1) nocol(3) tpmon(8) tsmon(8) nsmon(8)
(next page on part 4)
