summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc1147.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc1147.txt')
-rw-r--r--doc/rfc/rfc1147.txt9915
1 files changed, 9915 insertions, 0 deletions
diff --git a/doc/rfc/rfc1147.txt b/doc/rfc/rfc1147.txt
new file mode 100644
index 0000000..ef79a99
--- /dev/null
+++ b/doc/rfc/rfc1147.txt
@@ -0,0 +1,9915 @@
+
+
+
+
+
+
+ Network Working Group R. Stine, Editor
+ Request for Comments: 1147 SPARTA, Inc.
+ FYI: 2 April 1990
+
+
+ FYI on a Network Management Tool Catalog:
+ Tools for Monitoring and Debugging TCP/IP Internets
+ and Interconnected Devices
+
+
+ Status of this Memo
+
+ The goal of this FYI memo is to provide practical informa-
+ tion to site administrators and network managers. This memo
+ provides information for the Internet community. It does
+ not specify any standard. It is not a statement of IAB pol-
+ icy or recommendations. Comments, critiques, and new or
+ updated tool descriptions are welcome, and should be sent to
+ Robert Stine, at stine@sparta.com, or to the NOCTools work-
+ ing group, at noctools@merit.edu.
+
+ Distribution of this memo is unlimited.
+
+ 1. Introduction
+
+ This catalog contains descriptions of several tools avail-
+ able to assist network managers in debugging and maintaining
+ TCP/IP internets and interconnected communications
+ resources. Entries in the catalog tell what a tool does,
+ how it works, and how it can be obtained.
+
+ The NOCTools Working Group of the Internet Engineering Task
+ Force (IETF) compiled this catalog in 1989. Future editions
+ will be produced as IETF members become aware of tools that
+ should be included, and of deficiencies or inaccuracies.
+ Developing an edition oriented to the OSI protocol suite is
+ also contemplated.
+
+ The tools described in this catalog are in no way endorsed
+ by the IETF. For the most part, we have neither evaluated
+ the tools in this catalog, nor validated their descriptions.
+ Most of the descriptions of commercial tools have been pro-
+ vided by vendors. Caveat Emptor.
+
+ 1.1 Purpose
+
+ The practice of re-inventing the wheel seems endemic to the
+ field of data communications. The primary goal of this
+
+
+
+ IETF NOCTools Working Group [Page 1]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ document is to fight that tendency in a small but useful
+ way. By listing the capabilities of some of the available
+ network management tools, we hope to pool and share
+ knowledge and experience. Another goal of this catalog is
+ to show those new in the field what can be done to manage
+ internet sites. A network management tutorial at the end of
+ the document is of further assistance in this area.
+ Finally, by omission, this catalog points out the network
+ management tools that are needed, but do not yet exist.
+
+ There are other sources of information on available network
+ management tools. Both the DDN Protocol Implementation and
+ Vendors Guide and the DATAPRO series on data communications
+ and LANs are particularly comprehensive and informative.
+ The DDN Protocol Implementation and Vendors Guide addresses
+ a wide range of internet management topics, including
+ evaluations of protocol implementations and network
+ analyzers.* The DATAPRO volumes, though expensive (check
+ your local university or technical libraries!), are good
+ surveys of available commercial products for network manage-
+ ment. DATAPRO also includes tutorials, market analyses,
+ product evaluations, and predictions on technology trends.
+
+ 1.2 Scope
+
+ The tools described in this document are used for managing
+ the network resources, LANs, and devices that are commonly
+ interconnected by TCP/IP internets. This document is not,
+ however, a "how to" manual on network management. While it
+ includes a tutorial, the coverage is much too brief and gen-
+ eral to serve as a sole source: a great deal of further
+ study is required of aspiring network managers. Neither is
+ this catalog is an operations manual for particular tools.
+ Each individual tool entry is brief, and emphasizes the uses
+ to which a tool can be put. A tool's documentation, which
+ in some cases runs to hundreds of pages, should be consulted
+ for assistance in its installation and operation.
+
+ 1.3 Overview
+
+ Section 1 describes the purpose, scope, and organization of
+ this catalog.
+
+ Section 2 lists and explains the standard keywords used in
+ _________________________
+ * Instructions for obtaining the DDN Protocol Guide are
+ given in Section 7 of the appendix.
+
+
+
+
+ IETF NOCTools Working Group [Page 2]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ the tool descriptions. The keywords can be used as a sub-
+ ject index into the catalog.
+
+ Section 3, the main body of the catalog, contains the
+ entries describing network management tools. The tool
+ entries in Section 3 are presented in alphabetical order, by
+ tool name. The tool descriptions all follow a standard for-
+ mat, described in the introduction to Section 3.
+
+ Following the catalog, there is an appendix that contains a
+ tutorial on the goals and practice of network management.
+
+ 1.4 Acknowledgements
+
+ The compilation and editing of this catalog was sponsored by
+ the Defense Communications Engineering Center (DCEC), con-
+ tract DCA100-89-C-0001. The effort grew out of an initial
+ task to survey current internet management tools. The cata-
+ log is largely, however, the result of volunteer labor on
+ the part of the NOCTools Working Group, the User Services
+ Working Group, and many others. Without these volunteer
+ contributions, the catalog would not exist. The support
+ from the Internet community for this endeavor has been
+ extremely gratifying.
+
+ Several individuals made especially notable contributions.
+ Mike Patton, Paul Holbrook, Mark Fedor and Gary Malkin were
+ particularly helpful in composition and editorial review,
+ while Dave Crocker provided essential guidance and
+ encouragement. Bob Enger was active from the first with the
+ gut work of chairing the Working Group and building the
+ catalog. Phill Gross helped to christen the NOCTools Work-
+ ing Group, to define its scope and goals, and to establish
+ its role in the IETF. Mike Little contributed the formative
+ idea of enhancing and publicizing the management tool survey
+ through IETF participation.
+
+ Responsibility for any deficiencies and errors remains, of
+ course, with the editor.
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 3]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ 2. Keywords
+
+ This catalog uses "keywords" for terse characterizations of
+ the tools. Keywords are abbreviated attributes of a tool or
+ its use. To allow cross-comparison of tools, uniform key-
+ word definitions have been developed, and are given below.
+ Following the definitions, there is an index of catalog
+ entries by keyword.
+
+ 2.1 Keyword Definitions
+
+ The keywords are always listed in a prefined order, sorted
+ first by the general category into which they fall, and then
+ alphabetically. The categories that have been defined for
+ management tool keywords are:
+
+ o+ the general management area to which a tool
+ relates or a tool's functional role;
+
+ o+ the network resources or components that are
+ managed;
+
+ o+ the mechanisms or methods a tool uses to perform
+ its functions;
+
+ o+ the operating system and hardware environment of a
+ tool; and
+
+ o+ the characteristics of a tool as a hardware pro-
+ duct or software release.
+
+
+ The keywords used to describe the general management area or
+ functional role of a tool are:
+
+ Alarm
+ a reporting/logging tool that can trigger on specific
+ events within a network.
+
+ Analyzer
+ a traffic monitor that reconstructs and interprets pro-
+ tocol messages that span several packets.
+
+ Benchmark
+ a tool used to evaluate the performance of network com-
+ ponents.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 4]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ Control
+ a tool that can change the state or status of a remote
+ network resource.
+
+ Debugger
+ a tool that by generating arbitrary packets and moni-
+ toring traffic, can drive a remote network component to
+ various states and record its responses.
+
+ Generator
+ a traffic generation tool.
+
+ Manager
+ a distributed network management system or system com-
+ ponent.
+
+ Map
+ a tool that can discover and report a system's topology
+ or configuration.
+
+ Reference
+ a tool for documenting MIB structure or system confi-
+ guration.
+
+ Routing
+ a packet route discovery tool.
+
+ Security
+ a tool for analyzing or reducing threats to security.
+
+ Status
+ a tool that remotely tracks the status of network com-
+ ponents.
+
+ Traffic
+ a tool that monitors packet flow.
+
+
+ The keywords used to identify the network resources or com-
+ ponents that a tool manages are:
+
+ Bridge
+ a tool for controlling or monitoring LAN bridges.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 5]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ CHAOS
+ a tool for controlling or monitoring implementations of
+ the CHAOS protocol suite or network components that use
+ it.
+
+ DECnet
+ a tool for controlling or monitoring implementations of
+ the DECnet protocol suite or network components that
+ use it.
+
+ DNS
+ a Domain Name System debugging tool.
+
+ Ethernet
+ a tool for controlling or monitoring network components
+ on ethernet LANs.
+
+ FDDI
+ a tool for controlling or monitoring network components
+ on FDDI LANs or WANs.
+
+ IP
+ a tool for controlling or monitoring implementations of
+ the TCP/IP protocol suite or network components that
+ use it.
+
+ OSI
+ a tool for controlling or monitoring implementations of
+ the OSI protocol suite or network components that use
+ it.
+
+ NFS
+ a Network File System debugging tool.
+
+ Ring
+ a tool for controlling or monitoring network components
+ on Token Ring LANs.
+
+ SMTP
+ an SMTP debugging tool.
+
+ Star
+ a tool for controlling or monitoring network components
+ on StarLANs.
+
+
+ The keywords used to describe a tool's mechanism are:
+
+
+
+ IETF NOCTools Working Group [Page 6]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ Curses
+ a tool that uses the "curses" tty interface package.
+
+ Eavesdrop
+ a tool that silently monitors communications media
+ (e.g., by putting an ethernet interface into "promiscu-
+ ous" mode).
+
+ NMS
+ the tool is a component of or queries a Network Manage-
+ ment System.
+
+ Ping
+ a tool that sends packet probes such as ICMP echo mes-
+ sages; to help distinguish tools, we do not consider
+ NMS queries or protocol spoofing (see below) as probes.
+
+ Proprietary
+ a distributed tool that uses proprietary communications
+ techniques to link its components.
+
+ SNMP
+ a network management system or component based on SNMP,
+ the Simple Network Management Protocol.
+
+ Spoof
+ a tool that tests operation of remote protocol modules
+ by peer-level message exchange.
+
+ X
+ a tool that uses X-Windows.
+
+
+ The keywords used to describe a tool's operating environment
+ are:
+
+ DOS
+ a tool that runs under MS-DOS.
+
+ HP
+ a tool that runs on Hewlett-Packard systems.
+
+ Macintosh
+ a tool that runs on Macintosh personal computers.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 7]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ Standalone
+ an integrated hardware/software tool that requires only
+ a network interface for operation.
+
+ UNIX
+ a tool that runs under 4.xBSD UNIX or related OS.
+
+ VMS
+ a tool that runs under DEC's VMS operating system.
+
+
+ The keywords used to describe a tool's characteristics as a
+ hardware or software acquisition are:
+
+ Free
+ a tool is available at no charge, though other restric-
+ tions may apply (tools that are part of an OS distribu-
+ tion but not otherwise available are not listed as
+ "free").
+
+ Library
+ a tool packaged with either an Application Programming
+ Interface (API) or object-level subroutines that may be
+ loaded with programs.
+
+ Sourcelib
+ a collection of source code (subroutines) upon which
+ developers may construct other tools.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 8]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ 2.2 Tools Indexed by Keywords
+
+ Following is an index of catalog entries sorted by keyword.
+ This index can be used to locate the tools with a particular
+ attribute: tools are listed under each keyword that charac-
+ terizes them. The keywords and the subordinate lists of
+ tools under them are in alphabetical order.
+
+ In the interest of brevity, some liberties have been taken
+ with tool names. Capitalization of the names is as speci-
+ fied by the tool developers or distributers. Note that
+ parenthetical roman numerals following a tool's name are not
+ actually part of the name. The use of roman numerals to
+ differentiate tools with the same name is explained in the
+ introduction of Section 3.
+
+ alarm bridge
+ CMIP Library ConnectVIEW
+ EtherMeter decaddrs
+ LanProbe NMC
+ LANWatch proxyd
+ NETMON (III) Snmp Libraries
+ osilog snmpd
+ SERAG
+ sma
+ Snmp Libraries CHAOS
+ snmptrapd LANWatch
+ SpiderMonitor map
+ Unisys NCC
+ WIN/MGT Station
+ xnetmon (I) control
+ XNETMON (II) CMIP Library
+ ConnectVIEW
+ NETMON (III)
+ analyzer NMC
+ LANWatch proxyd
+ Sniffer Snmp Libraries
+ SpiderMonitor snmpset
+ TokenVIEW
+ Unisys NCC
+ benchmark WIN/MGT Station
+ hammer XNETMON (II)
+ nhfsstone
+ SPIMS
+ spray
+ TTCP
+ Unisys NCC
+
+
+
+
+ IETF NOCTools Working Group [Page 9]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ curses DOS
+ Internet Rover Comp. Security Checklist
+ net_monitor ConnectVIEW
+ nfswatch hammer
+ osimon hopcheck
+ snmpperfmon LAN Patrol
+ LANWatch
+ netmon (I)
+ debugger NETMON (III)
+ SPIMS netwatch
+ OverVIEW
+ ping
+ DECnet Snmp Libraries
+ decaddrs snmpd (II)
+ LANWatch TokenVIEW
+ NETMON (III) XNETMON (II)
+ net_monitor xnetperfmon
+ NMC
+ Sniffer
+ Snmp Libraries eavesdrop
+ SpiderMonitor ENTM
+ XNETMON (II) etherfind
+ xnetperfmon EtherView
+ LAN Patrol
+ LanProbe
+ DNS LANWatch
+ DiG NETMON (II)
+ LANWatch netwatch
+ netmon (I) nfswatch
+ nslookup NNStat
+ OSITRACE
+ Sniffer
+ SpiderMonitor
+ Tcplogger
+ TRPT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 10]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ ethernet free
+ arp arp
+ ConnectVIEW CMIP Library
+ ENTM CMU SNMP
+ etherfind DiG
+ etherhostprobe ENTM
+ EtherMeter etherhostprobe
+ EtherView hammer
+ LAN Patrol hopcheck
+ LanProbe HyperMIB
+ LANWatch Internet Rover
+ map map
+ NETMON (III) netmon (I)
+ netwatch NETMON (II)
+ Network Integrator netstat
+ nfswatch netwatch
+ NMC net_monitor
+ NNStat nfswatch
+ proxyd nhfsstone
+ SERAG NNStat
+ Sniffer NPRV
+ Snmp Libraries nslookup
+ snmpd (II) osilog
+ SpiderMonitor osimic
+ tcpdump osimon
+ Unisys NCC OSITRACE
+ WIN/MGT Station ping
+ XNETMON (II) query
+ xnetperfmon sma
+ SNMP Kit
+ tcpdump
+ FDDI tcplogger
+ Unisys NCC traceroute
+ TRPT
+ TTCP
+
+
+ generator
+ hammer
+ nhfsstone
+ ping
+ Sniffer
+ SpiderMonitor
+ spray
+ TTCP
+ Unisys NCC
+
+
+
+
+ IETF NOCTools Working Group [Page 11]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ HP IP
+ xup arp
+ CMU SNMP
+ Dual Manager
+ ENTM
+ etherfind
+ etherhostprobe
+ EtherView
+ getone
+ hammer
+ hopcheck
+ Internet Rover
+ LANWatch
+ map
+ Netlabs CMOT Agent
+ Netlabs SNMP Agent
+ netmon (I)
+ NETMON (II)
+ NETMON (III)
+ netstat
+ netwatch
+ net_monitor
+ nfswatch
+ NMC
+ NNStat
+ NPRV
+ OverVIEW
+ ping
+ proxyd
+ query
+ SERAG
+ Sniffer
+ SNMP Kit
+ Snmp Libraries
+ snmpask
+ snmpd (I)
+ snmpd (II)
+ snmplookup
+ snmpperfmon
+ snmppoll
+ snmpquery
+ snmproute
+ snmpset
+ snmpsrc
+ snmpstat
+ snmptrapd
+ snmpwatch
+
+
+
+ IETF NOCTools Working Group [Page 12]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ snmpxbar
+ snmpxconn manager
+ snmpxmon CMIP Library
+ snmpxperf CMU SNMP
+ snmpxperfmon ConnectVIEW
+ snmpxrtmetric decaddrs
+ SpiderMonitor Dual Manager
+ SPIMS getone
+ spray LanProbe
+ Tcpdump map
+ Tcplogger Netlabs CMOT Agent
+ Traceroute Netlabs SNMP Agent
+ TRPT NETMON (III)
+ TTCP NMC
+ Unisys NCC NNStat
+ WIN/MGT Station osilog
+ xnetmon (I) osimic
+ XNETMON (II) osimon
+ xnetperfmon OverVIEW
+ sma
+ SNMP Kit
+ library Snmp Libraries
+ CMIP Library snmpask
+ Dual Manager snmpd (I)
+ LANWatch snmpd (II)
+ proxyd snmplookup
+ WIN/MGT Station snmpperfmon
+ snmppoll
+ snmpquery
+ Macintosh snmproute
+ HyperMIB snmpsrc
+ snmpset
+ snmpstat
+ snmptrapd
+ snmpwatch
+ snmpxbar
+ snmpxconn
+ snmpxmon
+ snmpxperf
+ snmpxperfmon
+ snmpxrtmetric
+ TokenVIEW
+ Unisys NCC
+ WIN/MGT Station
+ xnetmon (I)
+ XNETMON (II)
+ xnetperfmon
+
+
+
+
+ IETF NOCTools Working Group [Page 13]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ map NMS
+ decaddrs CMU SNMP
+ etherhostprobe ConnectVIEW
+ EtherMeter decaddrs
+ LanProbe Dual Manager
+ map EtherMeter
+ NETMON (III) getone
+ Network Integrator LanProbe
+ NPRV map
+ Snmp Libraries Netlabs CMOT Agent
+ snmpxconn Netlabs SNMP Agent
+ snmpxmon NETMON (III)
+ Unisys NCC NMC
+ xnetmon (I) NNStat
+ XNETMON (II) OverVIEW
+ proxyd
+ SERAG
+ NFS SNMP Kit
+ etherfind Snmp Libraries
+ EtherView snmpask
+ nfswatch snmpd (I)
+ nhfsstone snmpd (II)
+ Sniffer snmplookup
+ tcpdump snmpperfmon
+ snmppoll
+ snmpquery
+ snmproute
+ snmpset
+ snmpsrc
+ snmpstat
+ snmptrapd
+ snmpwatch
+ snmpxbar
+ snmpxconn
+ snmpxmon
+ snmpxperf
+ snmpxperfmon
+ snmpxrtmetric
+ TokenVIEW
+ Unisys NCC
+ WIN/MGT Station
+ xnetmon (I)
+ XNETMON (II)
+ xnetperfmon
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 14]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ OSI ring
+ CMIP Library ConnectVIEW
+ Dual Manager LANWatch
+ LANWatch map
+ Netlabs CMOT Agent NETMON (III)
+ NETMON (III) netwatch
+ osilog proxyd
+ osimic Sniffer
+ osimon Snmp Libraries
+ OSITRACE snmpd (II)
+ sma TokenVIEW
+ Sniffer XNETMON (II)
+ Snmp Libraries xnetperfmon
+ SpiderMonitor
+ SPIMS
+ XNETMON (II) routing
+ xnetperfmon arp
+ ConnectVIEW
+ decaddrs
+ ping etherhostprobe
+ etherhostprobe getone
+ hopcheck hopcheck
+ Internet Rover NETMON (III)
+ map netstat
+ netmon (I) net_monitor
+ net_monitor NMC
+ NPRV NPRV
+ ping query
+ spray Snmp Libraries
+ traceroute snmproute
+ TTCP snmpsrc
+ Unisys NCC snmpxrtmetric
+ xup traceroute
+ WIN/MGT Station
+ XNETMON (II)
+ proprietary
+ ConnectVIEW
+ EtherMeter security
+ LanProbe Comp. Security Checklist
+ SERAG ConnectVIEW
+ TokenVIEW Dual Manager
+ LAN Patrol
+ SERAG
+ reference XNETMON (II)
+ HyperMIB
+ Unisys NCC
+
+
+
+
+ IETF NOCTools Working Group [Page 15]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ SMTP sourcelib
+ Internet Rover CMIP Library
+ LANWatch CMU SNMP
+ mconnect HyperMIB
+ Sniffer Internet Rover
+ LANWatch
+ map
+ SNMP NETMON (III)
+ CMU SNMP net_monitor
+ decaddrs proxyd
+ Dual Manager SNMP Kit
+ getone Snmp Libraries
+ map Snmpd (II)
+ Netlabs SNMP Agent SpiderMonitor
+ NETMON (III) XNETMON (II)
+ NMC xnetperfmon
+ OverVIEW
+ proxyd
+ SNMP Kit spoof
+ Snmp Libraries DiG
+ snmpask Internet Rover
+ snmpd (I) mconnect
+ snmpd (II) nhfsstone
+ snmplookup nslookup
+ snmpperfmon query
+ snmppoll SPIMS
+ snmpquery
+ snmproute
+ snmpset standalone
+ snmpsrc EtherMeter
+ snmpstat Sniffer
+ snmptrapd SpiderMonitor
+ snmpwatch
+ snmpxbar
+ snmpxconn star
+ snmpxmon LAN Patrol
+ snmpxperf LANWatch
+ snmpxperfmon map
+ snmpxrtmetric NETMON (III)
+ Unisys NCC proxyd
+ WIN/MGT Station Sniffer
+ xnetmon (I) Snmp Libraries
+ XNETMON (II) snmpd (II)
+ xnetperfmon XNETMON (II)
+ xnetperfmon
+
+
+
+
+
+ IETF NOCTools Working Group [Page 16]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ status traffic
+ CMIP Library ENTM
+ CMU SNMP etherfind
+ ConnectVIEW EtherMeter
+ DiG EtherView
+ Dual Manager LAN Patrol
+ getone LanProbe
+ Internet Rover LANWatch
+ LanProbe NETMON (II)
+ mconnect netwatch
+ Netlabs CMOT Agent Network Integrator
+ Netlabs SNMP Agent nfswatch
+ netmon (I) NMC
+ net_monitor NNStat
+ NMC osimon
+ NNStat OSITRACE
+ NPRV Sniffer
+ nslookup snmpxperfmon
+ osimic SpiderMonitor
+ osimon tcpdump
+ OverVIEW tcplogger
+ ping TRPT
+ proxyd Unisys NCC
+ sma WIN/MGT Station
+ SNMP Kit
+ Snmp Libraries
+ snmpask
+ snmpd (I)
+ snmpd (II)
+ snmplookup
+ snmpperfmon
+ snmppoll
+ snmpquery
+ snmpstat
+ snmpwatch
+ snmpxbar
+ snmpxconn
+ snmpxmon
+ snmpxperf
+ snmpxperfmon
+ TokenVIEW
+ Unisys NCC
+ WIN/MGT Station
+ xnetmon (I)
+ XNETMON (II)
+ xnetperfmon
+ xup
+
+
+
+ IETF NOCTools Working Group [Page 17]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ snmpxbar
+ UNIX snmpxconn
+ arp snmpxmon
+ CMIP Library snmpxperf
+ CMU SNMP snmpxperfmon
+ decaddrs snmpxrtmetric
+ DiG SPIMS
+ Dual Manager spray
+ etherfind tcpdump
+ etherhostprobe tcplogger
+ EtherView traceroute
+ getone TRPT
+ Internet Rover TTCP
+ map Unisys NCC
+ mconnect WIN/MGT Station
+ NETMON (II) xnetmon (I)
+ netstat XNETMON (II)
+ Network Integrator xnetperfmon
+ net_monitor
+ nfswatch
+ nhfsstone VMS
+ NMC arp
+ NNStat ENTM
+ nslookup netstat
+ osilog net_monitor
+ osimic NPRV
+ osimon nslookup
+ OSITRACE ping
+ ping Snmp Libraries
+ proxyd tcpdump
+ query traceroute
+ SERAG TTCP
+ sma XNETMON (II)
+ SNMP Kit xnetperfmon
+ Snmp Libraries
+ snmpask
+ snmpd (I)
+ snmpd (II)
+ snmplookup
+ snmpperfmon
+ snmppoll
+ snmpquery
+ snmproute
+ snmpset
+ snmpsrc
+ snmpstat
+ snmptrapd
+ snmpwatch
+
+
+
+ IETF NOCTools Working Group [Page 18]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+
+ X
+ Dual Manager
+ map
+ snmpxbar
+ snmpxconn
+ snmpxmon
+ snmpxperf
+ snmpxperfmon
+ snmpxrtmetric
+ WIN/MGT Station
+ XNETMON (II)
+ xnetperfmon
+ xup
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 19]
+
+ RFC 1147 FYI: Network Management Tool Catalog April 1990
+
+
+ 3. Tool Descriptions
+
+ This section is a collection of brief descriptions of tools
+ for managing TCP/IP internets. These entries are in alpha-
+ betical order, by tool name.
+
+ The entries all follow a standard format. Immediately after
+ the NAME of a tool are its associated KEYWORDS. Keywords
+ are terse descriptions of the purposes or attributes of a
+ tool. A more detailed description of a tool's purpose and
+ characteristics is given in the ABSTRACT section. The
+ MECHANISM section describes how a tool works. In CAVEATS,
+ warnings about tool use are given. In BUGS, known bugs or
+ bug-report procedures are given. LIMITATIONS describes the
+ boundaries of a tool's capabilities. HARDWARE REQUIRED and
+ SOFTWARE REQUIRED relate the operational environment a tool
+ needs. Finally, in AVAILABILITY, pointers to vendors,
+ online repositories, or other sources for a tool are given.
+
+ We deal with the problem of tool-name clashes -- different
+ tools that have the same name -- by appending parenthetical
+ roman numerals to the names. For example, BYU, MITRE, and
+ SNMP Research each submitted a description of a tool called
+ "NETMON." These tools were independently developed, are
+ functionally different, run in different environments, and
+ are no more related than Richard Burton the 19th century
+ explorer and Richard Burton the 20th century actor. BYU's
+ tool "NETMON" is listed as "NETMON (I)," MITRE's as "NETMON
+ (II)," and the tool from SNMP Research as "NETMON (III)."
+
+ The parenthetical roman numerals reveal only the order in
+ which the catalog editor received the tool descriptions.
+ They should not be construed to indicate any sort of prefer-
+ ence, priority, or rights to a tool name.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 20]
+
+ Internet Tool Catalog ARP
+
+
+ NAME
+ arp
+
+ KEYWORDS
+ routing; ethernet, IP; UNIX, VMS; free.
+
+ ABSTRACT
+ Arp displays and can modify the internet-to-ethernet
+ address translations tables used by ARP, the address
+ resolution protocol.
+
+ MECHANISM
+ The arp program accesses operating system memory to
+ read the ARP data structures.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Only the super user can modify ARP entries.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Available via anonymous FTP from uunet.uu.net, in
+ directory bsd-sources/src/etc. Available with 4.xBSD
+ UNIX and related operating systems. For VMS, available
+ as part of TGV MultiNet IP software package, as well as
+ Wollongong's WIN/TCP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 21]
+
+ Internet Tool Catalog CMIP LIBRARY
+
+
+ NAME
+ CMIP Library
+
+ KEYWORDS
+ alarm, control, manager, status; OSI; UNIX; free,
+ library, sourcelib.
+
+ ABSTRACT
+ The CMIP Library implements the functionality of the
+ Common Management Information Service/Protocol as in
+ the documents ISO DP 9595-2/9596-2 of March 1988. It
+ can act as a building block for the construction of
+ CMIP-based agent and manager applications.
+
+ MECHANISM
+ The CMIP library uses ISO ROS, ACSE and ASN.1 presenta-
+ tion, as implemented in ISODE, to provide its service.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ The M-CREATE, M-DELETE and M-ACTION protocol primitives
+ are not implemented in this version.
+
+ HARDWARE REQUIRED
+ Developed on Sun3, tested on Sun3 and VAXStation.
+
+ SOFTWARE REQUIRED
+ The ISODE protocol suite, BSD UNIX.
