Many thanks to all who replied. I'm going to have a lovely
time playing with these goodies.
Cheers,
Terry.
============================================================================
From: George Gallen <ggallen_at_slackinc.com>
What I did was created a FIFO named pipe in /tmp, then setup
tcpdump to run in background to send it's output to the pipe
I then had a program running which used the pipe for input
and then stripped the tcpdump output using awk to just the
IP#'s then wrote that to a file
Then all I needed to do was do sorting off that file to see
#'s on either source or destination packets.
two things:
1. have to start the tcpdump first, or the program will bomb
that reads the input, since the source end of the pipe
hasn't been established yet.
2. DO NOT use reverse DNS feature of tcpdump, or that could
bring your system crawling if your DNS isn't functioning
perfectly.
3. If you think it not hitting your system directly, make
sure your card is in promiscuous (pfconfig tu0 +p +c)
My tcpdump script is as follows:
tcpdump -l -e -n ip and host IP# > /tmp/testfifo &
My stripping program was written in a DBMS program, but there
is no reason why a script something like:
cat /tmp/testfile | awk to strip out fields wanted >> /tmp/outfile
Since your using awk to strip out just the data you want, the
filesize of /tmp/outfile won't be that big, as if you just dumped
out straight tcpdump. When traffic is slow, it may take a little
while for the buffering in tcpdump to release the data into the
pipe, but for normal traffic, there is little delay.
Then when you want to know your status, you can manipulate
/tmp/outfile with sort or something else.
It's crude, but it works, and you already have everything.
George
============================================================================
From: "Otterson, Robert" <Robert.Otterson_at_compaq.com>
1-Try "netwatch" if you want a terminal interface
http://www.slctech.org/~mackay/netwatch.html
2-Try "ethereal" if you want a Graphic display
http://ethereal.zing.org
============================================================================
From: Nancy Davis <nedavis_at_betafo.gsfc.nasa.gov>
I use scotty/tkined to watch interface load using
SNMP. It requires tcl/tk.
http://wwwhome.cs.utwente.nl/~schoenw/scotty/
Although I admit I'm actually running it from a
Solaris box right now. Not sure about how well
it compiles on DU/Tru64.
Considering the price, it's a great tool. There are
many others that cost much more and give you some
nicer toys, but this does what I need.
============================================================================
From: "Fliguer, Miguel" <M_Fliguer_at_unifon.com.ar>
MRTG provides a good picture of the network situation.
It's basically oriented to routers, but we're using it
to monitor the network interfaces from our Alphas,
(just make sure you have SNMP enabled)
Check out at :
http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
============================================================================
From: Lucio Chiappetti <lucio_at_ifctr.mi.cnr.it>
Try ntop :
http://www.ntop.org
Has a line mode interface similar to "top" and a quite nice web interface.
Don't know the status of current support for DU. I tried a few months ago to
install it on my old DU 3.2. It did compile and run correctly but slowly
because I had to disable "thread support". I was also in contact with the
author which offered to fix it, but I decided it was not worth for him to work
on an old OS version, so I had one of my colleague to install the Solaris
version, which we are using now to trap local network excesses.
============================================================================
From: Richard Bemrose <rb3_at_sanger.ac.uk>
You may want to take a look at MRTG (Multi Router Traffic Grapher):
http://www.mrtg.org
>From there web site:
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the
traffic load on network-links. MRTG generates HTML pages
containing GIF images which provide a LIVE visual representation of
this traffic. Check
http://www.ee.ethz.ch/stats/mrtg/ for an example.
MRTG is based on Perl and C and works under UNIX and Windows
NT. MRTG is being successfully used on many sites around the net.
============================================================================
From: "M selcukkaraca" <selcuk.karaca_at_aski.gov.tr>
www.ndgsoftware.com
I have found a good software on the above site, ,it is free for 15 days
period . Try it !!
From: Joe Fletcher <joe_at_meng.ucl.ac.uk>
There's a products called etherman around (now part of a suite called
netman I think) which gives a nice graphical representation of network
traffic including traffic levels between hosts.
Take a look at
http://www.oceanwave.com/technical-resources/unix-admin/security/network.html
============================================================================
From: "George A. Dowding" <dowdingg_at_math.uaa.alaska.edu>
I have been looking around for similar tools lately in preperation for
a network upgrade. Here is one that looks promising. It helps
analyze raw tcp traffic.
I haven't had the chance to try it out yet.
http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html
============================================================================
From: Tom Webster <webster_at_ssdpdc.lgb.cal.boeing.com>
There are a number of tools that are available, most will require the
the packet filter interface be built into your running kernel.
1. netop -- This program has a top like display which shows the
different packet types. Possibly useful to determine the nature of
packets on a given network and how much bandwidth they are using.
Can currently sort by either size or number of packets.
http://srp.portico.org/scripts/
2. etherman - This program displays the wheel of hosts diagram
with link width showing (near) real-time bandwidth use. This
software appears to be dead (or at least no longer supported
on DU, I was able to find some binaries on the web a year or
two back). I seem to have purged the URL which means the
site may have gone down as well.
3. etherape - This is a GPLed version of etherman implemented
using the GNOME/GTK libs. I have not tried it, and I don't
know if it builds under DU. If you really want a GUI and
can't locate etherman binaries, you may want to try this.
http://etherape.sourceforge.net/
Please note that these tools are of limited value in a switched
environment (unless you are only interested in broadcast data and
traffic coming to your box -- which seems to be the case). I haven't
been keeping up with these tools since we are no longer in a hubed
environment.
Received on Thu Mar 30 2000 - 09:27:52 NZST