+
+ AVAILABILITY
+ The CMIP library and related management tools built
+ upon it, known as OSIMIS (OSI Management Information
+ Service), are publicly available from University Col-
+ lege London, England via FTP and FTAM. To obtain
+ information regarding a copy send email to
+ gknight@ac.ucl.cs.uk or call +44 1 380 7366.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 22]
+
+ Internet Tool Catalog CMU SNMP
+
+
+ NAME
+ The CMU SNMP Distribution
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX; free, sourcelib.
+
+ ABSTRACT
+ The CMU SNMP Distribution includes source code for an
+ SNMP agent, several SNMP client applications, an ASN.1
+ library, and supporting documentation.
+
+ The agent compiles into about 10 KB of 68000 code. The
+ distribution includes a full agent that runs on a
+ Kinetics FastPath2/3/4, and is built into the KIP
+ appletalk/ethernet gateway. The machine independent
+ portions of this agent also run on CMU's IBM PC/AT
+ based router.
+
+ The applications are designed to be useful in the real
+ world. Information is collected and presented in a
+ useful format and is suitable for everyday status moni-
+ toring. Input and output are interpreted symbolically.
+ The tools can be used without referencing the RFCs.
+
+ MECHANISM
+ SNMP.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None reported. Send bug reports to
+ sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you
+ zero ell.")
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ The KIP gateway agent runs on a Kinetics FastPath2/3/4.
+ Otherwise, no restrictions.
+
+ SOFTWARE REQUIRED
+ The code was written with efficiency and portability in
+ mind. The applications compile and run on the follow-
+ ing systems: IBM PC/RT running ACIS Release 3, Sun3/50
+ running SUNOS 3.5, and the DEC microVax running Ultrix
+ 2.2. They are expected to run on any system with a
+
+
+
+ IETF NOCTools Working Group [Page 23]
+
+ Internet Tool Catalog CMU SNMP
+
+
+ Berkeley socket interface.
+
+ AVAILABILITY
+ This distribution is copyrighted by CMU, but may be
+ used and sold without permission. Consult the copy-
+ right notices for further information. The distribu-
+ tion is available by anonymous FTP from the host
+ lancaster.andrew.cmu.edu (128.2.13.21) as the files
+ pub/cmu-snmp.9.tar, and pub/kip-snmp.9.tar. The former
+ includes the libraries and the applications, and the
+ latter is the KIP SNMP agent.
+
+ Please direct questions, comments, and bug reports to
+ sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you
+ zero ell.") If you pick up this package, please send a
+ note to the above address, so that you may be notified
+ of future enhancements/changes and additions to the set
+ of applications (several are planned).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 24]
+
+ Internet Tool Catalog COMPUTER SECURITY CHECKLIST
+
+
+ NAME
+ Computer Security Checklist
+
+ KEYWORDS
+ security; DOS.
+
+ ABSTRACT
+ This program consists of 858 computer security ques-
+ tions divided up in thirteen sections. The program
+ presents the questions to the user and records their
+ responses. After answering the questions in one of the
+ thirteen sections, the user can generate a report from
+ the questions and the user's answers. The thirteen
+ sections are: telecommunications security, physical
+ access security, personnel security, systems develop-
+ ment security, security awareness and training prac-
+ tices, organizational and management security, data and
+ program security, processing and operations security,
+ ergonomics and error prevention, environmental secu-
+ rity, and backup and recovery security.
+
+ The questions are weighted as to their importance, and
+ the report generator can sort the questions by weight.
+ This way the most important issues can be tackled
+ first.
+
+ MECHANISM
+ The questions are displayed on the screen and the user
+ is prompted for a single keystroke reply. When the end
+ of one of the thirteen sections is reached, the answers
+ are written to a disk file. The question file and the
+ answer file are merged to create the report file.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ DOS operating system.
+
+
+
+
+ IETF NOCTools Working Group [Page 25]
+
+ Internet Tool Catalog COMPUTER SECURITY CHECKLIST
+
+
+
+ AVAILABILITY
+ A commercial product available from:
+ C.D., Ltd.
+ P.O. Box 58363
+ Seattle, WA 98138
+ (206) 243-8700
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 26]
+
+ Internet Tool Catalog CONNECTVIEW
+
+
+ NAME
+ ConnectVIEW
+
+ KEYWORDS
+ control, manager, routing, security, status; bridge,
+ ethernet, ring; NMS, proprietary; DOS.
+
+ ABSTRACT
+ The ConnectVIEW Network Management System consists of
+ various software managers that control and manage Hal-
+ ley System's internets made of of ConnectLAN 100 ether-
+ net and ConnectLAN 200 Token Ring Brouters. The
+ management software provides an icon-based graphical
+ network display with real-time monitoring and report-
+ ing, along with configuration, fault, performance and
+ security management functions for managing ConnectLAN
+ brouters. A Planning function is also provided that
+ allows users to draw their networks.
+
+ MECHANISM
+ Proprietary.
+
+ CAVEATS
+ The ConnectVIEW software must be running under Micro-
+ soft Windows, preferably on a dedicated management sta-
+ tion. There is, however, no degradation of LAN
+ throughput.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Currently works only with Halley System's products.
+
+ HARDWARE REQUIRED
+ Requires a PC/AT compatible, with 640KB RAM, EGA
+ adapter and monitor, keyboard, mouse, and ethernet
+ adapter.
+
+ SOFTWARE REQUIRED
+ MSDOS 3.3 or higher. Microsoft Windows/286 version
+ 2.1.
+
+ AVAILABILITY
+ Commercially available from:
+ Halley Systems, Inc.
+ 2730 Orchard Parkway
+ San Jose, CA 95134
+
+
+
+ IETF NOCTools Working Group [Page 27]
+
+ Internet Tool Catalog CONNECTVIEW
+
+
+ NAME
+ decaddrs, decaroute, decnroute, xnsroutes, bridgetab
+
+ KEYWORDS
+ manager, map, routing; bridge, DECnet; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ These commands display private MIB information from
+ Wellfleet systems. They retrieve and format for
+ display values of one or several MIB variables from the
+ Wellfleet Communications private enterprise MIB, using
+ the SNMP (RFC1098). In particular these tools are used
+ to examine the non-IP modules (DECnet, XNS, and Bridg-
+ ing) of a Wellfleet system.
+
+ Decaddrs displays the DECnet configuration of a
+ Wellfleet system acting as a DECnet router, showing the
+ static parameters associated with each DECnet inter-
+ face. Decaroute and decnroute display the DECnet
+ inter-area and intra-area routing tables (that is area
+ routes and node routes). Xnsroutes displays routes
+ known to a Wellfleet system acting as an XNS router.
+ Bridgetab displays the bridge forwarding table with the
+ disposition of traffic arriving from or directed to
+ each station known to the Wellfleet bridge module. All
+ these commands take an IP address as the argument and
+ can specify an SNMP community for the retrieval. One
+ SNMP query is performed for each row of the table.
+ Note that the Wellfleet system must be operating as an
+ IP router for the SNMP to be accessible.
+
+ MECHANISM
+ Management information is exchanged by use of SNMP.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Distributed and supported for Sun 3 systems.
+
+ SOFTWARE REQUIRED
+ Distributed and supported for SunOS 3.5 and 4.x.
+
+
+
+ IETF NOCTools Working Group [Page 28]
+
+ Internet Tool Catalog DECADDRS, DECAROUTE, et al.
+
+
+
+ AVAILABILITY
+ Commercial product of:
+ Wellfleet Communications, Inc.
+ 12 DeAngelo Drive
+ Bedford, MA 01730-2204
+ (617) 275-2400
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 29]
+
+ Internet Tool Catalog DIG
+
+
+ NAME
+ DiG
+
+ KEYWORDS
+ status; DNS; spoof; UNIX; free.
+
+ ABSTRACT
+ DiG (domain information groper), is a command line tool
+ which queries DNS servers in either an interactive or a
+ batch mode. It was developed to be more
+ convenient/flexible than nslookup for gathering perfor-
+ mance data and testing DNS servers.
+
+ MECHANISM
+ Dig is built on a slightly modified version of the bind
+ resolver (release 4.8).
+
+ CAVEATS
+ none.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX.
+
+ AVAILABILITY
+ DiG is available via anonymous FTP from venera.isi.edu
+ in pub/dig.1.0.tar.Z.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 30]
+
+ Internet Tool Catalog DUAL MANAGER
+
+
+ NAME
+ Dual Manager
+
+ KEYWORDS
+ alarm, control, manager, map, security, status; IP,
+ OSI; NMS, SNMP, X; UNIX; library.
+
+ ABSTRACT
+ Netlabs' Dual Manager provides management of TCP/IP
+ networks using both SNMP and CMOT protocols. Such
+ management can be initiated either through the X-
+ Windows user interface (both Motif and Openlook), or
+ through OSI Network Management (CMIP) commands. The
+ Dual Manager provides for configuration, fault, secu-
+ rity and performance management. It provides extensive
+ map management features, including scanned maps in the
+ background. It provides simple mechanisms to extend
+ the MIB and assign specific lists of objects to
+ specific network elements, thereby providing for the
+ management of all vendors' specific MIB extensions. It
+ provides an optional relational DBMS for storing and
+ retrieving MIB and alarm information. Finally, the
+ Dual Manager is an open platform, in that it provides
+ several Application Programming Interfaces (APIs) for
+ users to extend the functionality of the Dual Manager.
+
+ The Dual Manager is expected to work as a TCP/IP
+ "branch manager" under DEC's EMA, AT&T's UNMA and other
+ OSI-conformant enterprise management architectures.
+
+ MECHANISM
+ The Netlabs Dual Manager supports the control and moni-
+ toring of network resources by use of both CMOT and
+ SNMP message exchanges.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Runs on Sun/3 and Sun/4s.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 31]
+
+ Internet Tool Catalog DUAL MANAGER
+
+
+
+ SOFTWARE REQUIRED
+ Available on System V or SCO Open Desktop environments.
+ Uses X-Windows for the user interface.
+
+ AVAILABILITY
+ Commercially available from:
+ Netlabs Inc
+ 11693 Chenault Street Ste 348
+ Los Angeles CA 90049
+ (213) 476-4070
+ lam@netlabs.com (Anne Lam)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 32]
+
+ Internet Tool Catalog ENTM
+
+
+ NAME
+ ENTM -- Ethernet Traffic Monitor
+
+ KEYWORDS
+ traffic; ethernet, IP; eavesdrop; VMS; free.
+
+ ABSTRACT
+ ENTM is a screen-oriented utility that runs under
+ VAX/VMS. It monitors local ethernet traffic and
+ displays either a real time or cumulative, histogram
+ showing a percent breakdown of traffic by ethernet pro-
+ tocol type. The information in the display can be
+ reported based on packet count or byte count. The per-
+ cent of broadcast, multicast and approximate lost pack-
+ ets is reported as well. The screen display is updated
+ every three seconds. Additionally, a real time, slid-
+ ing history window may be displayed showing ethernet
+ traffic patterns for the last five minutes.
+
+ ENTM can also report IP traffic statistics by packet
+ count or byte count. The IP histograms reflect infor-
+ mation collected at the TCP and UDP port level, includ-
+ ing ICMP type/code combinations. Both the ethernet and
+ IP histograms may be sorted by ASCII protocol/port name
+ or by percent-value. All screen displays can be saved
+ in a file for printing later.
+
+ MECHANISM
+ This utility simply places the ethernet controller in
+ promiscuous mode and monitors the local area network
+ traffic. It preallocates 10 receive buffers and
+ attempts to keep 22 reads pending on the ethernet dev-
+ ice.
+
+ CAVEATS
+ Placing the ethernet controller in promiscuous mode may
+ severly slow down a VAX system. Depending on the speed
+ of the VAX system and the amount of traffic on the lo-
+ cal ethernet, a large amount of CPU time may be spent
+ on the Interrupt Stack. Running this code on any pro-
+ duction system during operational hours is discouraged.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 33]
+
+ Internet Tool Catalog ENTM
+
+
+
+ BUGS
+ Due to a bug in the VAX/VMS ethernet/802 device driver,
+ IEEE 802 format packets may not always be detected. A
+ simple test is performed to "guess" which packets are
+ in IEEE 802 format (DSAP equal to SSAP). Thus, some
+ DSAP/SSAP pairs may be reported as an ethernet type,
+ while valid ethernet types may be reported as IEEE 802
+ packets.
+
+ In some hardware configurations, placing an ethernet
+ controller in promiscuous mode with automatic-restart
+ enabled will hang the controller. Our VAX 8650 hangs
+ running this code, while our uVAX IIs and uVAX IIIs do
+ not.
+
+ Please report any additional bugs to the author at:
+ Allen Sturtevant
+ National Magnetic Fusion Energy Computer Center
+ Lawrence Livermore National Laboratory
+ P.O. Box 808; L-561
+ Livermore, CA 94550
+ Phone : (415) 422-8266
+ E-Mail: sturtevant@ccc.nmfecc.gov
+
+ LIMITATIONS
+ The user is required to have PHY_IO, TMPMBX and NETMBX
+ privileges. When activated, the program first checks
+ that the user process as enough quotas remaining
+ (BYTLM, BIOLM, ASTLM and PAGFLQUO) to successfully run
+ the program without entering into an involuntary wait
+ state. Some quotas require a fairly generous setting.
+
+ The contents of IEEE 802 packets are not examined.
+ Only the presence of IEEE 802 packets on the wire is
+ reported.
+
+ The count of lost packets is approximated. If, after
+ each read completes on the ethernet device, the utility
+ detects that it has no reads pending on that device,
+ the lost packet counter is incremented by one.
+
+ When the total number of bytes processed exceeds
+ 7fffffff hex, all counters are automatically reset to
+ zero.
+
+ HARDWARE REQUIRED
+ A DEC ethernet controller.
+
+
+
+ IETF NOCTools Working Group [Page 34]
+
+ Internet Tool Catalog ENTM
+
+
+
+ SOFTWARE REQUIRED
+ VAX/VMS version V5.1+.
+
+ AVAILABILITY
+ For executables only, FTP to the ANONYMOUS account
+ (password GUEST) on CCC.NMFECC.GOV and GET the follow-
+ ing files:
+
+ [ANONYMOUS.PROGRAMS.ENTM]ENTM.DOC (ASCII text)
+ [ANONYMOUS.PROGRAMS.ENTM]ENTM.EXE (binary)
+ [ANONYMOUS.PROGRAMS.ENTM]EN_TYPES.DAT (ASCII text)
+ [ANONYMOUS.PROGRAMS.ENTM]IP_TYPES.DAT (ASCII text)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 35]
+
+ Internet Tool Catalog ETHERFIND
+
+
+ NAME
+ etherfind
+
+ KEYWORDS
+ traffic; ethernet, IP, NFS; eavesdrop; UNIX.
+
+ ABSTRACT
+ Etherfind examines the packets that traverse a network
+ interface, and outputs a text file describing the
+ traffic. In the file, a single line of text describes
+ a single packet: it contains values such as protocol
+ type, length, source, and destination. Etherfind can
+ print out all packet traffic on the ethernet, or
+ traffic for the local host. Further packet filtering
+ can be done on the basis of protocol: IP, ARP, RARP,
+ ICMP, UDP, ND, TCP, and filtering can also be done
+ based on the source, destination addresses as well as
+ TCP and UDP port numbers.
+
+ MECHANISM
+ In usual operations, and by default, etherfind puts the
+ interface in promiscuous mode. In 4.3BSD UNIX and
+ related OSs, it uses a Network Interface Tap (NIT) to
+ obtain a copy of traffic on an ethernet interface.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Minimal protocol information is printed. Can only be
+ run by the super user. The syntax is painful.
+
+ HARDWARE REQUIRED
+ Ethernet.
+
+ SOFTWARE REQUIRED
+ SunOS.
+
+ AVAILABILITY
+ Executable included in Sun OS "Networking Tools and
+ Programs" software installation option.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 36]
+
+ Internet Tool Catalog ETHERHOSTPROBE
+
+
+ NAME
+ etherhostprobe
+
+ KEYWORDS
+ map, routing; ethernet, IP; ping; UNIX; free.
+
+ ABSTRACT
+ Output list of hosts on an ethernet that respond to IP
+ ARP. Produces a list in the following format:
+
+ 08:00:20:01:96:62 128.18.4.114 apptek4
+ 08:00:20:00:02:fe 128.18.4.115 apptek5
+ 08:00:20:00:57:6a 128.18.4.116 apptek6
+ 08:00:20:00:65:34 128.18.4.117 apptek7
+ 08:00:20:06:58:6f 128.18.4.118 apptek8
+ 08:00:20:00:03:4f 128.18.4.119 apptek9
+
+ The first column is the ethernet address, the second
+ the IP address, and the third is the hostname (which is
+ omitted if the name could not be found via gethost-
+ byaddr). A starting and ending IP address may be
+ specified on the command line, which will limit the
+ search.
+
+ MECHANISM
+ Etherhostprobe sends a UDP packet to the ``echo'' port,
+ then looks in the kernel's ARP cache for the
+ corresponding address entry. Explicit response (or
+ lack of same) to the UDP packet is ignored. The cache
+ will be checked up to four times at one-quarter-second
+ intervals. Note that this allows the program to be run
+ by a user with no special privileges.
+
+ CAVEATS
+ Etherhostprobe will fill the kernel's ARP cache with
+ possibly useless entries, possibly causing delays to
+ programs foolishly attempting to accomplish real work.
+
+ Etherhostprobe causes -lots- of ARPs to be generated,
+ possibly fooling network monitoring software (or peo-
+ ple) into concluding that something is horribly broken.
+
+ Etherhostprobe spends up to one second looking for each
+ possible address. Thus, exhaustively searching a
+ class-C network will take about four minutes, and
+ exhaustively searching a class-B network will take
+ about 18 hours. Exhaustively searching a class-A net-
+ work will take the better part of a year, so don't even
+
+
+
+ IETF NOCTools Working Group [Page 37]
+
+ Internet Tool Catalog ETHERHOSTPROBE
+
+
+ think about it.
+
+ Etherhostprobe will be fooled by gateways that imple-
+ ment proxy ARP; every possible address on the proxy-
+ ARPed subnet will be listed with the gateway's ethernet
+ address.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ If a given machine is not running IP ARP at the time
+ that it is probed, it will be considered nonexistent.
+ In particular, if a given machine is down at the time
+ that it is probed . . .
+
+ All hosts being probed must be on the same (possibly
+ bridged) ethernet.
+
+ HARDWARE REQUIRED
+ No restrictions, but see below.
+
+ SOFTWARE REQUIRED
+ Runs on SunOS 3.5, and possibly elsewhere. The major
+ non-standard portion of code is ``tx_arp.c'', which
+ reads the kernel's ARP cache.
+
+ AVAILABILITY
+ Copyrighted, but freely distributed. Available via
+ anonymous FTP from spam.itstd.sri.com (128.18.10.1).
+ From pub directory, file EHP.1 for etherhostprobe, and
+ files IPF.1 and IPF.2 for ipForwarding.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 38]
+
+ Internet Tool Catalog ETHERMETER
+
+
+ NAME
+ EtherMeter (tm), model LANB/150
+
+ KEYWORDS
+ alarm, map, traffic; ethernet; NMS, proprietary; stan-
+ dalone.
+
+ ABSTRACT
+ The Network Applications Technology (NAT) EtherMeter
+ product is a dedicated ethernet traffic monitor that
+ provides statistics on the ethernet segment to which it
+ is attached. The EtherMeter reports three major kinds
+ of statistics. For good packets, it reports the total
+ number of good packets seen on the segment, the number
+ of multicast and broadcast packets, and the total
+ number of bytes in all packets seen. For packets with
+ errors, it reports the number of CRC errors, short
+ packets, oversize packets, and alignment errors. It
+ also reports the distribution of packet by type, and
+ the number of protocols seen on the segment. A count
+ of transmit collisions is reported. Peak and current
+ ethernet utilization rates are also reported, etc.
+ Alarms can be set for utilization rate, packet rate,
+ total error count, and delta error.
+
+ The EtherMeter reports the statistics to a Network
+ Management Station (NMS), also available from NAT, via
+ IP/UDP datagrams, so that the meters can be monitored
+ through routers. The NMS displays graphical and/or
+ textual information, and EtherMeter icons turn colors
+ to indicate status. Alarms can be set, and if the lev-
+ els are exceeded an audible alarm is generated on the
+ NMS, and the EtherMeter icon changes from green to yel-
+ low on the network map.
+
+ MECHANISM
+ The EtherMeter is a self-contained board that can
+ either be plugged into a PC/AT bus for power or
+ installed in a small stand-alone enclosure. The board
+ can be obtained with either a 10BASE5 thick ethernet
+ transceiver cable connector, or a 10BASE2 thin ethernet
+ BNC connector.
+
+ CAVEATS
+ The EtherMeter is primarily a passive device whose only
+ impact on the network will come from the monitoring
+ packets sent to the NMS. The EtherMeter is assigned an
+ IP address for communication with the NMS.
+
+
+
+ IETF NOCTools Working Group [Page 39]
+
+ Internet Tool Catalog ETHERMETER
+
+
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Proprietary protocol currently in use. The company has
+ stated its intention to develop SNMP for the EtherMeter
+ product in the first half of 1990. Currently the NMS
+ does not keep log files. This limitation is ack-
+ nowledged, and plans are underway to add ASCII log file
+ capability to the NMS.
+
+ HARDWARE REQUIRED
+ An EtherMeter board and a PC/AT bus to plug it into, or
+ a stand-alone enclosure with power supply (available
+ from NAT). A Network Management Station and its
+ software is required as well, to fully interact with
+ the EtherMeter devices.
+
+ SOFTWARE REQUIRED
+ The EtherMeter software is included in ROM on the dev-
+ ice. The NMS software is bundled in with the NMS
+ hardware.
+
+ AVAILABILITY
+ The EtherMeter device, stand-alone enclosure, and Net-
+ work Management Station, are available commercially
+ from:
+
+ Network Application Technology, Inc.
+ 21040 Homestead Road
+ Cupertino, California 95014
+ Phone: (408) 733-4530
+ Fax: (408) 733-6478
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 40]
+
+ Internet Tool Catalog ETHERVIEW
+
+
+ NAME
+ EtherView(tm)
+
+ KEYWORDS
+ traffic; ethernet, IP, NFS; eavesdrop; UNIX.
+
+ ABSTRACT
+ EtherView is a network monitoring tool which runs on
+ Sun workstations and allows you to monitor your hetero-
+ geneous internet network. It monitors all systems on
+ the ethernet. It has three primary functions:
+
+ Load Profile: It allows users to monitor the load on
+ the ethernet over extended periods of time. The net-
+ work administrator can use it to characterize load gen-
+ erated by a node on the network, determine which sys-
+ tems and applications generate how much of the load and
+ how that load fluctuates over long periods of time.
+
+ NFS Profile: It allows the network administrator to
+ determine the load on NFS servers, the average response
+ time NFS servers and the mix of NFS load on each of the
+ servers. Users can use the data to benchmark different
+ NFS servers, determine which servers are overloaded,
+ deduce the number of clients that each server can sup-
+ port and evaluate the effectiveness of NFS accelera-
+ tors.
+
+ Protocol Analyzer: Users can capture packets based on
+ source, destination, application, protocol, bit pat-
+ tern, packet size or a boolean filtering expression.
+ It provides all standard features such as configurable
+ buffer size, packet slicing and bit pattern based
+ triggering criterion. It does automatic disassembly of
+ NFS, TCP, UDP, IP, ICMP, ARP and RARP packets. Packets
+ can be examined in any combination of summary, hex or
+ detail format.
+
+ MECHANISM
+ EtherView uses the Sun's NIT interface to turn the eth-
+ ernet interface into promiscuous mode to capture pack-
+ ets. A high level process manages the interface and a
+ low level process does the actual capturing and filter-
+ ing. Shared memory is used to communicate between the
+ two processes.
+
+ BUGS
+ None known.
+
+
+
+ IETF NOCTools Working Group [Page 41]
+
+ Internet Tool Catalog ETHERVIEW
+
+
+
+ LIMITATIONS
+ Because of limitations in Sun's NIT interface, Ether-
+ View will not capture packets originating from the sys-
+ tem where it is run.
+
+ EtherView requires super-user privileges on the system
+ where it is run.
+
+ HARDWARE REQUIRED
+ EtherView runs on all models of Sun-3, Sun-4 and Sun-
+ 386i.
+
+ SOFTWARE REQUIRED
+ Sun-3 - SunOS 4.0.3. (SunOS 4.0 with NIT fixes).
+ Sun-4 - SunOS 4.0.
+ Sun-386i - SunOS 4.0.
+
+ Runs under SunView.
+ Will run under X Windows in future.
+
+ AVAILABILITY
+ EtherView is copyrighted, commercial product of:
+ Matrix Computer Systems, Inc.
+ 7 1/2 Harris Road
+ Nashua, NH 03062
+
+ Tel: (603) 888-7790
+ email: ...uunet!matrix!eview
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 42]
+
+ Internet Tool Catalog GETONE, GETMANY, et al.
+
+
+ NAME
+ getone, getmany, getroute, getarp, getaddr, getif,
+ getid.
+
+ KEYWORDS
+ manager, routing, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ These commands retrieve and format for display values
+ of one or several MIB variables (RFC1066) using the
+ SNMP (RFC1098). Getone and getmany retrieve arbitrary
+ MIB variables; getroute, getarp, getaddr, and getif
+ retrieve and display tabular information (routing
+ tables, ARP table, interface configuration, etc.), and
+ getid retrieves and displays system name, identifica-
+ tion and boot time.
+
+ Getone <target> <mibvariable> retrieves and displays
+ the value of the designated MIB variable from the
+ specified target system. The SNMP community name to be
+ used for the retrieval can also be specified. Getmany
+ works similarly for groups of MIB variables rather than
+ individual values. The name of each variable, its
+ value and its data type is displayed. Getroute returns
+ information from the ipRoutingTable MIB structure,
+ displaying the retrieved information in an accessible
+ format. Getarp behaves similarly for the address
+ translation table; getaddr for the ipAddressTable; and
+ getif displays information from the interfaces table,
+ supplemented with information from the ipAddressTable.
+ Getid displays the system name, identification, ipFor-
+ warding state, and the boot time and date. All take a
+ system name or IP address as an argument and can
+ specify an SNMP community for the retrieval. One SNMP
+ query is performed for each row of the table.
+
+ MECHANISM
+ Queries SNMP agent(s).
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+
+
+
+ IETF NOCTools Working Group [Page 43]
+
+ Internet Tool Catalog GETONE, GETMANY, et al.
+
+
+
+ HARDWARE REQUIRED
+ Distributed and supported for Sun 3 systems.
+
+ SOFTWARE REQUIRED
+ Distributed and supported for SunOS 3.5 and 4.x.
+
+ AVAILABILITY
+ Commercial product of:
+ Wellfleet Communications, Inc.
+ 12 DeAngelo Drive
+ Bedford, MA 01730-2204
+ (617) 275-2400
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 44]
+
+ Internet Tool Catalog HAMMER & ANVIL
+
+
+ NAME
+ hammer & anvil
+
+ KEYWORDS
+ benchmark, generator; IP; DOS; free.
+
+ ABSTRACT
+ Hammer and anvil are the benchmarking programs for IP
+ routers. Using these tools, gateways have been tested
+ for per-packet delay, router-generated traffic over-
+ head, maximum sustained throughput, etc.
+
+ MECHANISM
+ Tests are performed on a gateway in an isolated
+ testbed. Hammer generates packets at controlled rates.
+ It can set the length and interpacket interval of a
+ packet stream. Anvil counts packet arrivals.
+
+ CAVEATS
+ Hammer should not be run on a live network.
+
+ BUGS
+ None reported.
+
+ LIMITATIONS
+ Early versions of hammer could not produce inter-packet
+ intervals shorter than 55 usec.
+
+ HARDWARE REQUIRED
+ Hammer runs on a PC/AT or compatible, and anvil
+ requires a PC or clone. Both use a Micom Interlan
+ NI5210 for LAN interface.
+
+ SOFTWARE REQUIRED
+ MS-DOS.
+
+ AVAILABILITY
+ Hammer and anvil are copyrighted, though free. Copies
+ are available from pub/eutil on husc6.harvard.edu.
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 45]
+
+ Internet Tool Catalog HOPCHECK
+
+
+ NAME
+ hopcheck
+
+ KEYWORDS
+ routing; IP; ping; DOS; free.
+
+ ABSTRACT
+ Hopcheck is a tool that lists the gateways traversed by
+ packets sent from the hopcheck-resident PC to a desti-
+ nation. Hopcheck uses the same mechanism as traceroute
+ but is for use on IBM PC compatibles that have ethernet
+ connections. Hopcheck is part of a larger TCP/IP pack-
+ age that is known as ka9q that is for use with packet
+ radio. Ka9q can coexist on a PC with other TCP/IP
+ packages such as FTP Inc's PC/TCP, but must be used
+ independently of other packages. Ka9q was written by
+ Phil Karn. Hopcheck was added by Katie Stevens,
+ dkstevens@ucdavis.edu. Unlike traceroute, which
+ requires a UNIX kernel mod, hopcheck will run on the
+ standard, unmodified ka9q release.
+
+ MECHANISM
+ See the description in traceroute.
+
+ CAVEATS
+ See the description in traceroute.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Host table required. Does not work with domain name
+ server or with IP address as the argument. This is
+ mainly an inconvenience.
+
+ HARDWARE REQUIRED
+ IBM PC compatible with ethernet network interface card,
+ though does not work with 3Com 505 board.
+
+ SOFTWARE REQUIRED
+ DOS.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 46]
+
+ Internet Tool Catalog HOPCHECK
+
+
+
+ AVAILABILITY
+ Free. On deposit at the National Center for Atmospher-
+ ic Research. For access from UNIX, available via
+ anonymous FTP from windom.ucar.edu, in directory "etc,"
+ as hopcheck.tar.Z. For access directly from a PC,
+ fetch nethop.exe and readme.hop; nethop.exe is execut-
+ able. Also available via anonymous FTP at ucdavis.edu,
+ in the nethopexe or nethopsrc suite of files in direc-
+ tory "dist."
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 47]
+
+ Internet Tool Catalog HYPERMIB
+
+
+ NAME
+ HyperMIB
+
+ KEYWORDS
+ reference; Macintosh; free, sourcelib.
+
+ ABSTRACT
+ HyperMIB is a hypertext presentation of the MIB
+ (RFC1066). The tree structure of the MIB is presented
+ graphically, and the user traverses the tree by select-
+ ing branches of the tree. When the MIB variables are
+ displayed, selecting them causes a text window to
+ appear and show the definition of that variable (using
+ the actual text of the MIB document).
+
+ MECHANISM
+ The Apple Macintosh HyperCard utility is used. The
+ actual text of the MIB document is read into scrollable
+ text windows, and a string search is done on the vari-
+ able selected. A person familiar with HyperCard pro-
+ gramming could modify the program to suit their needs
+ (such as to add the definitions for their company's
+ private space).
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ This program only gives the definition of the MIB vari-
+ ables. It cannot poll a node to find the value of the
+ variables.
+
+ HARDWARE REQUIRED
+ Apple Macintosh computer with at least 1MByte of RAM.
+
+ SOFTWARE REQUIRED
+ Apple Macintosh operating system and HyperCard.
+
+ AVAILABILITY
+ This software may be copied and given away without
+ charge. The files are available by anonymous FTP on
+ CCC.NMFECC.GOV. The files are:
+
+ [Anonymous.programs.HyperMIB]Hyper_MIB.help (ASCII text)
+ [Anonymous.programs.HyperMIB]Hyper.MIB (binary)
+
+
+
+ IETF NOCTools Working Group [Page 48]
+
+ Internet Tool Catalog HYPERMIB
+
+
+ [Anonymous.programs.HyperMIB]MIB.tree (binary)
+
+ The software is also available for a nominal fee from:
+
+ National Energy Software Center
+ Argonne National Laboratory
+ 9700 South Cass Avenue
+ Argonne, Illinois 60439
+ (312) 972-7250
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 49]
+
+ Internet Tool Catalog INTERNET ROVER
+
+
+ NAME
+ Internet Rover
+
+ KEYWORDS
+ status; IP, SMTP; curses, ping, spoof; UNIX; free,
+ sourcelib.
+
+ ABSTRACT
+ Internet Rover is a prototype network monitor that uses
+ multiple protocol "modules" to test network functional-
+ ity. This package consists of two primary pieces of
+ code: the data collector and the problem display.
+
+ There is one data collector that performs a series of
+ network tests, and maintains a list of problems with
+ the network. There can be many display processes all
+ displaying the current list of problems which is useful
+ in a multi-operator NOC.
+
+ The display task uses curses, allowing many terminal
+ types to display the problem file either locally or
+ from a remote site. Full source is provided. The data
+ collector is easily configured and extensible. Contri-
+ butions such as additional protocol modules, and shell
+ script extensions are welcome.
+
+ MECHANISM
+ A configuration file contains a list of nodes,
+ addresses, NodeUp? protocol test (ping in most cases),
+ and a list of further tests to be performed if the node
+ is in fact up. Modules are included to test TELNET,
+ FTP, and SMTP. If the configuration contains a test
+ that isn't recognized, a generic test is assumed, and a
+ filename is checked for existence. This way users can
+ create scripts that create a file if there is a prob-
+ lem, and the data collector simply checks the existence
+ of that file to determine if there is problem.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 50]
+
+ Internet Tool Catalog INTERNET ROVER
+
+
+
+ LIMITATIONS
+ This tools does not yet have the capability to perform
+ actions based on the result of the test. Rather, it is
+ intended for a multi-operator environment, and simply
+ displays a list of what is wrong with the net.
+
+ HARDWARE REQUIRED
+ This software is known to run on Suns and IBM RTs.
+
+ SOFTWARE REQUIRED
+ Curses, 4.xBSD UNIX socket programming libraries, BSD
+ ping.
+
+ AVAILABILITY
+ Full source available via anonymous FTP from merit.edu
+ (35.1.1.42) in the ~ftp/pub/inetrover directory.
+ Source and executables are public domain and can be
+ freely distributed for non-commercial use. This pack-
+ age is unsupported, but bug reports and fixes may be
+ sent to: wbn@merit.edu.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 51]
+
+ Internet Tool Catalog LAN PATROL
+
+
+ NAME
+ LAN Patrol
+
+ KEYWORDS
+ security, traffic; ethernet, star; eavesdrop; DOS.
+
+ ABSTRACT
+ LAN Patrol is a full-featured network analyzer that
+ provides essential information for effective fault and
+ performance management. It allows network managers to
+ easily monitor user activity, find traffic overloads,
+ plan for growth, test cable, uncover intruders, balance
+ network services, and so on. LAN Patrol uses state of
+ the art data collection techniques to monitor all
+ activity on a network, giving an accurate picture of
+ how it is performing.
+
+ LAN Patrol's reports can be saved as ASCII files to
+ disk, and imported into spreadsheet or database pro-
+ grams for further analysis.
+
+ MECHANISM
+ The LAN Patrol interface driver programs a standard
+ interface card to capture all traffic on a network seg-
+ ment. The driver operates from the background of a
+ standard PC, maintaining statistics for each station on
+ the network. The information can be viewed on the PC's
+ screen, or as a user-defined report output either to
+ file or printer.
+
+ CAVEATS
+ None. Normal operation is completely passive, making
+ LAN Patrol transparent to the network.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ LAN Patrol can monitor up to 10,000 packets/sec on an
+ AT class PC, and is limited to monitoring a maximum of
+ 1024 stations for intervals of up to 30 days.
+
+ Because LAN Patrol operates at the physical level, it
+ will only see traffic for the segment on which it is
+ installed; it cannot see traffic across bridges.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 52]
+
+ Internet Tool Catalog LAN PATROL
+
+
+
+ HARDWARE REQUIRED
+ Computer: IBM PC/XT/AT, PS/2 Model 30, or compatible.
+ Requires 512K memory and a hard drive or double-sided
+ disk drive.
+
+ Display: Color or monochrome text. Color display
+ allows color-coding of traffic information.
+
+ Ethernet, StarLAN, LattisNet, or StarLAN 10 network
+ interface card.
+
+ SOFTWARE REQUIRED
+ PC DOS, MS-DOS version 3.1 or greater.
+
+ AVAILABILITY
+ LAN Patrol many be purchased through network dealers,
+ or directly from:
+ Legend Software, Inc.
+ Phone: (201) 227-8771
+ FAX: (201) 906-1151
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 53]
+
+ Internet Tool Catalog LANPROBE
+
+
+ NAME
+ LanProbe -- the HP 4990S LanProbe Distributed Analysis
+ System.
+
+ KEYWORDS
+ alarm, manager, map, status, traffic; ethernet; eaves-
+ drop, NMS; proprietary.
+
+ ABSTRACT
+ The LanProbe distributed monitoring system performs
+ remote and local monitoring of ethernet LANs in a pro-
+ tocol and vendor independent manner.
+
+ LanProbe discovers each active node on a segment and
+ displays it on a map with its adapter card vendor name,
+ ethernet address, and IP address. Additional informa-
+ tion about the nodes, such as equipment type and physi-
+ cal location can be entered in to the data base by the
+ user.
+
+ When the NodeLocator option is used, data on the actual
+ location of nodes is automatically entered and the map
+ becomes an accurate representation of the physical lay-
+ out of the segment. Thereafter when a new node is
+ installed and becomes active, or when a node is moved
+ or becomes inactive, the change is detected and shown
+ on the map in real time. The system also provides the
+ network manager with precise cable fault information
+ displayed on the map.
+
+ Traffic statistics are gathered and displayed and can
+ be exported in (comma delimited) CSV format for further
+ analysis. Alerts can be set on user defined thres-
+ holds.
+
+ Trace provides a remote protocol analyzer capability
+ with decodes for common protocols.
+
+ Significant events (like power failure, cable breaks,
+ new node on network, broadcast IP source address seen,
+ etc.) are tracked in a log that is uploaded to Pro-
+ beView periodically.
+
+ ProbeView generates reports that can be manipulated by
+ MSDOS based word processors, spreadsheets, and DBMS.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 54]
+
+ Internet Tool Catalog LANPROBE
+
+
+
+ MECHANISM
+ The system consists of one or more LanProbe segment
+ monitors and ProbeView software running under Microsoft
+ Windows. The LanProbe segment monitor attaches to the
+ end of an ethernet segment and monitors all traffic.
+ Attachment can be direct to a thin or thick coax cable,
+ or via an external transceiver to fiber optic or twist-
+ ed pair cabling. Network data relating to the segment
+ is transferred to a workstation running ProbeView via
+ RS-232, ethernet, or a modem connection.
+
+ ProbeView software, which runs on a PC/AT class works-
+ tation, presents network information in graphical
+ displays.
+
+ The HP4992A NodeLocator option attaches to the opposite
+ end of the cable from the HP4991A LanProbe segment mon-
+ itor. It automatically locates the position of nodes
+ on the ethernet networks using coaxial cabling schemes.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ HP 4991A LanProbe segment monitor
+ HP 4992A NodeLocator (for optional capabilities)
+ 80386 based PC capable of running MS-Windows
+
+ SOFTWARE REQUIRED
+ HP 4990A ProbeView
+ MSDOS 3.0 or higher and Microsoft Windows/286 2.1.
+
+ AVAILABILITY
+ A commercial product available from:
+ Hewlett-Packard Company
+ P.O. Box 10301,
+ Palo Alto, CA 94303-0890
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 55]
+
+ Internet Tool Catalog LANWATCH
+
+
+ NAME
+ LANWatch
+
+ KEYWORDS
+ alarm, analyzer, traffic; CHAOS, DECnet, DNS, ethernet,
+ IP, OSI, ring, SMTP, star; eavesdrop; DOS; library,
+ sourcelib.
+
+ ABSTRACT
+ LANWatch 2.0 is an inexpensive, powerful and flexible
+ network analyzer that runs under DOS on personal com-
+ puters and requires no hardware modifications to either
+ the host or the network. LANWatch is an invaluable
+ tool for installing, troubleshooting, and monitoring
+ local area networks, and for developing and debugging
+ new protocols. Network managers using LANWatch can
+ inspect network traffic patterns and packet errors to
+ isolate performance problems and bottlenecks. Protocol
+ developers can use LANWatch to inspect and verify
+ proper protocol handling. Since LANWatch is a
+ software-only package which installs easily in existing
+ PCs, network technicians and field service engineers
+ can carry LANWatch in their briefcase for convenient
+ network analysis at remote sites.
+
+ LANWatch has two operating modes: Display and Examine.
+ In Display Mode, LANWatch traces network traffic by
+ displaying captured packets in real time. Examine Mode
+ allows you to scroll back through stored packets to
+ inspect them in detail. To select a subset of packets
+ for display, storage or retrieval, there is an exten-
+ sive set of built-in filters. Using filters, LANWatch
+ collects only packets of interest, saving the user from
+ having to sort through all network traffic to isolate
+ specific packets. The built-in filters include alarm,
+ trigger, capture, load, save and search. They can be
+ controlled separately to match on source or destination
+ address, protocol, or packet contents at the hardware
+ and transport layers. LANWatch also includes suffi-
+ cient source code so users can modify the existing
+ filters and parsers or add new ones.
+
+ The LANWatch distribution includes executables and
+ source for several post-processors: a TCP protocol
+ analyzer, a node-by-node traffic analyzer and a dump
+ file listing tool.
+
+ MECHANISM
+
+
+
+ IETF NOCTools Working Group [Page 56]
+
+ Internet Tool Catalog LANWATCH
+
+
+ Uses many common PC network interfaces by placing them
+ in promiscuous mode and capturing traffic.
+
+ CAVEATS
+ Most PC network interfaces will not capture 100% of the
+ traffic on a fully-loaded network (primarily missing
+ back-to-back packets).
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ LANWatch can't analyze what it doesn't see (see
+ Caveats).
+
+ HARDWARE REQUIRED
+ LANWatch requires a PC or PS/2 with a supported network
+ interface card.
+
+ SOFTWARE REQUIRED
+ LANWatch runs in DOS. Modification of the supplied
+ source code or creation of additional filters and
+ parsers requires Microsoft C 5.1
+
+ AVAILABILITY
+ LANWatch is commercially available from FTP Software,
+ Incorporated, 26 Princess Street, Wakefield, MA, 01880
+ (617 246-0900).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 57]
+
+ Internet Tool Catalog MAP
+
+
+ NAME
+ map -- Interactive Network Map
+
+ KEYWORDS
+ manager, map; CHAOS, ethernet, IP, ring, star; NMS,
+ ping, SNMP, X; UNIX; free, sourcelib.
+
+ ABSTRACT
+ Map draws a map of network connectivity and allows
+ interactive examination of information about various
+ components including whether hosts can be reached over
+ the network.
+
+ The program is supplied with complete source and is
+ written in a modular fashion to make addition of dif-
+ ferent protocols stacks, displays, or hardcopy devices
+ relatively easy. This is one of the reasons why the
+ initial version supports at least two of each. Contri-
+ butions of additional drivers in any of these areas
+ will be welcome as well as porting to additional plat-
+ forms.
+
+ MECHANISM
+ Net components are pinged by use of ICMP echo and,
+ optionally, CHAOS status requests and SNMP "gets." The
+ program initializes itself from static data stored in
+ the file system and therefore does not need to access
+ the network in order to get running (unless the static
+ files are network mounted).
+
+ CAVEATS
+ As of publication, the tool is in beta release.
+
+ BUGS
+ Several minor nits, documented in distribution files.
+ Bug discoveries should be reported by email to Bug-
+ Map@LCS.MIT.Edu.
+
+ LIMITATIONS
+ See distribution file for an indepth discussion of sys-
+ tem capabilities and potential.
+
+ HARDWARE REQUIRED
+ An X display is needed for interactive display of the
+ map, non-graphical interaction is available in non-
+ display mode. For hardcopy output a PostScript or Tek-
+ tronix 4692 printer is required.
+
+
+
+
+ IETF NOCTools Working Group [Page 58]
+
+ Internet Tool Catalog MAP
+
+
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS. IP/ICMP is required;
+ CHAOS/STATUS and SNMP can be used but are optional.
+ X-Windows is required for interactive display of the
+ map.
+
+ AVAILABILITY
+ As of publication, map is in beta release. To be added
+ to the email forum that discusses the software, or to
+ obtain individual files or instructions on getting the
+ full current release, send a request to:
+
+ MAP-Request@LCS.MIT.Edu.
+
+ The program is Copyright MIT. It is available via
+ anonymous FTP with a license making it free to use and
+ distribute for non-commercial purposes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 59]
+
+ Internet Tool Catalog MCONNECT
+
+
+ NAME
+ mconnect
+
+ KEYWORDS
+ status; SMTP; spoof; UNIX.
+
+ ABSTRACT
+ Mconnect allows an interactive session with a remote
+ mailer. Mail delivery problems can be diagnosed by
+ connecting to the remote mailer and issuing SMTP com-
+ mands directly.
+
+ MECHANISM
+ Opens a TCP connection to remote SMTP on port 25. Pro-
+ vides local line buffering and editing, which is the
+ distinction between mconnect and a TELNET to port 25.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Mconnect is not a large improvement over using a TELNET
+ connection to port 25.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS.
+
+ AVAILABILITY
+ Available with 4.xBSD UNIX and related operating sys-
+ tems.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 60]
+
+ Internet Tool Catalog NETLABS CMOT AGENT
+
+
+ NAME
+ Netlabs CMOT Agent
+
+ KEYWORDS
+ manager, status; IP, OSI; NMS.
+
+ ABSTRACT
+ Netlabs' CMOT code debuted in Interop 89. The CMOT
+ code comes with an Extensible MIB, which allows users
+ to add new MIB variables. The code currently supports
+ all the MIB variables in RFC 1095 via the data types in
+ RFC 1065, as well as the emerging MIB-II, which is
+ currently in experimental stage. The CMOT has been
+ benchmarked at 100 Management Operations per Second
+ (MOPS) for a 1-MIPS machine.
+
+ MECHANISM
+ The Netlabs CMOT agent supports the control and moni-
+ toring of network resources by use of CMOT message
+ exchanges.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Portable to most hardware.
+
+ SOFTWARE REQUIRED
+ Portable to most operating systems.
+
+ AVAILABILITY
+ Commercially available from:
+ Netlabs Inc
+ 11693 Chenault Street Ste 348
+ Los Angeles CA 90049
+ (213) 476-4070
+ lam@netlabs.com (Anne Lam)
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 61]
+
+ Internet Tool Catalog NETLABS SNMP AGENT
+
+
+ NAME
+ Netlabs SNMP Agent.
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP.
+
+ ABSTRACT
+ Netlabs' SNMP code debuted in Interop 89, where it
+ showed interoperation of the code with several imple-
+ mentations on the show floor. The SNMP code comes with
+ an Extensible MIB, which allows users to add new MIB
+ variables. The code currently supports all the MIB
+ variables in RFC 1066 via the data types in RFC 1065,
+ as well as the emerging MIB-II, which is currently in
+ experimental stage. The SNMP has been benchmarked at
+ 200 Management Operations per Second (MOPS) for a 1-
+ MIPS machine.
+
+ MECHANISM
+ The Netlabs SNMP agent supports the control and moni-
+ toring of network resources by use of SNMP message
+ exchanges.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Portable to most hardware.
+
+ SOFTWARE REQUIRED
+ Portable to most operating systems.
+
+ AVAILABILITY
+ Commercially available from:
+ Netlabs Inc
+ 11693 Chenault Street Ste 348
+ Los Angeles CA 90049
+ (213) 476-4070
+ lam@netlabs.com (Anne Lam)
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 62]
+
+ Internet Tool Catalog NETMON (I)
+
+
+ NAME
+ netmon
+
+ KEYWORDS
+ status; DNS, IP; ping; DOS; free.
+
+ ABSTRACT
+ Netmon is a DOS-based program that pings hosts on a
+ monitored list at user-specified intervals. In addi-
+ tion, a user may optionally ping hosts not on the list.
+
+ Netmon also performs domain lookups. Furthermore, a
+ user may build and send a domain query to any desired
+ DNS server.
+
+ MECHANISM
+ The tool works by using the echo service feature of
+ ICMP. It reports if it receives an incorrect response
+ or no response.
+
+ CAVEATS
+ Depending on the frequency of pinging and the number of
+ hosts pinged, netmon could create a high volume of
+ traffic.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ A PC, and a Western Digital WD8003 interface card (or
+ any other card for which there is a packet driver for
+ FTP Software Inc.'s PC/TCP kernel). Both monochrome
+ and color displays are supported, though color is
+ recommended.
+
+ SOFTWARE REQUIRED
+ DOS operating system, and the PC/TCP Kernel by FTP
+ Software, Inc.
+
+ AVAILABILITY
+ The BYU modified version is available for anonymous FTP
+ from Dcsprod.byu.edu, in directory "programs." It can
+ be freely distributed for non-commercial use.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 63]
+
+ Internet Tool Catalog NETMON (II)
+
+
+ NAME
+ NETMON and iptrace
+
+ KEYWORDS
+ traffic; IP; eavesdrop; UNIX; free.
+
+ ABSTRACT
+ NETMON is a facility to enable communication of net-
+ working events from the BSD UNIX operating system to a
+ user-level network monitoring or management program.
+ Iptrace is a program interfacing to NETMON which logs
+ TCP-IP traffic for performance measurement and gateway
+ monitoring. It is easy to build other NETMON-based
+ tools using iptrace as a model.
+
+ NETMON resides in the 4.3BSD UNIX kernel. It is
+ independent of hardware-specific code in UNIX. It is
+ transparent to protocol and network type, having no
+ internal assumptions about the network protocols being
+ recorded. It is installed in BSD-like kernels by
+ adding a standard function call (probe) to a few points
+ in the input and output routines of the protocols to be
+ logged.
+
+ NETMON is analogous to Sun Microsystems' NIT, but the
+ interface tap function is extended by recording more
+ context information. Aside from the timestamp, the
+ choice of information recorded is up to the installer
+ of the probes. The NETMON probes added to the BSD IP
+ code supplied with the distribution include as context:
+ input and output queue lengths, identification of the
+ network interface, and event codes labeling packet dis-
+ cards. (The NETMON distribution is geared towards
+ measuring the performance of BSD networking protocols
+ in an IP gateway).
+
+ NETMON is designed so that it can reside within the
+ monitored system with minimal interference to the net-
+ work processing. The estimated and measured overhead
+ is around five percent of packet processing.
+
+ The user-level tool "iptrace" is provided with NETMON.
+ This program logs IP traffic, either at IP-level only,
+ or as it passes through the network interface drivers
+ as well. As a separate function, iptrace produces a
+ host traffic matrix output. Its third type of output
+ is abbreviated sampling, in which only a pre-set number
+ of packets from each new host pair is logged. The
+
+
+
+ IETF NOCTools Working Group [Page 64]
+
+ Internet Tool Catalog NETMON (II)
+
+
+ three output types are configured dynamically, in any
+ combination.
+
+ OSITRACE, another logging tool with a NETMON interface,
+ is available separately (and documented in a separate
+ entry in this catalog).
+
+ MECHANISM
+ Access to the information logged by NETMON is through a
+ UNIX special file, /dev/netmon. User reads are blocked
+ until the buffer reaches a configurable level of full-
+ ness.
+
+ Several other parameters of NETMON can be tuned at com-
+ pile time. A diagnostic program, netmonstat, is
+ included in the distribution.
+
+ CAVEATS
+ None.
+
+ BUGS
+ Bug reports and questions should be addressed to:
+ ie-tools@gateway.mitre.org
+ Requests to join this mailing list:
+ ie-tools-request@gateway.mitre.org
+ Questions and suggestions can also be directed to:
+ Allison Mankin (703)883-7907
+ mankin@gateway.mitre.org
+
+ LIMITATIONS
+ A NETMON interface for tcpdump and other UNIX protocol
+ analyzers is not included, but it is simple to write.
+ NETMON probes for a promiscuous ethernet interface are
+ similarly not included.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX-like network protocols or the ability to
+ install the BSD publicly available network protocols in
+ the system to be monitored.
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 65]
+
+ Internet Tool Catalog NETMON (II)
+
+
+
+ AVAILABILITY
+ The NETMON distribution is available by anonymous FTP
+ in pub/netmon.tar or pub/netmon.tar.Z from aelred-
+ 3.ie.org. A short user's and installation guide,
+ NETMON.doc, is available in the same location. The
+ NETMON distribution is provided "as is" and requires
+ retention of a copyright text in code derived from it.
+ It is copyrighted by the MITRE-Washington Networking
+ Center.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 66]
+
+ Internet Tool Catalog NETMON (III)
+
+
+ NAME
+ NETMON -- an SNMP-based network management tool from
+ SNMP Research.
+
+ KEYWORDS
+ alarm, control, manager, map, routing; DECnet, ether-
+ net, IP, OSI, ring, star; NMS, SNMP; DOS; sourcelib.
+
+ ABSTRACT
+ The NETMON application implements a network management
+ station based on a low-cost DOS-based platform. It can
+ be successfully used with many types of networks,
+ including both wide area networks and those based on
+ various LAN media. NETMON has been used with multipro-
+ tocol devices including those which support TCP/IP,
+ DECnet, and OSI protocols. The fault management tool
+ displays the map of the network configuration with
+ current node and link state indicated in one of several
+ colors. Alarms may be enabled to alert the operator of
+ events occurring in the network. Events are logged to
+ disk. The NETMON application comes complete with
+ source code including a powerful set of portable
+ libraries for generating and parsing SNMP messages.
+ Output data from NETMON may be transferred via flat
+ files for additional report generation by a variety of
+ statistical packages.
+
+ MECHANISM
+ The NETMON application is based on the Simple Network
+ Management Protocol (SNMP). Polling is performed via
+ the powerful SNMP get-next operator and the SNMP get
+ operator. Trap directed polling is used to regulate
+ the focus and intensity of the polling.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ The monitored and managed nodes must implement the SNMP
+ over UDP per RFC 1098 or must be reachable via a proxy
+ agent.
+
+ HARDWARE REQUIRED
+ The minimum system is a IBM Personal Computer (4.77
+ MHz) with DOS 3.0 or later, an Enhanced Graphics
+
+
+
+ IETF NOCTools Working Group [Page 67]
+
+ Internet Tool Catalog NETMON (III)
+
+
+ Adapter, Enhanced Graphics Monitor, a single 360 Kbyte
+ floppy drive, and an ethernet adapter. However, most
+ users will find a hard disk to be helpful for storing
+ network history and will be less impatient with a fas-
+ ter CPU.
+
+ SOFTWARE REQUIRED
+ DOS 3.0 or later and TCP/IP software from one of
+ several sources.
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 68]
+
+ Internet Tool Catalog NETSTAT
+
+
+ NAME
+ netstat
+
+ KEYWORDS
+ routing; IP; UNIX, VMS; free.
+
+ ABSTRACT
+ Netstat is a program that accesses network related data
+ structures within the kernel, then provides an ASCII
+ format at the terminal. Netstat can provide reports on
+ the routing table, TCP connections, TCP and UDP
+ "listens", and protocol memory management.
+
+ MECHANISM
+ Netstat accesses operating system memory to read the
+ kernel routing tables.
+
+ CAVEATS
+ Kernel data structures can change while netstat is run-
+ ning.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Available via anonymous FTP from uunet.uu.net, in
+ directory bsd-sources/src/ucb. Available with 4.xBSD
+ UNIX and related operating systems. For VMS, available
+ as part of TGV MultiNet IP software package, as well as
+ Wollongong's WIN/TCP.
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 69]
+
+ Internet Tool Catalog NETWATCH
+
+
+ NAME
+ netwatch
+
+ KEYWORDS
+ traffic; ethernet, IP, ring; eavesdrop; DOS; free.
+
+ ABSTRACT
+ PC/netwatch listens to an attached local broadcast net-
+ work and displays one line of information for every
+ packet that goes by. This information consists of the
+ "to" and "from" local network addresses, the packet
+ length, the value of the protocol type field, and 8
+ selected contiguous bytes of the packet contents.
+ While netwatch is running it will respond to commands
+ to display collected information, change its operating
+ mode, or to filter for specific types of packets.
+
+ MECHANISM
+ Puts controller in promiscuous mode.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ The monitor can handle a burst rate of about 200 pack-
+ ets per second. Packets arriving faster than that are
+ missed (but counted in the statistics of the network
+ driver). The display rate is about 25 packets per
+ second and there is a buffer that can hold 512
+ undisplayed packets. The monitor discards overflow
+ packets.
+
+ HARDWARE REQUIRED
+ IBM PC compatible with CGA and network interface (3com
+ 3C501, Interlan NI5010, or proNet p1300).
+
+ SOFTWARE REQUIRED
+ DOS 2.0 or higher, MicroSoft C (to generate custom exe-
+ cutables)
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 70]
+
+ Internet Tool Catalog NETWATCH
+
+
+
+ AVAILABILITY
+ Available as a utility program in the pcip distribution
+ from host husc6.harvard.edu, in directory pub/pcip.
+ Available in a standalone package via anonymous FTP
+ from windom.ucar.edu, in file pc/network/netwatch.arc;
+ a binary "dearc" program is also available from
+ windom.ucar.edu.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 71]
+
+ Internet Tool Catalog NETWORK INTEGRATOR I
+
+
+ NAME
+ Network Integrator I
+
+ KEYWORDS
+ map, traffic; ethernet; UNIX.
+
+ ABSTRACT
+ This tool monitors traffic on network segments. All
+ information is dumped to either a log file or, for
+ real-time viewing, to a command tool window. Data is
+ time-stamped according to date and time. Logging can
+ continue for up to 24 hours.
+
+ The tool is flexible in data collection and presenta-
+ tion. Traffic filters can be specified according to
+ header values of numerous protocols, including those
+ used by Apple, DEC, Sun, HP, and Apollo. Bandwidth
+ utilization can be monitored, as well as actual load
+ and peak throughput. Additionally, the Network
+ Integrator can analyze a network's topology, and record
+ the location of all operational nodes on a network.
+
+ Data can be displayed in six separate formats of bar
+ graphs. In addition, there are several routines for
+ producing statistical summaries of the data collected.
+
+ MECHANISM
+ The tools work through RPC and XDR calls.
+
+ CAVEATS
+ Although the tool adds only little traffic to a net-
+ work, generation of statistics from captured files
+ requires a significant portion of a workstation's CPU.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Must be root to run monitor. There does not seem to be
+ a limit to the number of nodes, since it monitors by
+ segments. The only major limitation is the amount of
+ disk space that a user can commit to the log files.
+ The size of the log files, however, can be controlled
+ through the tool's parameters.
+
+ HARDWARE REQUIRED
+ Sun3 or Sun4.
+
+
+
+
+ IETF NOCTools Working Group [Page 72]
+
+ Internet Tool Catalog NETWORK INTEGRATOR I
+
+
+ SOFTWARE REQUIRED
+ 4.0BSD UNIX or greater, or related OS.
+
+ AVAILABILITY
+ Copyrighted, commercially available from
+ Network Integrators,
+ (408) 927-0412.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 73]
+
+ Internet Tool Catalog NET_MONITOR
+
+
+ NAME
+ net_monitor
+
+ KEYWORDS
+ routing, status; DECnet, IP; curses, ping; UNIX, VMS;
+ free, sourcelib.
+
+ ABSTRACT
+ Net_monitor uses ICMP echo (and DECnet reachability
+ information on VAX/VMS) to monitor a network. The mon-
+ itoring is very simplistic, but has proved useful. It
+ periodically tests whether hosts are reachable and
+ reports the results in a full-screen display. It
+ groups hosts together in common sets. If all hosts in
+ a set become unreachable, it makes a lot of racket with
+ bells, since it assumes that this means that some com-
+ mon piece of hardware that supports that set has
+ failed. The periodicity of the tests, hosts to test,
+ and groupings of hosts are controlled with a single
+ configuration file.
+
+ The idea for this program came from the PC/IP monitor
+ facility, but is an entirely different program with
+ different functionality.
+
+ MECHANISM
+ Reachability is tested using ICMP echo facilities for
+ TCP/IP hosts (and DECnet reachability information on
+ VAX/VMS). A DECnet node is considered reachable if it
+ appears in the list of hosts in a "show network" com-
+ mand issued on a routing node.
+
+ CAVEATS
+ This facility has been found to be most useful when run
+ in a window on a workstation rather than on a terminal
+ connected to a host. It could be useful if ported to a
+ PC (looks easy using FTP Software's programming
+ libraries), but this has not been done. Curses is very
+ slow and cpu intensive on VMS, but the tool has been
+ run in a window on a VAXstation 2000. Just don't try
+ to run it on a terminal connected to a 11/750.
+
+ BUGS
+ None known.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 74]
+
+ Internet Tool Catalog NET_MONITOR
+
+
+
+ LIMITATIONS
+ This tool is not meant to be a replacement for a more
+ comprehensive network management facility such as is
+ provided with SNMP.
+
+ HARDWARE REQUIRED
+ A host with a network connection.
+
+ SOFTWARE REQUIRED
+ Curses, 4.xBSD UNIX socket programming libraries (lim-
+ ited set) and some flavor of TCP/IP that supports ICMP
+ echo request (ping). It has been run on VAX/VMS run-
+ ning WIN/TCP and several flavors of 4BSD UNIX (includ-
+ ing SunOS 3.2, 4.0, and 4.3BSD). It could be ported to
+ any platform that provides a BSD-style programming li-
+ brary with an ICMP echo request facility and curses.
+
+ AVAILABILITY
+ Requests should be sent to the author:
+
+ Dale Smith
+ Asst Dir of Network Services
+ University of Oregon
+ Computing Center
+ Eugene, OR 97403-1211
+
+ Internet: dsmith@oregon.uoregon.edu.
+ BITNET: dsmith@oregon.bitnet
+ UUCP: ...hp-pcd!uoregon!dsmith
+ Voice: (503)686-4394
+
+ With the source code, a makefile is provided for most
+ any UNIX box and a VMS makefile compatible with the
+ make distributed with PMDF. A VMS DCL command file is
+ also provided, for use by those VMS sites without
+ "make."
+
+ The author will attempt to fix bugs, but no support is
+ promised. The tool is copyrighted, but free (for now).
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 75]
+
+ Internet Tool Catalog NFSWATCH
+
+
+ NAME
+ nfswatch
+
+ KEYWORDS
+ traffic; ethernet, IP, NFS; curses, eavesdrop; UNIX;
+ free.
+
+ ABSTRACT
+ Nfswatch monitors all incoming ethernet traffic to an
+ NFS file server and divides it into several categories.
+ The number and percentage of packets received in each
+ category is displayed on the screen in a continuously
+ updated display.
+
+ All exported file systems are monitored by default.
+ Other files may optionally be monitored. Options also
+ allow monitoring of traffic destined for a remote host
+ instead of the local host, or monitoring traffic sent
+ by a single host. Items such as the sample interval
+ length can be adjusted either on the command line or
+ interactively. Facilities for taking screen
+ "snapshots," saving all data to a log file, and summar-
+ izing the log file are included. Nfslogsum, a program
+ that summarizes the log file, is included in the dis-
+ tribution.
+
+ MECHANISM
+ Nfswatch uses the Network Interface Tap in promiscuous
+ mode to monitor the ethernet. It filters out NFS pack-
+ ets destined for the local (or remote) host, and then
+ decodes the file handles in order to determine which
+ file or file system a request pertains to.
+
+ CAVEATS
+ Because the NFS file handle is a non-standard (server
+ private) piece of data, the file system monitoring part
+ of the program will break whenever the format of a file
+ handle is not what it expects to see. This is easily
+ fixed in the code, however. The code presently under-
+ stands SunOS 4.0 file handles.
+
+ BUGS
+ None known.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 76]
+
+ Internet Tool Catalog NFSWATCH
+
+
+
+ LIMITATIONS
+ Up to 256 exported file systems and 256 individual
+ files can be monitored, but only (2 * (DisplayLines -
+ 16)) will be displayed on the screen (all data will be
+ written to the log file).
+
+ Only NFS requests made by client machines are counted;
+ the NFS traffic generated by the server in response to
+ these requests is not counted.
+
+ HARDWARE REQUIRED
+ Has been tested on Sun-3 and Sun-4 systems. No
+ hardware dependencies, but see below.
+
+ SOFTWARE REQUIRED
+ SunOS 4.0 or higher. The STREAMS NIT device is used.
+ Fairly easy code modifications should be able to make
+ it run under older SunOS releases, or other versions of
+ BSD UNIX with a NIT-like device.
+
+ AVAILABILITY
+ Copyrighted, but freely distributable. Available via
+ anonymous FTP from hosts icarus.riacs.edu and
+ spam.itstd.sri.com in pub/nfswatch.tar.Z. There should
+ also be a copy on the 1989 Sun User's Group tape.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 77]
+
+ Internet Tool Catalog NHFSSTONE
+
+
+ NAME
+ nhfsstone
+
+ KEYWORDS
+ benchmark, generator; NFS; spoof; UNIX; free.
+
+ ABSTRACT
+ Nhfsstone (pronounced n-f-s-stone, the "h" is silent)
+ is an NFS benchmarking program. It is used on an NFS
+ client to generate an artificial load with a particular
+ mix of NFS operations. It reports the average response
+ time of the server in milliseconds per call and the
+ load in calls per second. The nhfsstone distribution
+ includes a script, "nhfsnums" that converts test
+ results into plot(5) format so that they can be graphed
+ using graph(1) and other tools.
+
+ MECHANISM
+ Nhfsstone is an NFS traffic generator. It adjusts its
+ calling patterns based on the client's kernel NFS
+ statistics and the elapsed time. Load can be generated
+ over a given time or number of NFS calls.
+
+ CAVEATS
+ Nhfsstone will compete for system resources with other
+ applications.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ 4.xBSD-based UNIX
+
+ AVAILABILITY
+ Available via anonymous FTP from bugs.cs.wisc.edu.
+ Alternatively, Legato Systems will provide the program
+ free of charge, if certain conditions are met. Send
+ name and both email and U.S. mail addresses to:
+ Legato Systems, Inc.
+ Nhfsstone
+ 260 Sheridan Avenue
+ Palo Alto, California 94306
+
+
+
+ IETF NOCTools Working Group [Page 78]
+
+ Internet Tool Catalog NHFSSTONE
+
+
+
+ A mailing list is maintained for regular information
+ and bug fixes: nhfsstone@legato.com or
+ uunet!legato.com!nhfsstone. To join the list:
+ nhfsstone-request@legato.com or
+ uunet!legato.com!nhfsstone-request.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 79]
+
+ Internet Tool Catalog NMC
+
+
+ NAME
+ NMC -- the Hughes LAN Systems 9100 Network Management
+ Center
+
+ KEYWORDS
+ control, manager, routing, status, traffic; bridge,
+ DECnet, ethernet, IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ The 9100 Network Management Center provides the capa-
+ bility to manage and control standards-based networking
+ products from Hughes LAN Systems' and other vendors.
+ This management extends to all network products that
+ are equipped with the industry standard SNMP (Simple
+ Network Management Protocol). A comprehensive rela-
+ tional database manages the data and ensures easy
+ access and control of resources throughout the network.
+
+ 9100 NMC software provides the following functions:
+
+ Database Management
+ Stores and retrieves the information required to
+ administer and configure the network. It can be
+ used to:
+ Store and recall configuration data for all
+ devices.
+ Provide availability history for devices.
+ Provides full-function SQL interface.
+ Assign new internet addresses.
+ Provide administrative information such as
+ physical location of devices, person respon-
+ sible, maintenance history, asset data,
+ hardware/software versions, etc.
+
+ Configuration Management
+ A comprehensive configuration model that enables
+ you to:
+ Retrieve configuration information from SNMP
+ devices.
+ Configure HLS devices using SNMP.
+ Configures attributes relating to TCP/IP,
+ DECnet and other protocols in HLS devices
+ using SNMP.
+ Poll devices to compare their current attri-
+ bute values with those in the database and
+ produce reports of the discrepancies.
+ Collect data about the state of the network.
+
+
+
+
+ IETF NOCTools Working Group [Page 80]
+
+ Internet Tool Catalog NMC
+
+
+
+ Performance Management
+ Displays local network traffic graphically, by
+ packet size, protocol, network utilization,
+ sources and destinations of packets, etc.
+
+ Fault Management
+ Provides availability monitoring and indicates
+ potential problems.
+ Scheduled availability monitoring of devices.
+ SNMP traps (alarms) are recorded in an alarm
+ log.
+ New alarms are indicated by a flashing icon
+ and optional audio alert.
+ Possible causes and suggested actions for the
+ alarms are listed.
+ Cumulative reports can be produced.
+
+ Utilities Function
+ Allows you to view and/or stop existing NMC
+ processes, and to define schedules for invoking
+ NMC applications and database maintenance utili-
+ ties.
+
+ MECHANISM
+ SNMP.
+
+ CAVEATS
+ None reported.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Maximum number of nodes that can be monitored is
+ 18,000. This can include Hosts, Terminal Servers, PCs,
+ and Bridges.
+
+ HARDWARE REQUIRED
+ The host for the NMC software is a Sun 3 desktop works-
+ tation. Recommended minimum hardware is the Sun 3/80
+ Color with a 1/4" SCSI tape drive.
+
+ SOFTWARE REQUIRED
+ The NMC, which is provided on 1/4" tape format, runs on
+ the Sun 4.0 Operating System.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 81]
+
+ Internet Tool Catalog NMC
+
+
+
+ AVAILABILITY
+ A commercial product of:
+ Hughes LAN Systems Inc.
+ 1225 Charleston Road
+ Mountain View, CA 94043
+ Phone: (415) 966-7300
+ Fax: (415) 960-3738
+ RCA Telex: 276572
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 82]
+
+ Internet Tool Catalog NNSTAT
+
+
+ NAME
+ NNStat
+
+ KEYWORDS
+ manager, status, traffic; ethernet, IP; eavesdrop, NMS;
+ UNIX; free.
+
+ ABSTRACT
+ NNStat is a collection of programs that provides an
+ internet statistic collecting capability. The NNStat
+ strategy for statistic collection is to collect traffic
+ statistics via a promiscuous ethernet tap on the local
+ networks, versus instrumenting the gateways. If all
+ traffic entering or leaving a network or set of net-
+ works traverses a local ethernet, then by stationing a
+ statistic gathering agent on each local network a pro-
+ file of network traffic can be gathered. Statistical
+ data is retrieved from the local agents by a global
+ manager.
+
+ A program called "statspy" performs the data gathering
+ function. Essentially, statspy reads all packets on an
+ ethernet interface and records all information of
+ interest. Information of interest is gathered by exa-
+ mining each packet and determining if the source or
+ destination IP address is one that is being monitored,
+ typically a gateway address. If so then the contents
+ of the packet are examined to see if they match further
+ criteria.
+
+ A program called "collect" performs global data collec-
+ tion. It periodically polls various statspy processes
+ in the domain of interest to retrieve locally logged
+ statistical data.
+
+ The NNSTAT distribution comes with several sample awk
+ programs which process the logged output of the collect
+ program.
+
+ MECHANISM
+ Local agents (statspy processes) collect raw traffic
+ data via a promiscuous ethernet tap. Statistical, fil-
+ tered or otherwise reduced data is retrieved from the
+ local agents by a global manager (the "collect" pro-
+ cess).
+
+ CAVEATS
+ None.
+
+
+
+ IETF NOCTools Working Group [Page 83]
+
+ Internet Tool Catalog NNSTAT
+
+
+
+ BUGS
+ Bug fixes, extensions, and other pointers are discussed
+ in the electronic mail forum, bytecounters. To join,
+ send a request to bytecounters-request@venera.isi.edu.
+ Forum exchanges are archived in the file
+ bytecounters/bytecounters.mail, available via anonymous
+ FTP from venera.isi.edu.
+
+ LIMITATIONS
+ NNStat presumes a topology of one or more long haul
+ networks gatewayed to local ethernets.
+
+ A kernel mod required to run with SunOS4. These mods
+ are described in the bytecounters archive.
+
+ HARDWARE REQUIRED
+ Ethernet interface. Sun 3, Sun 4 (SPARC), or PC RT
+ workstation.
+
+ SOFTWARE REQUIRED
+ Distribution is for BSD UNIX, could easily be adapted
+ to any UNIX with promiscuous ethernet support.
+
+ AVAILABILITY
+ Distribution is available via anonymous FTP from
+ venera.isi.edu, in file pub/NNStat.tar.Z. Documenta-
+ tion is in pub/NNStat.userdoc.ms.Z.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 84]
+
+ Internet Tool Catalog NPRV
+
+
+ NAME
+ NPRV -- IP Node/Protocol Reachability Verifier
+
+ KEYWORDS
+ map, routing, status; IP; ping; VMS; free.
+
+ ABSTRACT
+ NPRV is a full-screen, keypad-oriented utility that
+ runs under VAX/VMS. It allows the user to quickly scan
+ through a user-defined list of IP addresses (or domain
+ names) and verify a node's reachability. The node's
+ reachability is determined by performing an ICMP echo,
+ UDP echo and a TCP echo at alternating three second
+ intervals. The total number of packets sent and
+ received are displayed, as well as the minimum, average
+ and maximum round-trip times (in milliseconds) for each
+ type of echo. Additionally, a "trace route" function
+ is performed to determine the path from the local sys-
+ tem to the remote host. Once all of the trace route
+ information has filled the screen, a "snapshot" of the
+ screen can be written to a text file. Upon exiting the
+ utility, these text files can be used to generate a
+ logical network map showing host and gateway intercon-
+ nectivity.
+
+ MECHANISM
+ The ICMP echo is performed by sending ICMP ECHO REQUEST
+ packets. The UDP and TCP echoes are performed by con-
+ necting to the UDP/TCP echo ports (port number 7). The
+ trace route information is compiled by sending alter-
+ nating ICMP ECHO REQUEST packets and UDP packets with
+ very large destination UDP port numbers (in two
+ passes). Each packet is initially sent with a TTL
+ (time to live) of 1. This should cause an ICMP TIME
+ EXCEEDED error to be generated by the first routing
+ gateway. Then each packet is sent with a TTL of 2.
+ This should cause an ICMP TIME EXCEEDED error to be
+ generated by the second routing gateway. Then each
+ packet is sent with a TTL of 3, and so on. This pro-
+ cess continues until an ICMP ECHO REPLY or UDP PORT
+ UNREACHABLE is received. This indicates that the
+ remote host has been reached and that the trace route
+ information is complete.
+
+ CAVEATS
+ This utility sends one echo packet per second (ICMP,
+ UDP or TCP), as well as sending out one trace route
+ packet per second. If a transmitted trace route packet
+
+
+
+ IETF NOCTools Working Group [Page 85]
+
+ Internet Tool Catalog NPRV
+
+
+ is returned in less than one second, another trace
+ route packet is sent in 100 milliseconds. This could
+ cause a significant amount of contention on the local
+ network.
+
+ BUGS
+ None known. Please report any discovered bugs to the
+ author at:
+ Allen Sturtevant
+ National Magnetic Fusion Energy Computer Center
+ Lawrence Livermore National Laboratory
+ P.O. Box 808; L-561
+ Livermore, CA 94550
+ Phone : (415) 422-8266
+ E-Mail: sturtevant@ccc.nmfecc.gov
+
+ LIMITATIONS
+ The user is required to have SYSPRV privilege to per-
+ form the ICMP Echo and trace route functions. The
+ utility will still run with this privilege disabled,
+ but only the UDP Echo and TCP Echo information will be
+ displayed. This utility is written in C, but unfor-
+ tunately it cannot be easily ported over to UNIX since
+ many VMS system calls are used and all screen I/O is
+ done using the VMS Screen Management Routines.
+
+ HARDWARE REQUIRED
+ Any network interface supported by TGV Incorporated's
+ MultiNet software.
+
+ SOFTWARE REQUIRED
+ VAX/VMS V5.1+ and TGV Incorporated's MultiNet version
+ 2.0.
+
+ AVAILABILITY
+ For executables only, FTP to the ANONYMOUS account
+ (password GUEST) on CCC.NMFECC.GOV (128.55.128.30) and
+ GET the following files:
+
+ [ANONYMOUS.PROGRAMS.NPRV]NPRV.DOC (ASCII text)
+ [ANONYMOUS.PROGRAMS.NPRV]NPRV.EXE (binary)
+ [ANONYMOUS.PROGRAMS.NPRV]SAMPLE.IPA (ASCII text)
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 86]
+
+ Internet Tool Catalog NSLOOKUP
+
+
+ NAME
+ nslookup
+
+ KEYWORDS
+ status; DNS; spoof; UNIX, VMS; free.
+
+ ABSTRACT
+ Nslookup is a program used for interactive query of
+ ARPA Internet domain servers. This program is useful
+ for diagnosing routing or mail delivery problems, where
+ often a local domain server is responding with an
+ incorrect internet address. It is essentially a data-
+ base front end which converts user queries into domain
+ name queries. By default nslookup queries the local
+ domain name server but you can specify additional
+ servers. Additional information beyond the mapping of
+ domain names to internet addresses is possible.
+
+ MECHANISM
+ Formats and sends domain name queries.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None known.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Nslookup is part of the "named" distribution, available
+ via anonymous FTP from uunet.uu.net, in directories
+ bsd-sources/src/etc and bsd-sources/src/network, and
+ part of the "bind" distribution, available via
+ anonymous FTP from ucbarpa.berkeley.edu, in directory
+ 4.3. Also available with 4.xBSD UNIX and related
+ operating systems. For VMS, available as part of TGV
+ MultiNet IP software package, as well as Wollongong's
+ WIN/TCP.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 87]
+
+ Internet Tool Catalog OSILOG
+
+
+ NAME
+ osilog -- OSI event Logger
+
+ KEYWORDS
+ alarm, manager; OSI; UNIX; free.
+
+ ABSTRACT
+ The osilog program receives management event reports
+ for the operation of the ISODE Transport layer (ISO
+ Transport Protocol class 0) on one or more managed sys-
+ tems, formats them suitably to facilitate post-
+ processing and records them for future analysis.
+
+ MECHANISM
+ It communicates with the System Management Agents
+ (SMAs) on the selected systems via CMIP.
+
+ CAVEATS
+ The System Management Agent (SMA) must be running on
+ the hosts selected to provide management reports.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ ISODE Transport Layer only supported by the SMA at
+ present.
+
+ HARDWARE REQUIRED
+ Developed and tested on Sun3.
+
+ SOFTWARE REQUIRED
+ The ISODE protocol suite, BSD UNIX.
+
+ AVAILABILITY
+ The osilog and related tools, known as OSIMIS (OSI
+ Management Information Service), are publicly available
+ from University College London, England via FTP and
+ FTAM. To obtain information regarding a copy send
+ email to gknight@ac.ucl.cs.uk or call +44 1 380 7366.
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 88]
+
+ Internet Tool Catalog OSIMIC
+
+
+ NAME
+ osimic -- OSI Microscope
+
+ KEYWORDS
+ manager, status; OSI; UNIX; free.
+
+ ABSTRACT
+ The osimic program is a human user interface to the
+ management information base on the ISODE Transport
+ layer (ISO Transport Protocol class 0). It allows
+ browsing through the management information tree and
+ enables the manipulation of attribute values. It is
+ implemented using the SunView package of the SunTools
+ window system.
+
+ MECHANISM
+ It communicates with the System Management Agent (SMA)
+ on the selected system via CMIP.
+
+ CAVEATS
+ The System Management Agent (SMA) must be running on
+ the host where the mib is being examined.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ ISODE Transport Layer only supported by the SMA at
+ present.
+
+ HARDWARE REQUIRED
+ Developed and tested on Sun3.
+
+ SOFTWARE REQUIRED
+ The ISODE protocol suite, BSD UNIX, SunView/SunTools.
+
+ AVAILABILITY
+ The osimic and related tools, known as OSIMIS (OSI
+ Management Information Service), are publicly available
+ from University College London, England via FTP and
+ FTAM. To obtain information regarding a copy send
+ email to gknight@ac.ucl.cs.uk or call +44 1 380 7366.
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 89]
+
+ Internet Tool Catalog OSIMON
+
+
+ NAME
+ osimon -- OSI Monitor
+
+ KEYWORDS
+ manager, status, traffic; OSI; curses; UNIX; free.
+
+ ABSTRACT
+ The osimon program monitors activity of the ISODE Tran-
+ sport layer (ISO Transport Protocol class 0), display-
+ ing entries for the active transport entities and con-
+ nections. The display is dynamically updated in the
+ case of significant events such as connection opening
+ and closing and packet traffic, as information is
+ received in the form of event reports from a SMA. It
+ uses the UNIX curses package for screen management.
+
+ MECHANISM
+ It communicates with the System Management Agent (SMA)
+ on the selected system via CMIP.
+
+ CAVEATS
+ The System Management Agent (SMA) must be running on
+ the host being monitored.
+
+ BUGS
+ For the terminal type Sun, there are some transient
+ problems with the display.
+
+ LIMITATIONS
+ ISODE Transport Layer only supported at present.
+
+ HARDWARE REQUIRED
+ Developed and tested on Sun3 for various terminal
+ types.
+
+ SOFTWARE REQUIRED
+ The ISODE protocol suite, BSD UNIX.
+
+ AVAILABILITY
+ The osimon and related tools, known as OSIMIS (OSI
+ Management Information Service), are publicly available
+ from University College London, England via FTP and
+ FTAM. To obtain information regarding a copy send
+ email to gknight@ac.ucl.cs.uk or call +44 1 380 7366.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 90]
+
+ Internet Tool Catalog OSITRACE
+
+
+ NAME
+ OSITRACE
+
+ KEYWORDS
+ traffic; OSI; eavesdrop; UNIX; free.
+
+ ABSTRACT
+ OSITRACE is a network performance tool that displays
+ information about ISO TP4 connections. One line of
+ output is displayed for each packet indicating the
+ time, source, destination, length, packet type,
+ sequence number, credit, and any optional parameters
+ contained in the packet. Numerous options are avail-
+ able to control the output of OSITRACE.
+
+ To obtain packets to analyze, OSITRACE uses Sun
+ Microsystems' Network Interface Tap (NIT) in SunOS 3.4,
+ 3.5, and 4.0.X. OSITRACE may also obtain data from the
+ NETMON utility which is described as another tool
+ entry.
+
+ In Sun systems, OSITRACE may be easily installed: OSI
+ kernel support is not needed, nor is any other form of
+ OSI software support.
+
+ MECHANISM
+ This tool has been designed in such a way that code to
+ process different protocol suites may be easily added.
+ As such, OSITRACE also has the ability to trace the DOD
+ TCP protocols.
+
+ CAVEATS
+ None.
+
+ BUGS
+ Bug reports and questions should be addressed to: ie-
+ tools@gateway.mitre.org
+
+ Requests to join this mailing list: ie-tools-
+ request@gateway.mitre.org
+
+ Questions and suggestions can also be directed to: Greg
+ Hollingsworth, gregh@gateway.mitre.org
+
+ LIMITATIONS
+ None reported.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 91]
+
+ Internet Tool Catalog OSITRACE
+
+
+
+ HARDWARE REQUIRED
+ No restriction.
+
+ SOFTWARE REQUIRED
+ SunOS 3.4, 3.5, or 4.0.X, or BSD UNIX-like network pro-
+ tocols with NETMON installed.
+
+ AVAILABILITY
+ OSITRACE is copyrighted by the MITRE-Washington Net-
+ working Center, but freely distributed "as is." It re-
+ quires retention of a copyright text in code derived
+ from it. The distribution is available by anonymous
+ FTP in pub/pdutrace.tar or pub/pdutrace.tar.Z from
+ aelred-3.ie.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 92]
+
+ Internet Tool Catalog OVERVIEW
+
+
+ NAME
+ OverVIEW
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; DOS.
+
+ ABSTRACT
+ Network and internet monitor; Performance monitor;
+ Fully Graphic user interface; Event logging; TFTP boot
+ server
+
+ MECHANISM
+ OverVIEW uses SNMP to query routers, gateways and
+ hosts. Also supports SGMP, PING and is committed to
+ CMIP/CMOT. The SNMP queries allow dynamic determina-
+ tion of configuration and state. Sets of related
+ queries allows monitoring of congestion and faults.
+ The hardware and software are sold as an integrated
+ package.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ 256 nodes, 256 nets
+
+ HARDWARE REQUIRED
+ 80286, 640K, EGA, mouse.
+
+ SOFTWARE REQUIRED
+ MS-DOS, OverVIEW, Network kernel, Mouse driver, SNMP
+ agents for monitored devices.
+
+ AVAILABILITY
+ Fully supported product of Proteon, Inc. For more
+ information, contact:
+ Proteon, Inc. Phone: (508) 898-2800
+ 2 Technology Drive Fax: (508) 366-8901
+ Westborough, MA 01581 Telex: 928124
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 93]
+
+ Internet Tool Catalog PING
+
+
+ NAME
+ ping
+
+ KEYWORDS
+ generator, status; IP; ping; DOS, UNIX, VMS; free.
+
+ ABSTRACT
+ Ping is perhaps the most basic tool for internet
+ management. It verifies that a remote IP implementa-
+ tion and the intervening networks and interfaces are
+ functional. It can be used to measure round trip
+ delay. Numerous versions of the ping program exist.
+
+ MECHANISM
+ Ping is based on the ICMP ECHO_REQUEST message.
+
+ CAVEATS
+ If run repeatedly, ping could generate high system
+ loads.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ PC/TCP's ping is the only implementation known support
+ both loose and strict source routing. Though some ping
+ implementations support the ICMP "record route"
+ feature, the usefulness of this option for debugging
+ routes is limited by the fact that many gateways do not
+ correctly implement it.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ None.
+
+ AVAILABILITY
+ Ping is widely included in TCP/IP distributions. Pub-
+ lic domain versions of ping are available via anonymous
+ FTP from uunet.uu.net, in directory bsd-
+ sources/src/etc, and from venera.isi.edu, in directory
+ pub.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 94]
+
+ Internet Tool Catalog PROXYD
+
+
+ NAME
+ proxyd -- SNMP proxy agent daemons from SNMP Research.
+
+ KEYWORDS
+ control, status; bridge, ethernet, IP, ring, star; NMS,
+ SNMP; UNIX; library, sourcelib.
+
+ ABSTRACT
+ SNMP proxy agents may be used to permit the monitoring
+ and controlling of network elements which are otherwise
+ not addressable using the SNMP management protocol
+ (e.g., a network bridge that implements a proprietary
+ management protocol). Similarly, SNMP proxy agents may
+ be used to protect SNMP agents from redundant network
+ management agents through the use of caches. Finally,
+ SNMP proxy agents may be used to implement elaborate
+ MIB access policies. The proxy agent daemon listens
+ for SNMP queries and commands from logically remote
+ network management stations, translates and retransmits
+ those as appropriate network management queries or
+ cache lookups, listens for and parses the responses,
+ translates the responses into SNMP responses, and
+ returns those responses as SNMP messages to the network
+ management station that originated the transaction.
+ The proxy agent daemon also emits SNMP traps to identi-
+ fied trap receivers. The proxy agent daemon is archi-
+ tected to make the addition of additional vendor-
+ specific variables a straight-forward task. The proxy
+ application comes complete with source code including a
+ powerful set of portable libraries for generating and
+ parsing SNMP messages and a set of command line utili-
+ ties.
+
+ MECHANISM
+ Network management variables are made available for
+ inspection and/or alteration by means of the Simple
+ Network Management Protocol (SNMP).
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ This application is a template for proxy application
+ writers.
+
+
+
+
+ IETF NOCTools Working Group [Page 95]
+
+ Internet Tool Catalog PROXYD
+
+
+ Only a few of the many LanBridge 100 variables are sup-
+ ported.
+
+ HARDWARE REQUIRED
+ System from Sun Microsystems, Incorporated.
+
+ SOFTWARE REQUIRED
+ Sun OS 3.5 or 4.x
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 96]
+
+ Internet Tool Catalog QUERY
+
+
+ NAME
+ query, ripquery
+
+ KEYWORDS
+ routing; IP; spoof; UNIX; free.
+
+ ABSTRACT
+ Query allows remote viewing of a gateway's routing
+ tables.
+
+ MECHANISM
+ Query formats and sends a RIP request or POLL command
+ to a destination gateway.
+
+ CAVEATS
+ Query is intended to be used a a tool for debugging
+ gateways, not for network management. SNMP is the pre-
+ ferred protocol for network management.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ The polled gateway must run RIP.
+
+ HARDWARE REQUIRED
+ No restriction.
+
+ SOFTWARE REQUIRED
+ 4.3BSD UNIX or related OS.
+
+ AVAILABILITY
+ Available with routed and gated distributions.
+
+ Routed may be obtained via anonymous FTP from
+ uunet.uu.net, in file bsd-
+ sources/src/network/routed.tar.Z.
+
+ Gated may be obtained via anonymous FTP from
+ devvax.tn.cornell.edu. Distribution files are in
+ directory pub/gated.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 97]
+
+ Internet Tool Catalog SERAG
+
+
+ NAME
+ SERAG -- the Simple Event Reporting and Alarm Genera-
+ tion tool
+
+ KEYWORDS
+ alarm, security; ethernet, IP; NMS, proprietary; UNIX.
+
+ ABSTRACT
+ The Simple Event Reporting and Alarm Generation (SERAG)
+ collects error messages and other event reports from
+ servers on a LAN. Any node with UDP/IP can be the
+ source of such messages/reports. The logging of error
+ messages is integrated with the audit trail facility of
+ the Network Control Server (NCS) from 3COM. Alarms are
+ generated on the NCS based on predefined conditions.
+ Alarms may be sent to the console of the NCS, logged in
+ a file, or routed via WAN to a service center.
+
+ SERAG can automatically detect a predefined set of
+ errors in the servers and generate alarms. The break-
+ down of a server in the LAN may also result in alarm
+ generation.
+
+ SERAG creates an error log that can be used for post-
+ testing analysis.
+
+ MECHANISM
+ The tool searches through the audit trail (error log)
+ files for events specified by the user. The search may
+ be constrained to specific nodes in the network and to
+ a specific time frame. Events may be combined into
+ conditions which are logical expressions (e.g., look
+ for eventA and eventB and not eventC within time frame
+ so and so). This is an interactive query facility to
+ analyze the audit trail (error log).
+
+ The user may also ask for such conditions to be checked
+ at regular intervals, and specify routing of error mes-
+ sages in case the condition is satisfied. The checking
+ of such conditions is done by a daemon process running
+ in the background.
+
+ CAVEATS
+ May impact the performance of the NCS if error logs are
+ big, or if conditions are computationally complex.
+
+ BUGS
+ None known.
+
+
+
+ IETF NOCTools Working Group [Page 98]
+
+ Internet Tool Catalog SERAG
+
+
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ A workstation running UNIX.
+
+ SOFTWARE REQUIRED
+ Implemented in C (using lex and yacc) on a Sun 3/50.
+ Also runs under Xenix. Should work with most versions
+ of UNIX.
+
+ AVAILABILITY
+ Developed jointly by ELAB-RUNIT and Norsk Data:
+
+ Tor Didriksen, Ole-Hjalmar Kristensen, Steinar
+ Haug,
+ Eldfrid Oefsti Oevstedal, Tor Staalhane
+ ELAB-RUNIT
+ N-7034 Trondheim
+ Norway
+
+ phone: +47 7 593000
+ fax : +47 7 532586
+ email: didrik@idt.unit.no
+ sthaug@idt.unit.no
+ kristensen@vax.runit.unit.no
+
+ Commercially available from:
+ Norsk Data A/S
+ P.O. Box 25, Bogerud
+ N-0621 Oslo 6
+ Norway
+ ref: network management/security management/fault
+ management
+
+ phone: +47 2 627500
+ fax : +47 2 296796
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 99]
+
+ Internet Tool Catalog SMA
+
+
+ NAME
+ sma -- OSI System Management Agent
+
+ KEYWORDS
+ alarm, manager, status; OSI; UNIX; free.
+
+ ABSTRACT
+ The sma is a CMIP agent which runs on BSD UNIX and pro-
+ vides access to management information on the operation
+ of the ISODE transport layer (ISO Transport Protocol
+ class 0). It also supports the sending of event
+ reports. Activity can be recorded in a log file.
+
+ MECHANISM
+ The sma communicates with the active ISODE transport
+ entities using UNIX UDP sockets in order to receive the
+ management information which is made available to other
+ manager processes via CMIP.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ ISODE Transport Layer only supported at present.
+
+ HARDWARE REQUIRED
+ Developed on Sun3, tested on Sun3 and VAXStation.
+
+ SOFTWARE REQUIRED
+ The ISODE protocol suite, BSD UNIX.
+
+ AVAILABILITY
+ The sma and related tools, known as OSIMIS (OSI Manage-
+ ment Information Service), are publicly available from
+ University College London, England via FTP and FTAM.
+ To obtain information regarding a copy send email to
+ gknight@ac.ucl.cs.uk or call +44 1 380 7366.
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 100]
+
+ Internet Tool Catalog SNIFFER
+
+
+ NAME
+ Sniffer
+
+ KEYWORDS
+ analyzer, generator, traffic; DECnet, ethernet, IP,
+ NFS, OSI, ring, SMTP, star; eavesdrop; standalone.
+
+ ABSTRACT
+ The Network General Sniffer is a protocol analyzer for
+ performing LAN diagnostics, monitoring, traffic genera-
+ tion, and troubleshooting. The Sniffer protocol
+ analyzer has the capability of capturing every packet
+ on a network and of decoding all seven layers of the
+ OSI protocol model. Capture frame selection is based
+ on several different filters: protocol content at lower
+ levels; node addresses; pattern matching (up to 8
+ logically-related patterns of 32 bytes each); and des-
+ tination class. Users may extend the protocol
+ interpretation capability of the Sniffer by writing
+ their own customized protocol interpreters and linking
+ them to the Sniffer software.
+
+ The Sniffer displays network traffic information and
+ performance statistics in real time, in user-selectable
+ formats. Numeric station addresses are translated to
+ symbolic names or manufacturer ID names. Network
+ activities measured include frames accepted, Kbytes
+ accepted, and buffer use. Each network version has
+ additional counters for activities specific to that
+ network. Network activity is expressed as
+ frames/second, Kbytes/second, or per cent of network
+ bandwidth utilization.
+
+ Data collection by the Sniffer may be output to printer
+ or stored to disk in either print-file or spread-sheet
+ format.
+
+ Protocol suites understood by the Sniffer include:
+ Banyan Vines, IBM Token-Ring, Novell Netware, XNS/MS-
+ Net (3Com 3+), DECnet, TCP/IP (including SNMP and
+ applications-layer protocols such as FTP, SMTP, and
+ TELNET), X Windows (for X version 11), NFS, and several
+ SUN proprietary protocols (including mount, pmap, RPC,
+ and YP). Supported LANs include: ethernet, Token-ring
+ (4Mb and 16Mb versions), ARCNET, StarLAN, IBM PC Net-
+ work (Broadband), and Apple Localtalk Network.
+
+ MECHANISM
+
+
+
+ IETF NOCTools Working Group [Page 101]
+
+ Internet Tool Catalog SNIFFER
+
+
+ The Sniffer is a self-contained, portable protocol
+ analyzer that require only AC line power and connection
+ to a network to operate. Normally passive (except when
+ in Traffic Generator mode), it captures images of all
+ or of selected frames in a working buffer, ready for
+ immediate analysis and display.
+
+ The Sniffer is a standalone device. Two platforms are
+ available: one for use with single network topologies,
+ the other for use with multi-network topologies. Both
+ include Sniffer core software, a modified network
+ interface card (or multiple cards), and optional proto-
+ col interpreter suites.
+
+ All Sniffer functions may be remotely controlled from a
+ modem-connected PC. Output from the Sniffer can be
+ imported to database or spreadsheet packages.
+
+ CAVEATS
+ In normal use, the Sniffer is a passive device, and so
+ will not adversely effect network performance. Perfor-
+ mance degradation will be observed, of course, if the
+ Sniffer is set to Traffic Generator mode and connected
+ to an active network.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ None. The Sniffer is a self-contained unit, and
+ includes its own interface card. It installs into a
+ network as would any normal workstation.
+
+ SOFTWARE REQUIRED
+ None.
+
+ AVAILABILITY
+ The Sniffer is available commercially. For information
+ on your local representative, call or write:
+
+ Network General Corporation 4200 Bohannon Drive
+ Menlo Park, CA 94025 Phone: (415) 688-2700 Fax:
+ 415-321-0855
+
+ For acquisition by government agencies, the Sniffer is
+
+
+
+ IETF NOCTools Working Group [Page 102]
+
+ Internet Tool Catalog SNIFFER
+
+
+ included on the GSA schedule.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 103]
+
+ Internet Tool Catalog SNMP DEVELOPMENT KIT
+
+
+ NAME
+ The SNMP Development Kit
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX; free, sourcelib.
+
+ ABSTRACT
+ The SNMP Development Kit comprises C Language source
+ code for a programming library that facilitates access
+ to the management services of the SNMP (RFC 1098).
+ Sources are also included for a few simple client
+ applications whose main purpose is to illustrate the
+ use of the library. Example client applications query
+ remote SNMP agents in a variety of modes, and generate
+ or collect SNMP traps. Code for an example SNMP agent
+ that supports a subset of the Internet MIB (RFC 1066)
+ is also included.
+
+ MECHANISM
+ The Development Kit facilitates development of SNMP-
+ based management applications -- both clients and
+ agents. Example applications execute SNMP management
+ operations according to the values of command line
+ arguments.
+
+ CAVEATS
+ None.
+
+ BUGS
+ Fixed in the next release.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ The SNMP library source code is highly portable and
+ runs on a wide range of platforms.
+
+ SOFTWARE REQUIRED
+ The SNMP library source code has almost no operating
+ system dependencies and runs in a wide range of
+ environments. Certain portions of the example SNMP
+ agent code are specific to the 4.3BSD implementation of
+ the UNIX system for the DEC MicroVAX.
+
+ AVAILABILITY
+ The Development Kit is available via anonymous FTP from
+ host allspice.lcs.mit.edu. The copyright for the
+
+
+
+ IETF NOCTools Working Group [Page 104]
+
+ Internet Tool Catalog SNMP DEVELOPMENT KIT
+
+
+ Development Kit is held by the Massachusetts Institute
+ of Technology, and the Kit is distributed without
+ charge according to the terms set forth in its code and
+ documentation. The distribution takes the form of a
+ UNIX tar file.
+
+ Bug reports, questions, suggestions, or complaints may
+ be mailed electronically to snmp-dk@ptt.lcs.mit.edu,
+ although no response in any form is guaranteed. Dis-
+ tribution via UUCP mail may be arranged by contacting
+ the same address. Requests for hard-copy documentation
+ or copies of the distribution on magnetic media are
+ never honored.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 105]
+
+ Internet Tool Catalog SNMP LIBRARIES
+
+
+ NAME
+ Snmp Libraries and Utilities from SNMP Research.
+
+ KEYWORDS
+ alarm, control, manager, map, routing, status; bridge,
+ DECnet, ethernet, IP, OSI, ring, star; NMS, SNMP; DOS,
+ UNIX, VMS; sourcelib.
+
+ ABSTRACT
+ The SNMP Libraries and Utilities serve two purposes:
+
+ 1) to act as building blocks for the construction of
+ SNMP-based agent and manager applications; and
+
+ 2) to act as network management tools for network
+ fire fighting and report generation.
+
+ The libraries perform ASN.1 parsing and generation
+ tasks for both network management station applications
+ and network management agent applications. These
+ libraries hide the details of ASN.1 parsing and genera-
+ tion from application writers and make it unnecessary
+ for them to be expert in these areas. The libraries
+ are very robust with considerable error checking
+ designed in. The several command line utilities
+ include applications for retrieving one or many vari-
+ ables, retrieving tables, or effecting commands via the
+ setting of remote network management variables.
+
+ MECHANISM
+ The parsing is performed via recursive descent methods.
+ Messages are passed via the Simple Network Management
+ Protocol (SNMP).
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 106]
+
+ Internet Tool Catalog SNMP LIBRARIES
+
+
+
+ HARDWARE REQUIRED
+ This software has been ported to a wide range of sys-
+ tems, too numerous to itemize. It includes worksta-
+ tions, general purpose timesharing systems, and embed-
+ ded hardware in intelligent network devices such as re-
+ peaters, bridges, and routers.
+
+ SOFTWARE REQUIRED
+ C compiler, TCP/IP library from a variety of sources.
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 107]
+
+ Internet Tool Catalog SNMPASK
+
+
+ NAME
+ snmpask
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpask is a network monitoring application which gath-
+ ers specific information from a single network entity
+ at regular intervals and stores this information into
+ UNIX flat files. A report generation package is
+ included in the NYSERNet SNMP Software Distribution to
+ produce reports and graphs from the raw data.
+
+ MECHANISM
+ Snmpask uses SNMP to gather its information. The agent
+ which must be queried and the variables to query for
+ are specified in a configuration file.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpask to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. Only a single
+ agent can be polled per snmpask process. Only 16 vari-
+ ables can be requested per snmpask process.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpask is available in the NYSERNet SNMP Software Dis-
+ tribution, which is licensed, copyrighted software. To
+ obtain information regarding the package send mail to:
+ snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 108]
+
+ Internet Tool Catalog SNMPD (I)
+
+
+ NAME
+ snmpd
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpd is an SNMP agent which runs on UNIX derivatives
+ and answers network management queries from network
+ management stations supporting SNMP. Snmpd also sup-
+ ports the sending of SNMP traps.
+
+ MECHANISM
+ Snmpd conforms to SNMP as specified in RFC 1098. Cer-
+ tain user configurable options are manipulated through
+ a simple configuration file.
+
+ CAVEATS
+ UNIX does not support all of the MIB variables speci-
+ fied in RFC 1066. Snmpd does the best it can to find
+ the answers.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ See CAVEATS.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant.
+
+ AVAILABILITY
+ Snmpd is available in the NYSERNet SNMP Software Dis-
+ tribution, which is licensed, copyrighted software. To
+ obtain information regarding the package send mail to:
+ snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 109]
+
+ Internet Tool Catalog SNMPD (II)
+
+
+ NAME
+ snmpd -- an SNMP host/gateway agent daemon from SNMP
+ Research.
+
+ KEYWORDS
+ manager, status; bridge, ethernet, IP, ring, star; NMS,
+ SNMP; DOS, UNIX; sourcelib.
+
+ ABSTRACT
+ The snmpd agent daemon listens for and responds to net-
+ work management queries and commands from logically
+ remote network management stations. The agent daemon
+ also emits SNMP traps to identified trap receivers.
+ The agent daemon is architected to make the addition of
+ additional vendor-specific variables a straight-forward
+ task. The snmpd application comes complete with source
+ code including a powerful set of portable libraries for
+ generating and parsing SNMP messages and a set of com-
+ mand line utilities.
+
+ MECHANISM
+ Network management variables are made available for
+ inspection and/or alteration by means of the Simple
+ Network Management Protocol (SNMP).
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Only the operating system variables available without
+ source code modifications to the operating system and
+ device device drivers are supported.
+
+ HARDWARE REQUIRED
+ This software has been ported to a wide range of sys-
+ tems, too numerous to itemize. It includes worksta-
+ tions, general purpose timesharing systems, and embed-
+ ded hardware in intelligent network devices such as
+ repeaters, bridges, and routers.
+
+ SOFTWARE REQUIRED
+ C compiler, ".h" files for operating system.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 110]
+
+ Internet Tool Catalog SNMPD (II)
+
+
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 111]
+
+ Internet Tool Catalog SNMPLOOKUP
+
+
+ NAME
+ snmplookup
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmplookup is a network monitoring application that
+ allows the interactive querying of a network entity.
+ Snmplookup mimics nslookup, the DNS interactive query
+ tool, in style and feel.
+
+ MECHANISM
+ Snmplookup uses SNMP to gather its information. The
+ network entity to be queried and the variable to be
+ retrieved can be entered from the command shell after
+ snmplookup is invoked.
+
+ CAVEATS
+ An SNMP agent must be running on the network entity
+ being monitored.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ See CAVEATS.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmplookup is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 112]
+
+ Internet Tool Catalog SNMPPERFMON
+
+
+ NAME
+ snmpperfmon
+
+ KEYWORDS
+ manager, status; IP; curses, NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpperfmon is a network monitoring application based
+ on the Berkeley curses terminal graphics package and
+ the Simple Network Management Protocol. The applica-
+ tion monitors certain interface statistics from a sin-
+ gle agent and displays them in tabular form on a stan-
+ dard terminal screen.
+
+ MECHANISM
+ Snmpperfmon uses SNMP to gather its information. The
+ agent to be queried is specified on the command line.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpperfmon to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. Only the predeter-
+ mined (read "hard coded") interface statistics can be
+ displayed.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. The "curses" library.
+
+ AVAILABILITY
+ Snmpperfmon is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 113]
+
+ Internet Tool Catalog SNMPPOLL
+
+
+ NAME
+ snmppoll
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmppoll is a network monitoring application which
+ gathers specific information from a network at regular
+ intervals and stores this information into UNIX flat
+ files. A report generation package is included in the
+ NYSERNet SNMP Software Distribution to produce reports
+ and graphs of raw data collected via SNMP.
+
+ MECHANISM
+ Snmppoll uses SNMP to gather its information. The
+ agents which must be queried and the variables to query
+ for are specified in a configuration file.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmppoll to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmppoll is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 114]
+
+ Internet Tool Catalog SNMPQUERY
+
+
+ NAME
+ snmpquery
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpquery is a network monitoring application which
+ allows the simple query of a single network entity from
+ the command line.
+
+ MECHANISM
+ Snmpquery uses SNMP to gather its information. The
+ entity to be monitored and the variables to be
+ retrieved must be specified on the command line.
+
+ CAVEATS
+ An SNMP agent must be running on the network entity
+ being monitored.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Only one network entity can be managed per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpquery is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 115]
+
+ Internet Tool Catalog SNMPROUTE
+
+
+ NAME
+ snmproute
+
+ KEYWORDS
+ manager, routing; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmproute is a network monitoring application that
+ allows the user to query for the entire routing table
+ or a single routing table entry from a network entity.
+
+ MECHANISM
+ Snmproute uses SNMP to gather its information. The
+ network entity to be queried and the destination net-
+ work to be queried for must be specified on the command
+ line.
+
+ CAVEATS
+ An SNMP agent must be running on the network entity
+ being monitored.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Only one network entity can be queried per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmproute is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 116]
+
+ Internet Tool Catalog SNMPSET
+
+
+ NAME
+ snmpset
+
+ KEYWORDS
+ control, manager; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpset is a network management application that allows
+ the alteration of a single variable in a specific
+ agent.
+
+ MECHANISM
+ Snmpset uses SNMP to alter the agent variables. The
+ agent to which the set is directed and the variable to
+ alter must be specified on the command line. The user
+ is prompted before any changes are made.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being managed in order for snmpset to be useful. In
+ addition, a read-write community must be configured on
+ the agent.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Only one variable can be altered per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpset is available in the NYSERNet SNMP Software Dis-
+ tribution, which is licensed, copyrighted software. To
+ obtain information regarding the package send mail to:
+ snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 117]
+
+ Internet Tool Catalog SNMPSRC
+
+
+ NAME
+ snmpsrc
+
+ KEYWORDS
+ manager, routing; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpsrc is a network monitoring application that starts
+ at a specified router in the network and traces the
+ path of a given destination network from the starting
+ router.
+
+ MECHANISM
+ Snmpsrc uses SNMP to gather its information. The
+ starting router and destination network must be speci-
+ fied on the command line.
+
+ CAVEATS
+ An SNMP agent must be running on all of the routers in
+ the path to the destination network in order for a com-
+ plete path to be reported back to the user. The same
+ SNMP community must also be configured in every SNMP
+ agent in the path to the destination network.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ See CAVEATS.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpsrc is available in the NYSERNet SNMP Software Dis-
+ tribution, which is licensed, copyrighted software. To
+ obtain information regarding the package send mail to:
+ snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 118]
+
+ Internet Tool Catalog SNMPSTAT
+
+
+ NAME
+ snmpstat
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpstat is a network monitoring application that gath-
+ ers specific information from a network at regular
+ intervals and stores this information into a commercial
+ database. A report generation package is included in
+ the NYSERNet SNMP Software Distribution to produce
+ reports and graphs of raw data collected via SNMP.
+
+ MECHANISM
+ Snmpstat uses SNMP to gather its information. The
+ agents which must be queried and the variables to query
+ for are specified in a configuration file.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpstat to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. Currently, Ingres
+ is the only commercial database supported. SQL is the
+ query language being used.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpstat is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 119]
+
+ Internet Tool Catalog SNMPTRAPD
+
+
+ NAME
+ snmptrapd
+
+ KEYWORDS
+ alarm, manager; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmptrapd is an SNMP trap agent that runs on UNIX
+ derivatives. It receives and logs traps which are gen-
+ erated from snmp agents. A report generation package
+ is included in the NYSERNet SNMP Software Distribution
+ to produce reports and graphs of raw data collected via
+ SNMP.
+
+ MECHANISM
+ Snmptrapd conforms to SNMP as specified in RFC 1098.
+ Certain user configurable options are manipulated
+ through a simple configuration file.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Snmptrapd only logs traps into a UNIX flat file.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant.
+
+ AVAILABILITY
+ Snmptrapd is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 120]
+
+ Internet Tool Catalog SNMPWATCH
+
+
+ NAME
+ snmpwatch
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Snmpwatch is a network monitoring application that mon-
+ itors variables in a single network entity and reports
+ when they have changed value.
+
+ MECHANISM
+ Snmpwatch uses SNMP to gather its information. The
+ entity to be monitored and the variables to be watched
+ must be specified on the command line. Once a value
+ changes, snmpwatch prints out the value and the vari-
+ able to the standard output.
+
+ CAVEATS
+ An SNMP agent must be running on the network entity
+ being monitored. Upon invocation, the initial value of
+ each variable will printed out to the standard output.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Only one network entity can be managed per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library.
+
+ AVAILABILITY
+ Snmpwatch is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 121]
+
+ Internet Tool Catalog SNMPXBAR
+
+
+ NAME
+ snmpxbar
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxbar is a network monitoring application based on
+ X-Windows Version 11 Release 2 and the Simple Network
+ Management Protocol. The application monitors a single
+ numeric MIB object and displays its value in a bar
+ chart. Snmpxbar supports color graphics.
+
+ MECHANISM
+ Snmpxbar uses SNMP to gather its information. The MIB
+ object to be graphed must be specified on the command
+ line. The polling interval can be changed dynamically
+ from within snmpxbar.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxbar to be useful.
+
+ BUGS
+ Bugs are fixed as reports come in. Report bugs to:
+ nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Can only graph one numeric MIB object per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. X-Windows.
+
+ AVAILABILITY
+ Snmpxbar is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 122]
+
+ Internet Tool Catalog SNMPXCONN
+
+
+ NAME
+ snmpxconn
+
+ KEYWORDS
+ manager, map, status; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxconn is a network monitoring application based on
+ X-Windows Version 11 Release 2 and the Simple Network
+ Management Protocol. The application monitors a number
+ of (configurable) network entities and graphically dep-
+ icts the TCP connections associated with the network
+ entities via a TCP topology map.
+
+ MECHANISM
+ Snmpxconn uses SNMP to gather its information. A con-
+ figuration file is used to determine the network enti-
+ ties to be monitored. There are certain command line
+ arguments which manipulate the X environment and SNMP
+ actions.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxconn to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. The network enti-
+ ties must be configured by manually adding information
+ to a configuration file.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. X-Windows.
+
+ AVAILABILITY
+ Snmpxconn is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+ IETF NOCTools Working Group [Page 123]
+
+ Internet Tool Catalog SNMPXMON
+
+
+ NAME
+ snmpxmon
+
+ KEYWORDS
+ manager, map, status; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxmon is a network monitoring application based on
+ X-Windows Version 11 Release 2 and the Simple Network
+ Management Protocol. This application will determine
+ the status of sites and links it is configured to moni-
+ tor (via its configuration file) by querying the desig-
+ nated sites and then displaying the result in a map
+ form. Snmpxmon supports color graphics.
+
+ MECHANISM
+ Snmpxmon uses SNMP to gather its information. A confi-
+ guration file is used to design the topology map.
+ There are certain command line arguments which manipu-
+ late the X environment and SNMP actions.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxmon to be useful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. The topology map
+ must be configured by hand.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. X-Windows.
+
+ AVAILABILITY
+ Snmpxmon is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 124]
+
+ Internet Tool Catalog SNMPXPERF
+
+
+ NAME
+ snmpxperf
+
+ KEYWORDS
+ manager, status; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxperf is a network monitoring application based on
+ X-Windows Version 11 Release 2 and the Simple Network
+ Management Protocol. The application monitors a single
+ numeric MIB object and displays its value in an EKG
+ style histogram. Snmpxperf supports color graphics.
+
+ MECHANISM
+ Snmpxperf uses SNMP to gather its information. The MIB
+ object to be graphed must be specified on the command
+ line. The polling interval can be changed dynamically
+ from within snmpxperf.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxperf to be useful.
+
+ BUGS
+ Auto-scaling sometimes doesn't downscale the EKG-graph
+ enough on large spikes. This results in some of the
+ graph running into the button boxes at the top of the
+ window. Generally, Bugs are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Can only graph one numeric MIB object per invocation.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. X-Windows.
+
+ AVAILABILITY
+ Snmpxperf is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 125]
+
+ Internet Tool Catalog SNMPXPERFMON
+
+
+ NAME
+ snmpxperfmon
+
+ KEYWORDS
+ manager, status, traffic; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxperfmon is a network monitoring application based
+ on X-Windows Version 11 Release 2 and the Simple Net-
+ work Management Protocol. The application monitors a
+ single Network Entity and displays graphical informa-
+ tion pertaining to the entities interface traffic
+ statistics. Snmpxperfmon supports color graphics.
+
+ MECHANISM
+ Snmpxperfmon uses SNMP to gather its information. The
+ MIB agent to be polled must be specified on the command
+ line. The agent is then queried about all of its
+ interfaces. Four EKG-style graphs are constructed for
+ each interface (input pkts, output pkts, input Octets,
+ output Octets).
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxperfmon to be useful.
+
+ BUGS
+ Generally, bugs are fixed as reports come in. Report
+ bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ Can only graph one network entity per invocation. Can
+ only graph the amount of interfaces which will fit on a
+ single bitmap display. Does not auto-scale or resize.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. X-Windows.
+
+ AVAILABILITY
+ Snmpxperfmon is available in the NYSERNet SNMP Software
+ Distribution, which is licensed, copyrighted software.
+ To obtain information regarding the package send mail
+ to: snmplisc@nisc.nyser.net or call +1 518-283-8860.
+
+
+
+ IETF NOCTools Working Group [Page 126]
+
+ Internet Tool Catalog SNMPXPERFMON
+
+
+ NAME
+ snmpxrtmetric
+
+ KEYWORDS
+ manager, routing; IP; NMS, SNMP, X; UNIX.
+
+ ABSTRACT
+ Snmpxrtmetric is a network monitoring application based
+ on X-Windows Version 11 Release 2 and the Simple Net-
+ work Management Protocol. The application monitors the
+ routing table of a specific agent and displays the RIP
+ routing metric of certain destination networks in bar
+ chart format.
+
+ MECHANISM
+ Snmpxrtmetric uses SNMP to gather its information. A
+ configuration file is used to determine which destina-
+ tion networks will be graphed. The agent to be queried
+ is specified on the command line. Snmpxrtmetrtic sup-
+ ports color graphics.
+
+ CAVEATS
+ An SNMP agent must be running in the network entity
+ being monitored in order for snmpxrtmetric to be use-
+ ful.
+
+ BUGS
+ None outstanding. They are fixed as reports come in.
+ Report bugs to: nysersnmp@nisc.nyser.net
+
+ LIMITATIONS
+ SNMP polling is done synchronously. The destination
+ networks must be configured by manually adding informa-
+ tion to a configuration file.
+
+ HARDWARE REQUIRED
+ Developed on Sun 3/60, Sun 3/260, tested on a SPARCsta-
+ tion I, DECstation, and a Solbourne 4/802.
+
+ SOFTWARE REQUIRED
+ Some UNIX variant or some other OS with a Berkeley
+ Socket Compatibility Library. The X window system.
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 127]
+
+ Internet Tool Catalog SNMPXRTMETRIC
+
+
+
+ AVAILABILITY
+ Snmpxrtmetric is available in the NYSERNet SNMP
+ Software Distribution, which is licensed, copyrighted
+ software. To obtain information regarding the package
+ send mail to: snmplisc@nisc.nyser.net or call +1 518-
+ 283-8860.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 128]
+
+ Internet Tool Catalog SPIDERMONITOR
+
+
+ NAME
+ SpiderMonitor P220, K220 and
+ SpiderAnalyzer P320, K320
+
+ KEYWORDS
+ alarm, analyzer, generator, traffic; DECnet, ethernet,
+ IP, OSI; eavesdrop; standalone; sourcelib.
+
+ ABSTRACT
+ The SpiderMonitor and SpiderAnalyzer are protocol
+ analyzers for performing ethernet LAN diagnostics, mon-
+ itoring, traffic generation, and troubleshooting. The
+ SpiderMonitor has the capability of capturing every
+ packet on a network and of decoding the first four
+ layers of the OSI protocol model. The SpiderAnalyzer
+ has additional software for decoding higher protocol
+ layers. Protocol suites understood: TCP/IP (including
+ SNMP and applications-layer protocols), OSI, XNS, DEC-
+ net and IPX. User-definable decodes can be written in
+ 'C' with the Microsoft version 5.0 'C' compiler. A
+ decode guide is provided.
+
+ The SpiderAnalyzer supports multiple simultaneous
+ filters for capturing packets using predefined patterns
+ and error states. Filter patterns can also trigger on
+ NOT matching 1 or more filters, an alarm, or a speci-
+ fied time.
+
+ The SpiderAnalyzer can also employ TDR (Time Domain
+ Reflectometry) to find media faults, open or short cir-
+ cuits, or transceiver faults. It can transmit OSI,
+ XNS, and Xerox link-level echo packets to user-
+ specified stations, performs loop round tests.
+
+ In traffic generation mode, the SpiderAnalyzer has the
+ ability to generate packets at random intervals of ran-
+ dom lengths or any combination of random or fixed
+ interval or length, generation of packets with CRC
+ errors, or packets that are too short, or packets that
+ are too long.
+
+ Output from the SpiderMonitor/Analyzer can be imported
+ to database or spreadsheet packages.
+
+ MECHANISM
+ The SpiderMonitor and Spider Analyzer are available as
+ stand-alone, IBM PC compatible packages based upon a
+ Compaq III portable system, or as a plug-in boards for
+
+
+
+ IETF NOCTools Working Group [Page 129]
+
+ Internet Tool Catalog SPIDERMONITOR
+
+
+ any IBM XT/AT compatible machine. The model 220 (Spi-
+ derMonitor) systems provide a functional base suited
+ for most network management needs. The model 320 (Spi-
+ derAnalyzer) systems provide extended functionality in
+ the development mode and traffic generation mode as
+ well more filtering capabilities than the 220 models.
+
+ CAVEATS
+ Traffic generation will congest an operational ether-
+ net.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Monitoring of up to 1024 stations and buffering of up
+ to 1500 packets. The model 220 provides for 3 filters
+ with a filter depth of 46 bytes. The model 320 pro-
+ vides for 4 filters and a second level of filtering
+ with a filter depth of 64 bytes.
+
+ HARDWARE REQUIRED
+ PX20s are self contained, the KX20s require an IBM
+ PC/XT-AT compatible machine with 5 megabytes of hard
+ disk storage and the spare slot into which the board
+ kit is plugged.
+
+ SOFTWARE REQUIRED
+ None. The SpiderAnalyzer requires the Microsoft 'C'
+ Compiler, Version 5.0 for writing user defined decodes.
+
+ AVAILABILITY
+ The SpiderMonitor/Analyzer is available commercially.
+ For information on your local representative, call or
+ write:
+
+ Spider Systems, Inc.
+ 12 New England Executive Park
+ Burlington, MA 01803
+ Telephone: 617-270-3510
+ FAX: 617-270-9818
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 130]
+
+ Internet Tool Catalog SPIMS
+
+
+ NAME
+ SPIMS -- the Swedish Institute of Computer Science
+ (SICS) Protocol Implementation Measurement System tool.
+
+ KEYWORDS
+ benchmark, debugger; IP, OSI; spoof; UNIX.
+
+ ABSTRACT
+ SPIMS is used to measure the performance of protocol
+ and "protocol-like" services including response time
+ (two-way delay), throughput and the time to open and
+ close connections. It has been used to:
+
+ o+ benchmark alternative protocol implementations,
+
+ o+ observe how performance varies when parameters in
+ specific implementations have been varied (i.e.,
+ to tune parameters).
+
+ SPIMS currently has interfaces to the DoD Internet Pro-
+ tocols: UDP, TCP, FTP, SunRPC, the OSI protocols from
+ the ISODE 4.0 distribution package: FTAM, ROSE, ISO TP0
+ and to Sunlink 5.2 ISO TP4 as well as Stanford's VMTP.
+ Also available are a rudimentary set of benchmarks,
+ stubs for new protocol interfaces and a user manual.
+ For an example of the use of SPIMS to tune protocols,
+ see:
+ Nordmark & Cheriton, "Experiences from VMTP: How
+ to achieve low response time," _I_F_I_P _W_G_6._1/_6._4:
+ _P_r_o_t_o_c_o_l_s _f_o_r _H_i_g_h-_S_p_e_e_d _N_e_t_w_o_r_k_s, May 1989,
+ Zurich. To be published.
+
+ MECHANISM
+
+ SPIMS runs as user processes and uses a TCP connection
+ for measurement set-up. Measurements take place
+ between processes over the measured protocol. SPIMS
+ generates messages and transfers them via the measured
+ protocol service according to a user-supplied specifi-
+ cation. SPIMS has a unique measurement specification
+ language that is used to specify a measurement session.
+ In the language there are constructs for different
+ application types (e.g., bulk data transfer), for
+ specifying frequency and sequence of messages, for dis-
+ tribution over message sizes and for combining basic
+ specifications. These specifications are independent
+ of both protocols and protocol implementations and can
+ be used for benchmarking. For more details on the
+
+
+
+ IETF NOCTools Working Group [Page 131]
+
+ Internet Tool Catalog SPIMS
+
+
+ internals of SPIMS, see:
+ Nordmark & Gunningberg, "SPIMS: A Tool for Proto-
+ col Implementation Performance Measurements" _P_r_o_c.
+ _o_f _1_3:_t_h _C_o_n_f. _o_n _L_o_c_a_l _C_o_m_p_u_t_e_r _N_e_t_w_o_r_k_s, Min-
+ neapolis 1989, pp 222-229.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ SPIMS is implemented on UNIX, including SunOS 4.,
+ 4.3BSD UNIX, DN (UNIX System V, with extensions) and
+ Ultrix 2.0/3.0. It requires a TCP connection for meas-
+ urement set-up. No kernel modifications or any modifi-
+ cations to measured protocols are required.
+
+ AVAILABILITY
+ SPIMS is not in the public domain; the software is
+ covered by licenses. The Swedish Institute of Computer
+ Science has released the research prototype of SPIMS
+ for research and non-commercial use. Commercial organ-
+ izations may obtain the research prototype, but it is
+ for internal research only and for no commercial use
+ whatsoever. A commercial, supported version of SPIMS is
+ distributed by TeleLOGIC Uppsala AB, Sweden.
+
+ For universities and non-profit organizations, SPIMS
+ source code is distributed free of charge. There are
+ two ways to get the software:
+
+ 1. FTP. If you have an Internet FTP connection, you
+ can use anonymous FTP to sics.se [192.16.123.90],
+ and retrieve the file in pub/spims-
+ dist/dist890915.tar.Z (this is a .6MB tar image)
+ in BINARY mode. Log in as user anonymous and at
+ the password prompt, use your complete electronic
+ mail address.
+
+ 2. On a Sun 1/4-inch cartridge tape. For mailing, a
+
+
+
+ IETF NOCTools Working Group [Page 132]
+
+ Internet Tool Catalog SPIMS
+
+
+ handling fee of US$150.00 will be charged. Submit
+ a bank check with the request. Do not send tapes
+ or envelopes.
+
+ For other organizations, the SPIMS source code for the
+ research prototype is distributed for a one-time fee of
+ US$500.00. Organizations interested in the research
+ prototype need to contact SICS via email and briefly
+ motivate why they qualify (non-commercial use) for the
+ research prototype. They will thereafter get a permis-
+ sion to obtain a copy from the same distribution source
+ as for universities.
+
+ For more information about the research prototype dis-
+ tribution, contact:
+
+ Swedish Institute of Computer Science
+ Att: Birgitta Klingenberg
+ P.O. Box 1263
+ S-164 28 Kista
+ SWEDEN
+
+ e-address: spims@sics.se
+ Phone: +46-8-7521500, Fax: +46-8-7517230
+
+ TeleLOGIC Uppsala AB, a subsidiary of Swedish Telecom,
+ distributes and supports a version of SPIMS for commer-
+ cial use. It consists of object code for SunOS 4.,
+ 4.3BSD UNIX, DNIX, and Ultrix 2.0/3.0. Support for
+ other UNIX-like implementations will be considered
+ according to demand. The same interfaces to the DoD
+ Internet and OSI protocols from the ISODE 4.0 are
+ included as well as a user manual.
+
+ For further information about SPIMS for the commercial
+ user please contact:
+ Claes Hojenberg
+ TeleLOGIC Uppsala AB
+ P.O. Box 1218
+ S-751 42 UPPSALA
+ Sweden
+
+ e-address: claes@uplog.se
+ Phone: +46-18-189400, Fax: +46-18-132039
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 133]
+
+ Internet Tool Catalog SPRAY
+
+
+ NAME
+ spray
+
+ KEYWORDS
+ benchmark, generator; IP; ping; UNIX.
+
+ ABSTRACT
+ Spray is a traffic generation tool that generates RPC
+ or UDP packets, or ICMP Echo Requests. The packets are
+ sent to a remote procedure call application at the des-
+ tination host. The count of received packets is
+ retrieved from the remote application after a certain
+ number of packets have been transmitted. The differ-
+ ence in packets received versus packets sent represents
+ (on a LAN) the packets that the destination host had to
+ drop due to increasing queue length. A measure of
+ throughput relative to system speed and network load
+ can thus be obtained.
+
+ MECHANISM
+ See above.
+
+ CAVEATS
+ Spray can congest a network.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ SunOS
+
+ AVAILABILITY
+ Supplied with SunOS.
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 134]
+
+ Internet Tool Catalog TCPDUMP
+
+
+ NAME
+ tcpdump
+
+ KEYWORDS
+ traffic; ethernet, IP, NFS; UNIX, VMS; free.
+
+ ABSTRACT
+ Tcpdump can interpret and print headers for the follow-
+ ing protocols: ethernet, IP, ICMP, TCP, UDP, NFS, ND,
+ ARP/RARP, AppleTalk. Tcpdump has proven useful for
+ examining and evaluating the retransmission and window
+ management operations of TCP implementations.
+
+ MECHANISM
+ Much like etherfind, tcpdump writes a log file of the
+ frames traversing an ethernet interface. Each output
+ line includes the time a packet is received, the type
+ of packet, and various values from its header.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ Public domain version requires a kernel patch for
+ SunOS.
+
+ HARDWARE REQUIRED
+ Ethernet.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Available, though subject to copyright restrictions,
+ via anonymous FTP from ftp.ee.lbl.gov. The source and
+ documentation for the tool is in compressed tar format,
+ in file tcpdump.tar.Z. Also available from
+ spam.itstd.sri.com, in directory pub. For VMS hosts
+ with DEC ethernet controllers, available as part of TGV
+ MultiNet IP software package.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 135]
+
+ Internet Tool Catalog TCPLOGGER
+
+
+ NAME
+ tcplogger
+
+ KEYWORDS
+ traffic; IP; eavesdrop; UNIX; free.
+
+ ABSTRACT
+ Tcplogger consists of modifications to the 4.3BSD UNIX
+ source code, and a large library of post-processing
+ software. Tcplogger records timestamped information
+ from TCP and IP packets that are sent and received on a
+ specified connection. For each TCP packet, information
+ such as sequence number, acknowledgement sequence
+ number, packet size, and header flags is recorded. For
+ an IP packet, header length, packet length and TTL
+ values are recorded. Customized use of the TCP option
+ field allows the detection of lost or duplicate pack-
+ ets.
+
+ MECHANISM
+ Routines of 4.3BSD UNIX in the netinet directory have
+ been modified to append information to a log in memory.
+ The log is read continuously by a user process and
+ written to a file. A TCP option has been added to
+ start the logging of a connection. Lots of post-
+ processing software has been written to analyze the
+ data.
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ To get a log at both ends of the connection, the modi-
+ fied kernel should be run at both the hosts.
+
+ All connections are logged in a single file, but
+ software is provided to filter out the record of a sin-
+ gle connection.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ 4.3BSD UNIX (as modified for this tool).
+
+
+
+
+ IETF NOCTools Working Group [Page 136]
+
+ Internet Tool Catalog TCPLOGGER
+
+
+
+ AVAILABILITY
+ Free, although a 4.3BSD license is required. Contact
+ Olafur Gudmundsson (ogud@cs.umd.edu).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 137]
+
+ Internet Tool Catalog TOKENVIEW
+
+
+ NAME
+ TokenVIEW
+
+ KEYWORDS
+ control, manager, status; ring; NMS, proprietary; DOS.
+
+ ABSTRACT
+ Network Management tool for 4/16 Mbit IEEE 802.5 Token
+ Ring Networks. Monitors active nodes and ring errors.
+ Maintains database of nodes, wire centers and their
+ connections. Separate network management ring allows
+ remote configuration of wire centers.
+
+ MECHANISM
+ A separate network management ring used with Proteon
+ Intelligent Wire Centers allows wire center configura-
+ tion information to be read and modified from a single
+ remote workstation. A log of network events used with
+ a database contain nodes, wire centers and their con-
+ nections, facilitates tracking and correction of net-
+ work errors. Requires an "E" series PROM, sold with
+ package.
+
+ CAVEATS
+ Currently, only ISA bus cards support the required E
+ series PROM.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ 256 nodes, 1 net.
+
+ HARDWARE REQUIRED
+ 512K RAM, CGA or better, hard disk, mouse supported.
+
+ SOFTWARE REQUIRED
+ MS-DOS, optional mouse driver
+
+ AVAILABILITY
+ Fully supported product of Proteon, Inc. Previously
+ sold as Advanced Network Manager (ANM). For more in-
+ formation, contact:
+ Proteon, Inc. Phone: (508) 898-2800
+ 2 Technology Drive Fax: (508) 366-8901
+ Westborough, MA 01581 Telex: 928124
+
+
+
+
+
+ IETF NOCTools Working Group [Page 138]
+
+ Internet Tool Catalog TRACEROUTE
+
+
+ NAME
+ traceroute
+
+ KEYWORDS
+ routing; IP; ping; UNIX, VMS; free.
+
+ ABSTRACT
+ Traceroute is a tool that allows the route taken by
+ packets from source to destination to be discovered.
+ It can be used for situations where the IP record route
+ option would fail, such as intermediate gateways dis-
+ carding packets, routes that exceed the capacity of an
+ datagram, or intermediate IP implementations that don't
+ support record route. Round trip delays between the
+ source and intermediate gateways are also reported
+ allowing the determination of individual gateways con-
+ tribution to end-to-end delay.
+
+ Enhanced versions of traceroute have been developed
+ that allow specification of loose source routes for
+ datagrams. This allows one to investigate the return
+ path from remote machines back to the local host.
+
+ MECHANISM
+ Traceroute relies on the ICMP TIME_EXCEEDED error
+ reporting mechanism. When an IP packet is received by
+ an gateway with a time-to-live value of 0, an ICMP
+ packet is sent to the host which generated the packet.
+ By sending packets to a destination with a TTL of 0,
+ the next hop can be identified as the source of the
+ ICMP TIME EXCEEDED message. By incrementing the TTL
+ field the subsequent hops can be identified. Each
+ packet sent out is also time stamped. The time stamp
+ is returned as part of the ICMP packet so a round trip
+ delay can be calculated.
+
+ CAVEATS
+ Some IP implementations forward packets with a TTL of
+ 0, thus escaping identification. Others use the TTL
+ field in the arriving packet as the TTL for the ICMP
+ error reply, which delays identification.
+
+ Sending datagrams with the source route option will
+ cause some gateways to crash. It is considered poor
+ form to repeat this behavior.
+
+ BUGS
+ None known.
+
+
+
+ IETF NOCTools Working Group [Page 139]
+
+ Internet Tool Catalog TRACEROUTE
+
+
+
+ LIMITATIONS
+ Most versions of UNIX have errors in the raw IP code
+ that require kernel mods for the standard version of
+ traceroute to work. A version of traceroute exists
+ that runs without kernel mods under SunOS 3.5 (see
+ below), but it only operates over an ethernet inter-
+ face.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Available by anonymous FTP from ftp.ee.lbl.gov, in file
+ traceroute.tar.Z. It is also available from
+ uc.msc.umn.edu.
+
+ A version of traceroute that supports Loose Source
+ Record Route, along with the source code of the
+ required kernel modifications and a Makefile for
+ installing them, is available via anonymous FTP from
+ zerkalo.harvard.edu, in directory pub, file
+ traceroute_pkg.tar.Z.
+
+ A version of traceroute that runs under SunOS 3.5 and
+ does NOT require kernel mods is available via anonymous
+ FTP from dopey.cs.unc.edu, in file
+ ~ftp/pub/traceroute.tar.Z.
+
+ For VMS, traceroute is available as part of TGV Mul-
+ tiNet IP software package.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 140]
+
+ Internet Tool Catalog TRPT
+
+
+ NAME
+ TRPT -- transliterate protocol trace
+
+ KEYWORDS
+ traffic; IP; eavesdrop; UNIX; free.
+
+ ABSTRACT
+ TRPT displays a trace of a TCP socket events. When no
+ options are supplied, TRPT prints all the trace records
+ found in a system, grouped according to TCP connection
+ protocol control block (PCB).
+
+ An example of TRPT output is:
+
+ 38241 ESTABLISHED:input
+ [e0531003..e0531203)@6cc5b402(win=4000)<ACK> -> ESTA-
+ BLISHED
+ 38241 ESTABLISHED:user RCVD -> ESTABLISHED
+ 38266 ESTABLISHED:output
+ 6cc5b402@e0531203(win=4000)<ACK> -> ESTABLISHED
+ 38331 ESTABLISHED:input
+ [e0531203..e0531403)@6cc5b402(win=4000)<ACK,FIN,PUSH>
+ -> CLOSE_WAIT
+ 38331 CLOSE_WAIT:output
+ 6cc5b402@e0531404(win=3dff)<ACK> -> CLOSE_WAIT
+ 38331 CLOSE_WAIT:user RCVD -> CLOSE_WAIT
+ 38343 LAST_ACK:output
+ 6cc5b402@e0531404(win=4000)<ACK,FIN> -> LAST_ACK
+ 38343 CLOSE_WAIT:user DISCONNECT -> LAST_ACK
+ 38343 LAST_ACK:user DETACH -> LAST_ACK
+
+ MECHANISM
+ TRPT interrogates the buffer of TCP trace records that
+ is created when a TCP socket is marked for debugging.
+
+ CAVEATS
+ Prior to using TRPT, an analyst should take steps to
+ isolate the problem connection and find the address of
+ its protocol control blocks.
+
+ BUGS
+ None reported.
+
+ LIMITATIONS
+ A socket must have the debugging option set for TRPT to
+ operate. Another problem is that the output format of
+ TRPT is difficult.
+
+
+
+
+ IETF NOCTools Working Group [Page 141]
+
+ Internet Tool Catalog TRPT
+
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS.
+
+ AVAILABILITY
+ Included with BSD and SunOS distributions. Available
+ via anonymous FTP from uunet.uu.net, in file bsd-
+ sources/src/etc/trpt.tar.Z.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 142]
+
+ Internet Tool Catalog TTCP
+
+
+ NAME
+ TTCP
+
+ KEYWORDS
+ benchmark, generator; IP; ping; UNIX, VMS; free.
+
+ ABSTRACT
+ TTCP is a traffic generator that can be used for test-
+ ing end-to-end throughput. It is good for evaluating
+ TCP/IP implementations.
+
+ MECHANISM
+ Cooperating processes are started on two hosts. The
+ open a TCP connection and transfer a high volume of
+ data. Delay and throughput are calculated.
+
+ CAVEATS
+ Will greatly increase system load.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ No restrictions.
+
+ SOFTWARE REQUIRED
+ BSD UNIX or related OS, or VMS.
+
+ AVAILABILITY
+ Source for BSD UNIX is available via anonymous FTP from
+ vgr.brl.mil, in file ftp/pub/ttcp.c, and from sgi.com,
+ in file sgi/src/ttcp.c. A version of TTCP has also
+ been submitted to the USENET news group
+ comp.sources.unix. For VMS, ttcp.c is included in the
+ MultiNet Programmer's Kit, a standard feature of TGV
+ MultiNet IP software package.
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 143]
+
+ Internet Tool Catalog UNISYS NCC
+
+
+ NAME
+ Unisys Network Control Center (NCC)
+
+ KEYWORDS
+ alarm, benchmark, control, generator, manager, map,
+ reference, status, traffic; ethernet, FDDI, IP; NMS,
+ ping, SNMP; UNIX.
+
+ ABSTRACT
+ The Unisys Defense Systems Network Control Center (NCC)
+ provides high-performance software to support the
+ management and control of TCP/IP-based networks. The
+ network management system uses the Simple Network
+ Management Protocol (SNMP) to exchange management
+ information between the NCC and network devices. The
+ NCC supports the Management Information Base (MIB)
+ [RFC-1066] and the Structure and Identification of
+ Management Information for TCP/IP-based Internets
+ [RFC-1065]. In addition, Unisys has extended the MIB
+ definitions to support the features of Unisys FDDI LAN
+ devices, such as the FDDI Smart Concentrators, the FDDI
+ Host Network Front Ends, and the Remote FDDI, FDDI-to-
+ LAN, and FDDI-to-DDN gateways.
+
+ The NCC supports seven applications. The network
+ topology map displays the physical and logical maps of
+ the network. The configuration management tool sup-
+ ports the modification and validation of network device
+ configuration data as well as the modification of MIB
+ configuration data. The performance monitoring tool
+ supports the collection and analysis of statistical
+ parameters from network devices. The status monitoring
+ tool reports on the up/down status and responsiveness
+ of network devices using ICMP. The accounting tool is
+ used to collect, store, and display user job activity
+ at the subscriber hosts. The NCC database entry sup-
+ ports RFC 1066 object definitions and Unisys-specific
+ object definitions to support the Unisys FDDI devices.
+ And finally, the trap reporting tool reports the
+ arrival of error and event notifications using UDP
+ datagrams. The NCC supports all the trap messages
+ defined in RFC 1098.
+
+ MECHANISM
+ The NCC is based on the Simple Network Management Pro-
+ tocol (SNMP).
+
+
+
+
+
+ IETF NOCTools Working Group [Page 144]
+
+ Internet Tool Catalog UNISYS NCC
+
+
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ A minimal platform consists of a Sun 3/60FC-8, with at
+ least 200 MB disk and cartridge tape (1/4"). A full-
+ sized color monitor, more disk, and a workstation based
+ on a higher performance processor is beneficial to NCC
+ activities.
+
+ SOFTWARE REQUIRED
+ SunOS Version 4.0 running the SunView windowing en-
+ vironment and the SYBASE Relational Data Base Manage-
+ ment System.
+
+ AVAILABILITY
+ Commercially available as a turn-key package or as a
+ software product from:
+ Unisys Defense Systems
+ 5151 Camino Ruiz
+ Camarillo, California 93010
+ (805) 987-6811
+ (Dale Russell <dsr@cam.unisys.com>)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 145]
+
+ Internet Tool Catalog WIN/MGT STATION
+
+
+ NAME
+ WIN/MGT Station -- Network Management Station for
+ SunOS.
+
+ KEYWORDS
+ alarm, control, manager, routing, status, traffic; eth-
+ ernet, IP; NMS, SNMP, X; UNIX; library.
+
+ ABSTRACT
+ WIN/MGT Station for SunOS is a network management
+ software product based on the SNMP. It provides the
+ capability to manage standards-based networking pro-
+ ducts from The Wollongong Group as well as other ven-
+ dors. Fully compliant with RFCs 1065, 1066 and 1098,
+ WIN/MGT Station uses a menu-driven graphical user
+ interface.
+
+ WIN/MGT capabilities include configuration, performance
+ and fault management for SNMP-based agents. The
+ WIN/MGT station can perform polling to monitor the
+ status of all MIB variables defined in RFC 1066,
+ "Management Information Base for network management of
+ TCP/IP-based internets." In addition, the WIN/MGT Sta-
+ tion can process "trap" messages from SNMP agents.
+ Furthermore, the WIN/MGT Station can support any
+ private extension to the Management Information Base
+ with minimal user configuration.
+
+ An icon-driven network interface map allows the user to
+ monitor their network topology and status. Changes in
+ the operational status of any manageable network ele-
+ ment is displayed visually and audibly.
+
+ The WIN/MGT package includes an Applications Program-
+ ming Interface (API) for the "C" language. The API is
+ a set of libraries that enable an applications program
+ to perform SNMP "set" and "get" operations. This
+ allows users to integrate site-specific applications
+ with WIN/MGT.
+
+ SNMP agent software for the Sun 3 host is also provided
+ so that the Network Management Station itself can also
+ be monitored and managed.
+
+ MECHANISM
+ The WIN/MGT Station uses SNMP to monitor and control
+ SNMP agents.
+
+
+
+
+ IETF NOCTools Working Group [Page 146]
+
+ Internet Tool Catalog WIN/MGT STATION
+
+
+ CAVEATS
+ None.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ A theoretical limitation of approximately 18,000 net-
+ work elements can be managed.
+
+ HARDWARE REQUIRED
+ Any model of Sun 3 system. Recommended minimums
+ include 8 MB RAM, 100 MB disk space (30 MB to start),
+ and color monitor. Also tested on DECstation 3100,
+ PS/2 (with SCO UNIX) and Macintosh IIcx computer using
+ A/UX.
+
+ SOFTWARE REQUIRED
+ SunOS 4.x. MIT X Window System, Release 11, version 3,
+ or OpenWindows (X.11/NeWS) from Sun Microsystems, Inc.
+ WIN/MGT Station for SunOS is provided on 1/4" tape in
+ cpio format.
+
+ AVAILABILITY
+ A commercial product of:
+ The Wollongong Group, Inc.
+ 1129 San Antonio Rd.
+ Palo Alto, CA 94303
+ (415) 962-7200 br fax (415) 968-3619
+ internet oldera@twg.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 147]
+
+ Internet Tool Catalog XNETMON (I)
+
+
+ NAME
+ xnetmon, xpmon
+
+ KEYWORDS
+ alarm, manager, map, status; IP; NMS, SNMP; UNIX.
+
+ ABSTRACT
+ Xnetmon and xpmon provide graphical representation of
+ performance and status of SNMP-capable network ele-
+ ments. Xnetmon presents a schematic network map
+ representing the up/down status of network elements;
+ xpmon draws a pen plot style graph of the change over
+ time of any arbitrary MIB object (RFC1066). Both xnet-
+ mon and xpmon use the SNMP (RFC1098) for retrieving
+ status and performance data.
+
+ MECHANISM
+ Xnetmon polls network elements for the status of their
+ interfaces on a controllable polling interval. Pop-up
+ windows displaying the values of any MIB variable are
+ supported by separate polls. When SNMP traps are
+ received from a network element, that element and all
+ adjacent elements are immediately re-polled to update
+ their status. The layout of the network map is stati-
+ cally configured. Xpmon repeatedly polls (using SNMP)
+ the designated network element for the value of the
+ designated MIB variable on the user-specified interval.
+ The change in the variable is then plotted on the strip
+ chart. The strip chart regularly adjusts its scale to
+ the current maximum value on the graph.
+
+ CAVEATS
+ Polling intervals should be chosen with care so as not
+ to affect system performance adversely.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Distributed and supported for Sun-3 systems.
+
+ SOFTWARE REQUIRED
+ SunOS 3.5 or 4.x; X11, release 2 or 3.
+
+
+
+
+
+ IETF NOCTools Working Group [Page 148]
+
+ Internet Tool Catalog XNETMON (I)
+
+
+
+ AVAILABILITY
+ Commercial product of:
+ Wellfleet Communications, Inc.
+ 12 DeAngelo Drive
+ Bedford, MA 01730-2204
+ (617) 275-2400
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 149]
+
+ Internet Tool Catalog XNETMON (II)
+
+
+ NAME
+ XNETMON -- an X windows based SNMP network management
+ station from SNMP Research.
+
+ KEYWORDS
+ alarm, control, manager, map, routing, security,
+ status; DECnet, ethernet, IP, OSI, ring, star; NMS,
+ SNMP, X; DOS, UNIX, VMS; sourcelib.
+
+ ABSTRACT
+ The XNETMON application implements a powerful network
+ management station based on the X window system. It
+ provides network managers tools for fault management,
+ configuration management, performance management, and
+ security management. It can be successfully used with
+ many types of networks including those based on various
+ LAN media, and wide area networks. XNETMON has been
+ used with multiprotocol devices including those which
+ support TCP/IP, DECnet, and OSI protocols. The fault
+ management tool displays the map of the network confi-
+ guration with node and link state indicated in one of
+ several colors to indicate current status. Alarms may
+ be enabled to alert the operator of events occurring in
+ the network. Events are logged to disk. The confi-
+ guration management tool may be used to edit the net-
+ work management information base stored in the network
+ management station to reflect changes occurring in the
+ network. Other features include graphs and tabular
+ tools for use in fault and performance management and
+ mechanisms by which additional variables, such as
+ vendor-specific variables, may be added. The XNETMON
+ application comes complete with source code including a
+ powerful set of portable libraries for generating and
+ parsing SNMP messages. Output data from XNETMON may be
+ transferred via flat files for additional report gen-
+ eration by a variety of statistical packages.
+
+ MECHANISM
+ The XNETMON application is based on the Simple Network
+ Management Protocol (SNMP). Polling is performed via
+ the powerful SNMP get-next operator and the SNMP get
+ operator. Trap directed polling is used to regulate
+ the focus and intensity of the polling.
+
+ CAVEATS
+ None.
+
+ BUGS
+
+
+
+ IETF NOCTools Working Group [Page 150]
+
+ Internet Tool Catalog XNETMON (II)
+
+
+ None known.
+
+ LIMITATIONS
+ The monitored and managed nodes must implement the SNMP
+ over UDP per RFC 1098 or must be reachable via a proxy
+ agent.
+
+ HARDWARE REQUIRED
+ X windows workstation with UDP socket library. Mono-
+ chrome is acceptable but color is far superior.
+
+ SOFTWARE REQUIRED
+ X windows version 11 release 3 or later.
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 151]
+
+ Internet Tool Catalog XNETPERFMON
+
+
+ NAME
+ xnetperfmon -- a graphical network performance and
+ fault management tool from SNMP Research.
+
+ KEYWORDS
+ manager, status; DECnet, ethernet, IP, OSI, ring, star;
+ NMS, SNMP, X; DOS, UNIX, VMS; sourcelib.
+
+ ABSTRACT
+ Xnetperfmon may be used to plot SNMP variables as a
+ graphical display. These graphs are often useful for
+ fault and performance management. Variables may be
+ plotted as gauges versus time. Alternatively, counters
+ may be plotted as delta count/delta time (rates). The
+ user may easily customize the variables to be plotted,
+ labels, step size, update interval, and the like. The
+ scales automatically adjust whenever a point to be
+ plotted would go off scale.
+
+ MECHANISM
+ The xnetperfmon application communicates with remote
+ agents or proxy agents via the Simple Network Manage-
+ ment Protocol (SNMP).
+
+ CAVEATS
+ All plots for a single invocation of xnetperfmon must
+ be for variables provided by a single network manage-
+ ment agent. However, multiple invocations of xnetperf-
+ mon may be active on a single display simultaneously or
+ proxy agents may be used to summarize information at a
+ common point.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Systems supporting X windows.
+
+ SOFTWARE REQUIRED
+ X Version 11 release 2 or later.
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 152]
+
+ Internet Tool Catalog XNETPERFMON
+
+
+
+ AVAILABILITY
+ This is a commercial product available under license
+ from:
+
+ SNMP Research
+ P.O. Box 8593
+ Knoxville, TN 37996-4800
+ (615) 573-1434 (Voice)
+ (615) 573-9197 (FAX)
+ Attn: Dr. Jeff Case
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 153]
+
+ Internet Tool Catalog XUP
+
+
+ NAME
+ xup
+
+ KEYWORDS
+ status; ping, X; HP.
+
+ ABSTRACT
+ Xup uses the X-Windows to display the status of an
+ "interesting" set of hosts.
+
+ MECHANISM
+ Xup uses ping to determine host status.
+
+ CAVEATS
+ Polling for status increases network load.
+
+ BUGS
+ None known.
+
+ LIMITATIONS
+ None reported.
+
+ HARDWARE REQUIRED
+ Runs only on HP series 300 and 800 workstations.
+
+ SOFTWARE REQUIRED
+ Version 10 of X-Windows.
+
+ AVAILABILITY
+ A standard command for the HP 300 & 800 Workstations.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 154]
+
+ Appendix Network Management Tutorial
+
+
+ Network Management Tutorial
+
+
+ This tutorial is an overview of the practice of network
+ management. Reading this section is no substitute for know-
+ ing your system, and knowing how it is used. Do not wait
+ until things break to learn what they ought to do or how
+ they usually work: a crisis is not the time for determining
+ how "normal" packet traces should look. Furthermore, it
+ takes little imagination to realize that you do not want to
+ be digging through manuals while your boss is screaming for
+ network service to be restored.
+
+ We assume an acquaintance with the TCP/IP protocol suite and
+ the Internet architecture. There are many available refer-
+ ences on these topics, several of which are listed below in
+ Section 7.
+
+ Since many of the details of network management are system-
+ specific, this tutorial is a bit superficial. There is,
+ however, a more fundamental problem in prescribing network
+ management practices: network management is not a well-
+ understood endeavor. At present, the cutting edge of net-
+ work management is the use of distributed systems to collect
+ and exchange status information, and then to display the
+ data as histograms or trend lines. It is not clear that we
+ know what data should be collected, how to analyze it when
+ we get it, or how to structure our collection systems. For
+ now, automated, real-time control of internets is an aspira-
+ tion, rather than a reality. The communications systems
+ that we field are apparently more complex than we can
+ comprehend, which no doubt accounts in part for their fre-
+ quently surprising behavior.
+
+ The first section of this tutorial lists the overall goals
+ and functions of network management. It presents several
+ aspects of network management, including system monitoring,
+ fault detection and isolation, performance testing, confi-
+ guration management, and security. These discussions are
+ followed by a bibliographic section. The tutorial closes
+ with some final advice for network managers.
+
+ 1. Network Management Goals and Functions
+
+ An organization's view of network management goals is shaped
+ by two factors:
+
+
+
+
+
+ IETF NOCTools Working Group [Page 155]
+
+ Appendix Network Management Tutorial
+
+
+
+ 1. people in the organization depend on the system
+ working,
+
+ 2. LANs, routers, lines, and other communications
+ resources have costs.
+
+ From the organizational vantage point, the ultimate goal of
+ network management is to provide a consistent, predictable,
+ acceptable level of service from the available data communi-
+ cations resources. To achieve this, a network manager must
+ first be able to perform fault detection, isolation, and
+ correction. He must also be able to effect configuration
+ changes with a minimum of disruption, and measure the utili-
+ zation of system components.
+
+ People actually managing networks have a different focus.
+ Network managers are usually evaluated by the availability
+ and performance of their communications systems, even though
+ many factors of net performance are beyond their control.
+ To them, the most important requirement of a network manage-
+ ment tool is that it allows the detection and diagnosis of
+ faults before users can call to complain: users (and bosses)
+ can often be placated just by knowing that a network problem
+ has been diagnosed. Another vital network management func-
+ tion is the ability to collect data that justify current or
+ future expenditures for the data communications plant and
+ staff.
+
+ Following a section on system monitoring, this tutorial
+ addresses fault, performance, configuration, and security
+ management. By fault management, we mean the detection,
+ diagnosis, and correction of network malfunctions. Under
+ the subject of performance management, we include support
+ for predictable, efficient service, as well as capacity
+ planning and capacity testing. Configuration management
+ includes support for orderly configuration changes (usually,
+ system growth), and local administration of component names
+ and addresses. Security management includes both protecting
+ system components from damage and protecting sensitive
+ information from unintentional or malicious disclosure or
+ corruption.
+
+ Readers familiar with the ISO management standards and
+ drafts will note both that we have borrowed heavily from the
+ "OSI Management Framework," except that we have omitted the
+ "account management" function. Account management seems a
+ bit out of place with the other network management
+
+
+
+ IETF NOCTools Working Group [Page 156]
+
+ Appendix Network Management Tutorial
+
+
+ functions. The logging required by account management is
+ likely to be done by specialized, dedicated subsystems that
+ are distinct from other network management components.
+ Hence, this tutorial does not cover account management.
+ Rest assured, however, that account management, if required,
+ will be adequately supported and staffed.
+
+ For those with a DoD background, security may also seem out
+ of place as a subtopic of network management. Without
+ doubt, communications security is an important issue that
+ should be considered in its own right. Because of the
+ requirements of trust for security mechanisms, security com-
+ ponents will probably not be integrated subcomponents of a
+ larger network management system. Nevertheless, because a
+ network manager has a responsibility to protect his system
+ from undue security risks, this tutorial includes a discus-
+ sion on internet security.
+
+ 2. System Monitoring
+
+ System monitoring is a fundamental aspect of network manage-
+ ment. One can divide system monitoring into two rough
+ categories: error detection and baseline monitoring.
+
+ System errors, such as misformatted frames or dropped pack-
+ ets, are not in themselves cause for concern. Spikes in
+ error rates, however, should be investigated. It is sound
+ practice to log error rates over time, so that increases can
+ be recognized. Furthermore, logging error rates as a func-
+ tion of traffic rates can be used to detect congestion.
+ Investigate unusual error rates and other anomalies as they
+ are detected, and keep a notebook to record your
+ discoveries.
+
+ Day-to-day traffic should be monitored, so that the opera-
+ tional baselines of a system and its components can be
+ determined. As well as being essential for performance
+ management, baseline determination and traffic monitoring
+ are the keys to early fault detection.
+
+ A preliminary step to developing baseline measurements is
+ construction of a system map: a graphical representation of
+ the system components and their interfaces. Then, measure-
+ ments of utilization (i.e., use divided by capacity) are
+ needed. Problems are most likely to arise, and system tun-
+ ing efforts are most likely to be beneficial, at highly
+ utilized components.
+
+
+
+
+ IETF NOCTools Working Group [Page 157]
+
+ Appendix Network Management Tutorial
+
+
+ It is worthwhile to develop a source/destination traffic
+ matrix, including a breakdown of traffic between the local
+ system and other internet sites. Both volume and type of
+ traffic should be logged, along with its evolution over
+ time. Of particular interest for systems with diskless
+ workstations is memory swapping and other disk server
+ access. For all systems, broadcast traffic and routing
+ traffic should be monitored. Sudden increases in the vari-
+ ance of delay or the volume of routing traffic may indicate
+ thrashing or other soft failures.
+
+ In monitoring a system, long-term averages are of little
+ use. Hourly averages are a better indicator of system use.
+ Variance in utilization and delay should also be tracked.
+ Sudden spikes in variance are tell-tale signs that a problem
+ is looming or exists. So, too, are trends of increased
+ packet or line errors, broadcasts, routing traffic, or
+ delay.
+
+ 3. Fault Detection and Isolation
+
+ When a system fails, caution is in order. A net manager
+ should make an attempt to diagnose the cause of a system
+ crash before rebooting. In many cases, however, a quick
+ diagnosis will not be possible. For some high priority
+ applications, restoring at least some level of service will
+ have priority over fault repair or even complete fault diag-
+ nosis. This necessitates prior planning. A net manager
+ must know the vital applications at his site. If applica-
+ tions require it, he must also have a fall-back plan for
+ bringing them online. Meanwhile, repeated crashes or
+ hardware failures are unambiguous signs of a problem that
+ must be corrected.
+
+ A network manager should prepare for fault diagnosis by
+ becoming familiar with how diagnostic tools respond to net-
+ work failure. In times of relative peace, a net manager
+ should occasionally unplug the network connection from an
+ unused workstation and then "debug" the problem.
+
+ When diagnosing a fault or anomaly, it is vital to proceed
+ in an orderly manner, especially since network faults will
+ usually generate spurious as well as accurate error mes-
+ sages. Remember to keep in mind that the network itself is
+ failing. Do not place too much trust in anything obtained
+ remotely. Furthermore, it is unlikely to be significant
+ that remote information such as DNS names or NFS files can-
+ not be obtained.
+
+
+
+ IETF NOCTools Working Group [Page 158]
+
+ Appendix Network Management Tutorial
+
+
+ Even spurious messages can be revealing, because they pro-
+ vide clues to the problem. From the data at hand, develop
+ working hypotheses about probable causes of the problems you
+ detect. Direct your further data gathering efforts so that
+ the information you get will either refute or support your
+ hypotheses.
+
+ An orderly approach to debugging is facilitated if it is
+ guided by a model of network behavior. The following por-
+ tions of this section present such a model, along with a
+ procedure for checking network connectivity. The section
+ concludes with some hints for diagnosing a particularly
+ tricky class of connectivity problem.
+
+ 3.1 A Network Model as a Diagnostic Framework
+
+ The point of having a model of how things work is to have a
+ basis for developing educated guesses about how things go
+ wrong. The problem of cascading faults -- faults generating
+ other faults -- makes use of a conceptual model a virtual
+ necessity.
+
+ In general, only problems in a component's hardware or
+ operating system will generate simultaneous faults in multi-
+ ple protocol layers. Otherwise, faults will propagate vert-
+ ically (up the protocol stack) or horizontally (between
+ peer-level communications components). Applying a concep-
+ tual model that includes the architectural relations of net-
+ work components can help to order an otherwise senseless
+ barrage of error messages and symptoms.
+
+ The model does not have to be formal or complex to bring
+ structure to debugging efforts. A useful start is something
+ as simple as the following:
+
+ 1. Applications programs use transport services:
+ TCP/UDP. Before using service, applications that
+ accept host names as parameters must translate the
+ names into IP addresses. Translation may be based
+ on a static table lookup (/etc/hosts file in UNIX
+ hosts), the DNS, or yellow pages. Nslookup and
+ DiG are tools for monitoring the activities of the
+ DNS.
+
+ 2. Transport protocol implementations use IP ser-
+ vices. The local IP module makes the initial
+ decision on forwarding. An IP datagram is for-
+ warded directly to the destination host if the
+
+
+
+ IETF NOCTools Working Group [Page 159]
+
+ Appendix Network Management Tutorial
+
+
+ destination is on the same network as the source.
+ Otherwise, the datagram is forwarded to a gateway
+ attached to the network. On BSD hosts, the con-
+ tents of a host's routing table are visible by use
+ of the "netstat" command.*
+
+ 3. IP implementations translate the IP address of a
+ datagram's next hop (either the destination host
+ or a gateway) to a local network address. For
+ ethernets, the Address Resolution Protocol (ARP)
+ is commonly used for this translation. On BSD
+ systems, an interface's IP address and other con-
+ figuration options can be viewed by use of the
+ "ifconfig" command, while the contents of a host's
+ ARP cache may be viewed by use of "arp" command.
+
+ 4. IP implementations in hosts and gateways route
+ datagrams based on subnet and net identifiers.
+ Subnetting is a means of allocating and preserving
+ IP address space, and of insulating users from the
+ topological details of a multi-network campus.
+ Sites that use subnetting reserve portions of the
+ IP address's host identifier to indicate particu-
+ lar networks at their campus. Subnetting is
+ highly system-dependent. The details are a criti-
+ cal, though local, issue. As for routing between
+ separate networks, a variety of gateway-to-gateway
+ protocols are used. Traceroute is a useful tool
+ for investigating routing problems. The tool,
+ "query," can be used to examine RIP routing
+ tables.
+
+ A neophyte network manager should expand the above descrip-
+ tion so that it accurately describes his particular system,
+ _________________________
+ * Initial forwarding may actually be complex and
+ vulnerable to multiple points of failure. For example,
+ when sending an IP datagram, 4.3BSD hosts first look
+ for a route to the particular host. If none has been
+ specified for the destination, then a search is made
+ for a route to the network of the destination. If this
+ search also fails, then as a last resort, a search is
+ made for a route to a "default" gateway. Routes to
+ hosts, networks, and the "default" gateway may be stat-
+ ic, loaded at boot time and perhaps updated by operator
+ commands. Alternatively, they may be dynamic, loaded
+ from redirects and routing protocol updates.
+
+
+
+
+ IETF NOCTools Working Group [Page 160]
+
+ Appendix Network Management Tutorial
+
+
+ and learn the tools and techniques for monitoring the opera-
+ tions at each of the above stages.
+
+ 3.2 A Simple Procedure for Connectivity Check
+
+ In this section, we describe a procedure for isolating a
+ TCP/IP connectivity problem.** In this procedure, a series
+ of tests methodically examine connectivity from a host,
+ starting with nearby resources and working outward. The
+ steps in our connectivity-testing procedure are:
+
+ 1. As an initial sanity check, ping your own IP address
+ and the loopback address.
+
+ 2. Next, try to ping other IP hosts on the local subnet.
+ Use numeric addresses when starting off, since this
+ eliminates the name resolvers and host tables as poten-
+ tial sources of problems. The lack of an answer may
+ indicate either that the destination host did not
+ respond to ARP (if it is used on your LAN), or that a
+ datagram was forwarded (and hence, the destination IP
+ address was resolved to a local media address) but that
+ no ICMP Echo Reply was received. This could indicate a
+ length-related problem, or misconfigured IP Security.
+
+ 3. If an IP router (gateway) is in the system, ping both
+ its near and far-side addresses.
+
+ 4. Make sure that your local host recognizes the gateway
+ as a relay. (For BSD hosts, use netstat.)
+
+ 5.addresses
+ Still using numeric IP addresses, try to ping hosts
+ beyond the gateway. If you get no response, run hop-
+ check or traceroute, if available. Note whether your
+ packets even go to the gateway on their way to the des-
+ tination. If not, examine the methods used to instruct
+ your host to use this gateway to reach the specified
+ destination net (e.g., is the default route in place?
+ Alternatively, are you successfully wire-tapping the
+ IGP messages broadcast on the net you are attached to?)
+
+ _________________________
+ ** Thanks to James VanBokkelen, president of FTP
+ Software, for sharing with us a portion of a PC/TCP
+ support document, the basis for the above connectivity
+ procedure.
+
+
+
+
+ IETF NOCTools Working Group [Page 161]
+
+ Appendix Network Management Tutorial
+
+
+ If traceroute is not available, ping, netstat, arp, and
+ a knowledge of the IP addresses of all the gateway's
+ interfaces can be used to isolate the cause of the
+ problem. Use netstat to determine your next hop to the
+ destination. Ping that IP address to ensure the router
+ is up. Next, ping the router interface on the far sub-
+ net. If the router returns "network unreachable" or
+ other errors, investigate the router's routing tables
+ and interface status. If the pings succeed, ping the
+ close interface of the succeeding next hop gateway, and
+ so on. Remember the routing along the outbound and
+ return paths may be different.
+
+ 6. Once ping is working with numeric addresses, use ping
+ to try to reach a few remote hosts by name. If ping
+ fails when host names are used, check the operation of
+ the local name-mapping system (i.e., with nslookup or
+ DiG). If you want to use "shorthand" forms ("myhost"
+ instead of "myhost.mydomain.com"), be sure that the
+ alias tables are correctly configured.
+
+ 7. Once basic reachability has been established with ping,
+ try some TCP-based applications: FTP and TELNET are
+ supported on almost all IP hosts, but FINGER is a
+ simpler protocol. The Berkeley-specific protocols
+ (RSH, RCP, REXEC and LPR) require extra configuration
+ on the server host before they can work, and so are
+ poor choices for connectivity testing.
+
+ If problems arise in steps 2-7 above, rerunning the tests
+ while executing a line monitor (e.g., etherfind, netwatch,
+ or tcpdump) can help to pinpoint the problem.
+
+ The above procedure is sound and useful, especially if lit-
+ tle is known about the cause of the connectivity problem.
+ It is not, however, guaranteed to be the shortest path to
+ diagnosis. In some cases, a binary search on the problem
+ might be more effective (i.e., try a test "in the middle,"
+ in a spot where the failure modes are well defined). In
+ other cases, available information might so strongly suggest
+ a particular failure that immediately testing for it is in
+ order. This last "approach," which might be called "hunting
+ and pecking," should be used with caution: chasing one will
+ o' the wisp after another can waste much time and effort.
+
+ Note that line problems are still among the most common
+ causes of connectivity loss. Problems in transmission
+ across local media are outside the scope of this tutorial.
+
+
+
+ IETF NOCTools Working Group [Page 162]
+
+ Appendix Network Management Tutorial
+
+
+ But, if a host or workstation loses or cannot establish con-
+ nectivity, check its physical connection.
+
+ 3.3 Limited Connectivity
+
+ An interesting class of problems can result in a particu-
+ larly mysterious failure: TELNET or other low-volume TCP
+ connections work, but large file transfers fail. FTP
+ transfers may start, but then hang. There are several pos-
+ sible culprits in this problem. The most likely suspects
+ are IP implementations that cannot fragment or reassemble
+ datagrams, and TCP implementations that do not perform
+ dynamic window sizing (a.k.a. Van Jacobson's "Slow Start"
+ algorithm). Another possibility is mixing incompatible
+ frame formats on an ethernet.
+
+ Even today, some IP implementations in the Internet cannot
+ correctly handle fragmentation or reassembly. They will
+ work fine for small packets, but drop all large packets.
+
+ The problem can also be caused by buffer exhaustion at gate-
+ ways that connect interfaces of widely differing bandwidth.
+ Datagrams from a TCP connection that traverses a bottleneck
+ will experience queue delays, and will be dropped if buffer
+ resources are depleted. The congestion can be made worse if
+ the TCP implementation at the traffic source does not use
+ the recommended algorithms for computing retransmission
+ times, since spuriously retransmitted datagrams will only
+ add to the congestion.* Fragmentation, even if correctly
+ implemented, will compound this problem, since processing
+ delays and congestion will be increased at the bottleneck.
+
+ Serial Line Internet Protocol (SLIP) links are especially
+ vulnerable to this and other congestion problems. SLIP
+ lines are typically an order of magnitude slower than other
+ gateway interfaces. Also, the SLIP lines are at times con-
+ figured with MTUs (Maximum Transfer Unit, the maximum length
+ of an IP datagram for a particular subnet) as small as 256
+ _________________________
+ * To avoid this problem, TCP implementations on the In-
+ ternet must use "exponential backoff" between succes-
+ sive retransmissions, Karn's algorithm for filtering
+ samples used to estimate round-trip delay between TCP
+ peers, and Jacobson's algorithm for incorporating vari-
+ ance into the "retransmission time-out" computation for
+ TCP segments. See Section 4.2.3.1 of RFC 1122, "Re-
+ quirements for Internet Hosts -- Communication Layers."
+
+
+
+
+ IETF NOCTools Working Group [Page 163]
+
+ Appendix Network Management Tutorial
+
+
+ bytes, which virtually guarantees fragmentation.
+
+ To alleviate this problem, TCP implementations behind slow
+ lines should advertise small windows. Also, if possible,
+ SLIP lines should be configured with an MTU no less than 576
+ bytes. The tradeoff to weigh is whether interactive traffic
+ will be penalized too severly by transmission delays of
+ lengthy datagrams from concurrent file transfers.
+
+ Misuse of ethernet trailers can also cause the problem of
+ hanging file transfers. "Trailers" refers to an ethernet
+ frame format optionally employed by BSD systems to minimize
+ buffer copying by system software. BSD systems with ether-
+ net interfaces can be configured to send large frames so
+ that their address and control data are at the end of a
+ frame (hence, a "trailer" instead of a "header"). After a
+ memory page is allocated and loaded with a received ethernet
+ frame, the ethernet data will begin at the start of the
+ memory page boundary. Hence, the ethernet control informa-
+ tion can be logically stripped from the end merely by
+ adjusting the page's length field. By manipulating virtual
+ memory mapping, this same page (sans ethernet control infor-
+ mation), can then be passed to the local IP module without
+ additional allocation and loading of memory. The disadvan-
+ tage in using trailers is that it is non-standard. Many
+ implementations cannot parse trailers.
+
+ The hanging FTP problem will appear if a gateway is not con-
+ figured to recognize trailers, but a host or gateway immedi-
+ ately "upstream" on an ethernet uses them. Short datagrams
+ will not be formatted with trailers, and so will be pro-
+ cessed correctly. When the bulk data transfer starts, how-
+ ever, full-sized frames will be sent, and will use the
+ trailer format. To the gateway that receives them, they
+ appear simply as misformatted frames, and are quietly
+ dropped. The solution, obviously, is to insure that all
+ hosts and gateways on an ethernet are consistent in their
+ use of trailers. Note that RFC 1122, "Internet Host
+ Requirements," places very strict restrictions on the use of
+ trailers.
+
+ 4. Performance Testing
+
+ Performance management encompasses two rather different
+ activities. One is passive system monitoring to detect
+ problems and determine operational baselines. The goal is
+ to measure system and component utilization and so locate
+ bottlenecks, since bottlenecks should receive the focus of
+
+
+
+ IETF NOCTools Working Group [Page 164]
+
+ Appendix Network Management Tutorial
+
+
+ performance tuning efforts. Also, performance data is usu-
+ ally required by upper level management to justify the costs
+ of communications systems. This is essentially identical to
+ system monitoring, and is addressed at greater length in
+ Section 2, above.
+
+ Another aspect of performance management is active perfor-
+ mance testing and capacity planning. Some work in this area
+ can be based on analysis. For example, a rough estimate of
+ gateway capacity can be deduced from a simple model given by
+ Charles Hedrick in his "Introduction to Administration of an
+ Internet-based Local Network," which is
+
+ per-packet processing time =
+ switching time +
+ (packet size) * (transmission bps).
+
+ Another guideline for capacity planning is that in order to
+ avoid excessive queuing delays, a system should be sized at
+ about double its expected load. In other words, system
+ capacity should be so high that utilization is no greater
+ than 50%.
+
+ Although there are more sophisticated analytic models of
+ communications systems than those above, their added com-
+ plexity does not usually gain a corresponding accuracy.
+ Most analytic models of communications nets require assump-
+ tions about traffic load distributions and service rates
+ that are not merely problematic, but are patently false.
+ These errors tend to result in underestimating queuing
+ delays. Hence, it is often necessary to actually load and
+ measure the performance of a real communications system if
+ one is to get accurate performance predictions. Obviously,
+ this type of testing is performed on isolated systems or
+ during off hours. The results can be used to evaluate
+ parameter settings or predict performance during normal
+ operations.
+
+ Simulations can be used to supplement the testing of real
+ systems. To be believable, however, simulations require
+ validation, which, in turn, requires measurements from a
+ real system. Whether testing or simulating a system's per-
+ formance, actual traffic traces should be incorporated as
+ input to traffic generators. The performance of a communi-
+ cations system will be greatly influenced by its load
+ characteristics (burstiness, volume, etc.), which are them-
+ selves highly dependent on the applications that are run.
+
+
+
+
+ IETF NOCTools Working Group [Page 165]
+
+ Appendix Network Management Tutorial
+
+
+ When tuning a net, in addition to the usual configuration
+ parameters, consider the impact of the location of gateways
+ and print and file servers. A few rules of thumb can guide
+ the location of shared system resources. First, there is
+ the principle of locality: a system will perform better if
+ most traffic is between nearby destinations. The second
+ rule is to avoid creating bottlenecks. For example, multi-
+ ple diskservers may be called for to support a large number
+ of workstations. Furthermore, to avoid LAN and diskserver
+ congestion, workstations should be configured with enough
+ memory to avoid frequent swapping.
+
+ As a final note on performance management, proceed cau-
+ tiously if your ethernet interface allows you to customize
+ its collision recovery algorithm. This is almost always a
+ bad idea. The best that it can accomplish is to give a few
+ favored hosts a disproportionate share of the ethernet
+ bandwidth, perhaps at the cost of a reduction in total sys-
+ tem throughput. Worse, it is possible that differing colli-
+ sion recovery algorithms may exhibit a self-synchronizing
+ behavior, so that excess collisions are generated.
+
+ 5. Configuration Management
+
+ Configuration management is the setting, collecting, and
+ storing of the state and parameters of network resources.
+ It overlaps all other network management functions. Hence,
+ some aspects of configuration management have already been
+ addressed (e.g., tuning for performance). In this section,
+ we will focus on configuration management activities needed
+ to "hook up" a net or campus to a larger internet. We will
+ not, of course, include specific details on installing or
+ maintaining internetted communications systems. We will,
+ however, skim over some of the TCP/IP configuration
+ highlights.
+
+ Configuration management includes "name management" -- the
+ control and allocation of system names and addresses, and
+ the translation between names and addresses. Name-to-
+ address translation is performed by "name servers." We con-
+ clude this section with a few strictures on the simultaneous
+ use of two automated name-servers, the Domain Name System
+ (DNS), and Yellow Pages (YP).
+
+ 5.1 Required Host Configuration Data for TCP/IP internets
+
+ In a TCP/IP internet, each host needs several items of
+ information for internet communications. Some will be
+
+
+
+ IETF NOCTools Working Group [Page 166]
+
+ Appendix Network Management Tutorial
+
+
+ host-specific, while other information will be common for
+ all hosts on a subnet. In a soon to be published RFC docu-
+ ment,* R. Droms identifies the following configuration data
+ required by internet hosts:
+
+ o+ An IP address, a host specific value that can be
+ hard-coded or obtained via BOOTP, the Reverse
+ Address Resolution Protocol (RARP) or Dynamic RARP
+ (DRARP).
+
+ o+ Subnet properties, such as the subnet mask and the
+ Maximum Transmission Unit (MTU); obviously, these
+ values are not host-specific.
+
+ o+ Addresses of "entry" gateways to the internet;
+ addresses of default gateways are usually hard-
+ coded; though the ICMP "redirect" message can be
+ used to refine a host's routing tables, there is
+ currently no dynamic TCP/IP mechanism or protocol
+ for a host to locate a gateway; an IETF working
+ group is busy on this problem.
+
+ o+ For hosts in internets using the Domain Name Sys-
+ tem (DNS) for name-to-address translation, the
+ location of a local DNS server is needed; this
+ information is not host-specific, and usually
+ hard-coded;
+
+ o+ Host name (domain name, for hosts using DNS);
+ obviously host-specific; either hard-coded or
+ obtained in a boot procedure.
+
+ o+ For diskless hosts, various boot services. BOOTP
+ is the standard Internet protocol for downloading
+ boot configuration information. The Trivial File
+ Transfer Protocol (TFTP) is typically used for
+ downloading boot images. Sun computers use the
+ "bootparams" RPC mechanism for downloading initial
+ configuration data to a host.
+
+ There are ongoing developments, most notably the work of the
+ Dynamic Host Configuration Working Group of the IETF, to
+ support dynamic, automatic gathering of the above data. In
+ the meantime, most systems will rely on hand-crafted confi-
+ guration files.
+ _________________________
+ * Draft "Dynamic Configuration of Internet Hosts."
+
+
+
+
+ IETF NOCTools Working Group [Page 167]
+
+ Appendix Network Management Tutorial
+
+
+ 5.3 Connecting to THE Internet
+
+ The original TCP/IP Internet (spelled with an upper-case
+ "I") is still active, and still growing. An interesting
+ aspect of the Internet is that it spans many independently
+ administered systems.
+
+ Connection to the Internet requires: a registered network
+ number, for use in IP addresses; a registered autonomous
+ system number (ASN), for use in internet routing; and, a
+ registered domain name. Fielding a primary and backup DNS
+ server is a condition for registering a domain name.
+
+ The Defense Data Network (DDN) Network Information Center
+ (NIC) is responsible for registering network numbers, auto-
+ nomous system numbers, and domain names. Regional nets will
+ have their own policies and requirements for Internet con-
+ nections, but all use the NIC for this registration service.
+ Contact the NIC for further information, at:
+
+ DDN Network Information Center
+ SRI International, Room EJ291
+ 333 Ravenswood Avenue
+ Menlo Park, CA 94025
+
+ Email: HOSTMASTER@NIC.DDN.MIL
+ Phone: 1-415-859-3695
+ 1-800-235-3155 (toll-free hotline)
+
+ 5.4 YP and DNS: Dueling name servers.
+
+ The Domain Name System (DNS) provides name service: it
+ translates host names into IP addresses (this mapping is
+ also called "resolution"). Two widespread DNS implementa-
+ tions are "bind" and "named." The Sun Yellow Pages (YP)
+ system can be configured to provide an identical service, by
+ providing remote, keyed access to the "hosts.byname" map.
+ Unfortunately, if both DNS and the YP hosts.byname map are
+ installed, they can interact in disruptive ways.
+
+ The problem has been noted in systems in which DNS is used
+ as a fallback, to resolve hostnames that YP cannot. If DNS
+ is slow in responding, the timeout in program ypserv may
+ expire, which triggers a repeated request. This can result
+ in disaster if DNS was initially slow because of congestion:
+ the slower things get, the more requests are generated,
+ which slows things even more. A symptom of this problem is
+ that failures by the DNS server or network will trigger
+
+
+
+ IETF NOCTools Working Group [Page 168]
+
+ Appendix Network Management Tutorial
+
+
+ numerous requests to DNS.
+
+ Reportedly, the bug in YP that results in the avalanche of
+ DNS requests has been repaired in SunOS 4.1. The problem,
+ however, is more fundamental than an implementation error.
+ The YP map hosts.byname and the DNS contain the same class
+ of information. One can get an answer to the same query
+ from each system. These answers may well be different:
+ there is not a mechanism to maintain consistency between the
+ systems. More critical, however, is the lack of a mechanism
+ or procedure to establish which system is authoritative.
+ Hence, running the DNS and YP name services in parallel is
+ pointless. If the systems stay consistent, then only one is
+ needed. If they differ, there is no way to choose which is
+ correct.
+
+ The YP hosts.byname service and DNS are comparable, but
+ incompatible. If possible, a site should not run both ser-
+ vices. Because of Internet policy, sites with Internet con-
+ nections MUST use the DNS. If YP is also used, then it
+ should be configured with YP-to-DNS disabled.
+
+ Hacking a system so that it uses DNS rather than the YP
+ hosts.byname map is not trivial, and should not be attempted
+ by novices. The approach is to rebuild the shared C link-
+ library, so that system calls to gethostbyname() and
+ gethostbyaddr() will use DNS rather than YP. To complete
+ the change, programs that do not dynamically link the shared
+ C library (rcp, arp, etc.) must also be rebuilt.
+
+ Modified shared C libraries for Sun 3s and Sun 4s are avail-
+ able via anonymous FTP from host uunet.uu.net, in the sun-
+ fixes directory. Note that use of DNS routines rather than
+ YP for general name resolution is not a supported SunOS
+ feature at this time.
+
+ 6. Internet Security
+
+ The guidelines and advice in this section pertain to enhanc-
+ ing the protection of data that are merely "sensitive." By
+ themselves, these measures are insufficient for protecting
+ "classified" data. Implementing the policies required to
+ protect classified data is subject to stringent, formal
+ review procedures, and is regulated by agencies such as the
+ Defense Investigative Service (DIS) and the National Secu-
+ rity Agency (NSA).
+
+ A network manager must realize that he is responsible for
+
+
+
+ IETF NOCTools Working Group [Page 169]
+
+ Appendix Network Management Tutorial
+
+
+ protecting his system and its users. Furthermore, though
+ the Internet may appear to be a grand example of a coopera-
+ tive joint enterprise, recent incidents have made it clear
+ that not all Internet denizens are benign.
+
+ A network manager should be aware that the network services
+ he runs have a large impact on the security risks to which
+ his system is exposed. The prudent network manager will be
+ very careful as to what services his site provides to the
+ rest of the Internet, and what access restrictions are
+ enforced. For example, the protocol "finger" may provide
+ more information about a user than should be given to the
+ world at large. Worse, most implementations of the protocol
+ TFTP give access to all world-readable files.
+
+ This section highlights several basic security considera-
+ tions for Internet sites. It then lists several sources of
+ information and advice on improving the security of systems
+ connected to the Internet.
+
+ 6.1 Basic Internet Security
+
+ Two major Internet security threats are denial of service
+ and unauthorized access.
+
+ Denial of service threats often take the form of protocol
+ spoofers or other malicious traffic generators. These prob-
+ lems can be detected through system monitoring logs. If an
+ attack is suspected, immediately contact your regional net
+ office (e.g., SURANET, MILNET). In addition, DDN users
+ should contact SCC, while other Internet users should con-
+ tact CERT (see below). A cogent description of your
+ system's symptoms will be needed.
+
+ At your own site, be prepared to isolate the problems (e.g.,
+ by limiting disk space available to the message queue of a
+ mail system under attack). As a last resort, coping with an
+ attack may require taking down an Internet connection. It
+ is better, however, not to be too quick to quarantine your
+ site, since information for coping with the attack may come
+ via the Internet.
+
+ Unauthorized access is a potentially more ominous security
+ threat. The main avenues are attacks against passwords and
+ attacks against privileged system processes.
+
+ An appallingly common means of gaining entry to systems is
+ by use of the initial passwords to root, sysdiag, and other
+
+
+
+ IETF NOCTools Working Group [Page 170]
+
+ Appendix Network Management Tutorial
+
+
+ management accounts that systems are shipped with. Only
+ slightly less vulnerable are common or trivial passwords,
+ since these are readily subverted by dictionary attacks.*
+ Obvious steps can reduce the risk of password attacks: pass-
+ words should be short-lived, at least eight characters long,
+ with a mix of upper and lower case, and preferably random.
+ The distasteful aspect of memorizing a random string can be
+ alleviated if the password is pronounceable.
+
+ Improving passwords does not remove all risks. Passwords
+ transmitted over an ethernet are visible to all attached
+ systems. Furthermore, gateways have the potential to inter-
+ cept passwords used by any FTP or TELNET connections that
+ traverse them. It is a bad idea for the root account to be
+ accessed by FTP or TELNET if the connections must cross
+ untrusted elements.
+
+ Attacks against system processes are another avenue of unau-
+ thorized access. The principle is that by subverting a sys-
+ tem process, the attacker can then gain its access
+ privileges.
+
+ One approach to reducing this risk is to make system pro-
+ grams harder to subvert. For example, the widespread attack
+ in November 1988 by a self-replicating computer program
+ ("worm," analogous to a tapeworm) subverted the "fingerd"
+ process, by loading an intrusive bootstrap program (known
+ variously as a "grappling hook" or "vector" program), and
+ then corrupting the stack space so that a subroutine's
+ return address was overwritten with the address of the
+ bootstrap program.** The security hole in fingerd consisted
+ of an input routine that did not have a length check. Secu-
+ rity fixes to "fingerd" include the use of a revised input
+ routine.
+
+ A more general protection is to apply the principle of
+ "least privilege." Where possible, system routines should
+ run under separate user IDs, and should have no more
+ privilege than is necessary for them to function.
+ _________________________
+ * Exotic fantasy creatures and women's names are well
+ represented in most password dictionaries.
+ ** An early account of the Internet Worm incident of
+ November 1988 is given by Eugene Spafford in the Janu-
+ ary 89 issue of "Computer Communications Review."
+ Several other articles on the worm incident are in the
+ June 89 issue of the "Communications of the ACM."
+
+
+
+
+ IETF NOCTools Working Group [Page 171]
+
+ Appendix Network Management Tutorial
+
+
+ To further protect against attacks on system processes, sys-
+ tem managers should regularly check their system programs to
+ ensure that they have not been tampered with or modified in
+ any way. Checksums should be used for this purpose. Using
+ the operating system to check a file's last date of modifi-
+ cation is insufficient, since the date itself can be
+ compromised.
+
+ Finally, to avoid the unauthorized replacement of system
+ code, care should be exercised in assigning protection to
+ its directory paths.
+
+ Some system programs actually have "trap doors" that facili-
+ tate subversion. A trap door is the epitome of an undocu-
+ mented feature: it is a hidden capability of a system pro-
+ gram that allows a knowledgeable person to gain access to a
+ system. The Internet Worm exploited what was essentially a
+ trap door in the BSD sendmail program.
+
+ Ensuring against trap doors in software as complex as send-
+ mail may be infeasible. In an ideal world, the BSD sendmail
+ program would be replaced by an entire mail subsystem (i.e.,
+ perhaps including mail user agents, mail transfer agents,
+ and text preparation and filing programs). Any site using
+ sendmail should at least obtain the less vulnerable,
+ toughened distribution from ucbarpa.berkeley.edu, in file
+ ~ftp/4.3/sendmail.tar.Z. Sites running SunOS should note
+ that the 4.0.3 release closed the security holes exploited
+ by the Internet Worm. Fixes for a more obscure security
+ hole in SunOS are available from host uunet.uu.net in
+ ~ftp/sun-fixes; these improvements have been incorporated in
+ SunOS 4.1.
+
+ Sendmail has problems other than size and complexity. Its
+ use of root privileges, its approach to alias expansion, and
+ several other design characteristics present potential ave-
+ nues of attack. For UNIX sites, an alternative mail server
+ to consider is MMDF, which is now at version 2. MMDF is
+ distributed as part of the SCO UNIX distribution, and is
+ also available in the user contributed portion of 4.3BSD.
+ Though free, MMDF is licensed, and resale is restricted.
+ Sites running MMDF should be on the mmdf email list;
+ requests to join this list should be sent to:
+ mmdf2-request@relay.cs.net.
+
+ Programs that masquerade as legitimate system code but which
+ contain trap doors or other aides to unauthorized access are
+ known as trojan horses. Computer "viruses," intrusive
+
+
+
+ IETF NOCTools Working Group [Page 172]
+
+ Appendix Network Management Tutorial
+
+
+ software that infects seemingly innocent programs and pro-
+ pagates when the infected programs are executed or copied,
+ are a special case of trojan horse programs.*
+
+ To guard against trojan horse attacks, be wary of programs
+ downloaded from remote sources. At minimum, do not download
+ executables from any but the most trusted sources. Also, as
+ noted above, to avoid proliferation of "infected" software,
+ checksums should be computed, recorded, and periodically
+ verified.
+
+ 6.2 Security Information Clearing-Houses
+
+ The Internet community can get security assistance from the
+ Computer Emergency Response Team (CERT), established by
+ DARPA in November 1988. The Coordination Center for the
+ CERT (CERT/CC) is located at the Software Engineering Insti-
+ tute at Carnegie Mellon University. The CERT is intended to
+ respond to computer security threats such as the November
+ '88 worm attack that invaded many defense and research com-
+ puters. Consult RFC 1135 (Reynolds, J., "The Helminthiasis
+ of the Internet", USC/ISI, December 1989), for further
+ information.
+
+ CERT assists Internet sites in response to security attacks
+ or other emergency situations. It can immediately tap
+ experts to diagnose and solve the problems, as well as
+ establish and maintain communications with the affected com-
+ puter users and with government authorities as appropriate.
+ Specific responses will be taken in accordance with the
+ nature of the problem and the magnitude of the threat.
+
+ CERT is also an information clearing-house for the identifi-
+ cation and repair of security vulnerabilities, informal
+ assessments of existing systems in the research community,
+ improvement to emergency response capability, and both ven-
+ dor and user security awareness. This security information
+ is distributed by periodic bulletins, and is posted to the
+ USENET news group comp.security.announce. In addition, the
+ security advisories issued by CERT, as well as other useful
+ security-related information, are available via anonymous
+ FTP from cert.sei.cmu.edu.
+
+ For immediate response to attacks or incidents, CERT mans a
+ _________________________
+ * Virus attacks have been seen against PCs, but as yet
+ have rarely been directed agains UNIX systems.
+
+
+
+
+ IETF NOCTools Working Group [Page 173]
+
+ Appendix Network Management Tutorial
+
+
+ 24-hour hotline at (412) 268-7090. To subscribe to CERT's
+ security announcement bulletin, or for further information,
+ contact:
+
+ CERT
+ Software Engineering Institute
+ Carnegie Mellon University
+ Pittsburgh, PA 15213-3890
+
+ (412) 268-7080
+ cert@cert.sei.cmu.edu.
+
+ For DDN users, the Security Coordination Center (SCC) serves
+ a function similar to CERT. The SCC is the DDN's clearing-
+ house for host/user security problems and fixes, and works
+ with the DDN Network Security Officer. The SCC also distri-
+ butes the DDN Security Bulletin, which communicates informa-
+ tion on network and host security exposures, fixes, and con-
+ cerns to security and management personnel at DDN facili-
+ ties. It is available online, via kermit or anonymous FTP,
+ from nic.ddn.mil, in SCC:DDN-SECURITY-yy-nn.TXT (where "yy"
+ is the year and "nn" is the bulletin number). The SCC pro-
+ vides immediate assistance with DDN-related host security
+ problems; call (800) 235-3155 (6:00 a.m. to 5:00 p.m.
+ Pacific Time) or send e-Mail to SCC@NIC.DDN.MIL. For 24
+ hour coverage, call the MILNET Trouble Desk (800) 451-7413
+ or AUTOVON 231-1713.
+
+ The CERT/CC and the SCC communicate on a regular basis and
+ support each other when problems occur. These two organiza-
+ tions are examples of the incident response centers that are
+ forming; each serving their own constituency or focusing on
+ a particular area of technology.
+
+ Other network groups that discuss security issues are:
+ comp.protocols.tcp-ip, comp.virus (mostly PC-related, but
+ occasionally covers Internet topics), misc.security, and the
+ BITNET Listserv list called VIRUS-L.
+
+ 7. Internet Information
+
+ There are many available references on the TCP/IP protocol
+ suite, the internet architecture, and the DDN Internet. A
+ soon to be published FYI RFC document, "Where to Start: A
+ Bibliography of General Internetworking Information." pro-
+ vides a bibliography of online and hard copy documents,
+ reference materials, and multimedia training tools that
+ address general networking information and "how to use the
+
+
+
+ IETF NOCTools Working Group [Page 174]
+
+ Appendix Network Management Tutorial
+
+
+ Internet." It presents a representative collection of
+ materials that will help the reader become familiar with the
+ concepts of internetworking. Inquires on the current status
+ of this document can be sent to user-doc@nnsc.nsf.net or by
+ postal mail to:
+
+ Corporation for National Research Initiatives
+ 1895 Preston White, Suite 100
+ Reston, VA 22091
+ Attn: IAB Secretariat.
+
+ Two texts on networking are especially noteworthy. _I_n_t_e_r_-
+ _n_e_t_w_o_r_k_i_n_g _W_i_t_h _T_C_P/_I_P, by Douglas Comer, is an informative
+ description of the TCP/IP protocol suite and its underlying
+ architecture. The _U_N_I_X _S_y_s_t_e_m _A_d_m_i_n_i_s_t_r_a_t_i_o_n _H_a_n_d_b_o_o_k, by
+ Nemeth, Snyder, and Seebass, is a "must have" for system
+ administrators who are responsible for UNIX hosts. In addi-
+ tion to covering UNIX, it provides a wealth of tutorial
+ material on networking, the Internet, and network manage-
+ ment.
+
+ A great deal of information on the Internet is available
+ online. An automated, online reference service is available
+ from CSNET. To obtain a bibliography of their online offer-
+ ings, send the email message
+
+ request: info
+ topic: help
+ request: end
+
+ to info-server@sh.cs.net.
+
+ The DDN NIC also offers automated access to many NIC docu-
+ ments, online files, and WHOIS information via electronic
+ mail. To use the service, send an email message with your
+ request specified in the SUBJECT field of the message. For
+ a sampling of the type of offerings available through this
+ service, send the following message
+
+ To: SERVICE@NIC.DDN.MIL
+ Subject: help
+ Msg: <none>
+
+
+ The DDN Protocol Implementations and Vendors Guide, pub-
+ lished by the DDN Network Information Center (DDN NIC),* is
+ _________________________
+ * Products mentioned in the guide are not specifically
+
+
+
+ IETF NOCTools Working Group [Page 175]
+
+ Appendix Network Management Tutorial
+
+
+ an online reference to products and implementations associ-
+ ated with the DoD Defense Data Network (DDN) group of com-
+ munication protocols, with emphasis on TCP/IP and OSI proto-
+ cols. It contains information on protocol policy and
+ evaluation procedures, a discussion of software and hardware
+ implementations, and analysis tools with a focus on protocol
+ and network analyzers. To obtain the guide, invoke FTP at
+ your local host and connect to host NIC.DDN.MIL (internet
+ address 26.0.0.73 or 10.0.0.51). Log in using username
+ 'anonymous' with password 'guest' and get the file
+ NETINFO:VENDORS-GUIDE.DOC.
+
+ The DDN Protocol Guide is also available in hardcopy form.
+ To obtain a hardcopy version of the guide, contact the DDN
+ Network Information Center:
+
+ By U.S. mail:
+ SRI International
+ DDN Network Information Center
+ 333 Ravenswood Avenue, Room EJ291
+ Menlo Park, CA 94025
+
+ By e-mail:
+ NIC@NIC.DDN.MIL
+
+ By phone:
+ 1-415-859-3695
+ 1-800-235-3155 (toll-free hotline)
+
+ For further information about the guide, or for information
+ on how to list a product in a subsequent edition of the
+ guide, contact the DDN NIC.
+
+ There are many additional online sources on Internet Manage-
+ ment. RFC 1118, "A Hitchhiker's Guide to the Internet," by
+ Ed Krol, is a useful introduction to the Internet routing
+ algorithms. For more of the nitty-gritty on laying out and
+ configuring a campus net, see Charles Hedrick's "Introduc-
+ tion to Administration of an Internet-based Local Network,"
+ available via anonymous FTP from cs.rutgers.edu (sometimes
+ listed in host tables as aramis.rutgers.edu), in subdirec-
+ tory runet, file tcp-ip-admin. Finally, anyone responsible
+ for systems connected to the Internet must be thoroughly
+ versed in the Host Requirements RFCs (RFC 1122 and RFC 1123)
+ _________________________
+ endorsed or recommended by the Defense Communications
+ Agency (DCA).
+
+
+
+
+ IETF NOCTools Working Group [Page 176]
+
+ Appendix Network Management Tutorial
+
+
+ and "Requirements for Internet Gateways," RFC 1009.
+
+ 8. The Final Words on Internet Management
+
+ Keep smiling, no matter how bad things may seem. You are
+ the expert. They need you.
+
+ 9. Security Considerations
+
+ Security issues are discussed in Section 6.
+
+ 10. Author's Address
+
+ Robert H. Stine
+ SPARTA, Inc.
+ 7926 Jones Branch Drive
+ Suite 1070
+ McLean, VA 22102
+
+ EMail: STINE@SPARTA.COM
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IETF NOCTools Working Group [Page 177]
+ \ No newline at end of file