Survey : Network Traffic Monitoring and analysis system

Yang Dong-min 20033327 likeba@nds.postech.ac.kr

Contents
1. 2. 3. 4. 5. 6. Categorization How to describe AdventNet Web NMS(Commercial) ActiveXperts(Commercial) EtherPeek(Commercial) LinkFerret(Commercial) Alchemy Network Monitor(Commercial) PagerEnterprise(Commercial)

7.
8.

BigSister(Free Software)
Analyzer(Free Software)

POSTECH

Networking and Distributed Systems

Contents
9. 10. Ethereal(Free Software) WinDump/TcpDump(Free Software)

11.
12.

Net Probe(Free Software)

Snuffle(Free Software)

POSTECH

Networking and Distributed Systems

Categorization
Whether it supports NMP(Network Monitoring Platforms) or not
Monitoring Tools Integrated with NMP Monitoring Tools, not integrated with an NMP

Whether it is supported for free or not

Commercial Monitoring Tools Public Domain Network Monitoring Tools

POSTECH

Networking and Distributed Systems

How to describe
A. B. C. D. E. F. G. Name, Company|Organization|Developer Functionalities Architecture Platfroms supported User Interfaces supported URLs Important things

POSTECH

Networking and Distributed Systems

AdventNet Web NMS

A. B. AdventNet, Web NMS 4
Open standards-based arch. with support for TL1, SNMP, CORBA, CLI, RMI, XML, and TMF Proactive alarm/event management with customizable filtering/ propagation and drill down

. Event correlation and root cause analysis

Multi-level thresholding and hysteresis Parameterized XML tasks for streamlining configuration and provisioning functions Powerful configuration management add/modify/delete with rollback capability, audit logs Fine-grained security with extensible access control and authorization with support for users, groups, roles, operations, and object views J2EE security model Business rules capability for dynamic control Customizable reporting

XML mediation for management protocols such as SNMP/TL1/CORBA/TFTP/XML/CLI/Telnet

POSTECH

Networking and Distributed Systems

AdventNet Web NMS

C.

D.

Windows NT 4/95/98/2000/XP, RedHat Linux 6.2/7.2, Solaris 2.6/2.7/2.8, HP-UX, IBM AIX

POSTECH

Networking and Distributed Systems

AdventNet Web NMS

Start NMS

E.
Chassis View of DSLAM Device

Displaying DSLAM Devices in a Map

POSTECH

Networking and Distributed Systems

AdventNet Web NMS

Configuring DSLAM Device Parameters Alerts from the DSLAM Device and Sub-components and Its Propagation

F.

http://adventnet.com/products/webnms/

POSTECH

Networking and Distributed Systems

ActiveXperts
A. B. ActiveXperts Network Monitor 5.21, ActiveXperts
Monitoring various application services Monitoring various databases, like Oracle, MS SQL and any ODBC compliant databases Monitoring networks, network protocols and network services Write custom Monitor Functions using the standard VBScript scripting language Monitor Rules are processed simultaneously by the multithreaded monitoring engine. By default, there are 16 threads to process Monitor Rules simultaneously Monitoring engine is self-tuning; the number of threads adapt to the number of rules to be processed per minute

POSTECH

Networking and Distributed Systems

ActiveXperts
C.

D. E.

Engine(monitoring, notifying, triggering actions, recovery, logging) + Manager(viewing results, configuring) Windows/Novell/UNIX/LINUX

POSTECH

Networking and Distributed Systems

ActiveXperts
E. To make changes to the configuration and view the monitoring results To enable operators to monitor and configure from their desktop Explorer-like user interface, with a Folder pane, a Monitor Rules pane and a Log pane User permission mechanism

F.

http://www.activxperts.com/activmonitor/

POSTECH

Networking and Distributed Systems

EtherPeek
A. EtherPeek, WildPackets
Capturing packets Conversations view Name resolution Alarms Filters Global statistics Viewing decoded packets Viewing statistics with your web browser

B.

POSTECH

Networking and Distributed Systems

EtherPeek
C. NDIS 3 or higher

D.

Windows 2000/XP

POSTECH

Networking and Distributed Systems

EtherPeek
E.

F.

http://www.wildpackets.com/products/etherpeek

POSTECH

Networking and Distributed Systems

LinkFerret
A. B. LinkFerret, BaseBand Ethernet and 802.11B network monitor and packet sniffer Wireless monitoring functionality, including signal monitoring, channel scannning, and WEP decryption Remote capturing functionality Supports a variety of standard trace file and report formats that make it easy to capture, store and share network traffic data C.

POSTECH

Networking and Distributed Systems

LinkFerret
D. Windows 98/ME/2000/XP/NT 4.0 with Service Pack 4 or better installed IE ver.5

E.

F.

http://www.baseband.com/

POSTECH

Networking and Distributed Systems

Alchemy Network Monitor

A. DEK, Alchemy Network Monitor

B.

Alchemy Network Monitor monitors server functions using a variety of protocols and services :
[TCP/IP|ICMP|IPX/SPX|Oracle Server|MS SQLServer|Free disk space|NT Event Log|SQLquery result|HTTP(S)/FTP URL|Any Database server|NT Service Status|External application execution|File existence monitoring|NetBIOS|SMTP/POP3|RAS Server Custom VBScript programs]

POSTECH

Networking and Distributed Systems

Alchemy Network Monitor

C. D. E. Windows 9X, NT, 2000, XP, & 2003 Server Compatible

F.

http://www.deksoftware.com/alchemy/index.html
Networking and Distributed Systems

POSTECH

PagerEnterprise
A. PagerEnterprise, AVTECH B. To monitor systems, servers, logfiles, TCP/IP, SNMP MIBs, disks, syslogs,
services, files, web pages, WMI, scheduled FTPs, devices, network connections, task objects, processes, directories and more To support mixed platform networks by polling various OS(Windows NT/2000/XP, Novell NetWare, UNIX, Linux and others) Information obtained from various system resources or log files allows PageR to alert staff or take corrective actions when needed Regularly to check the system, server & network issues on a time interval specified by the manager during setup, typically every minute or a multiple of minutes To monitor across an unlimited number of systems or OS types, throughout the department or enterprise

POSTECH

Networking and Distributed Systems

PagerEnterprise
C.

D.

Windows NT4/XP/2000

POSTECH

Networking and Distributed Systems

PagerEnterprise
E.

F.

http://www.avtech.com/Products/PageR/

POSTECH

Networking and Distributed Systems

BigSister (Free software)

A. BigSister, BigSister monitor networked systems provide a simple view of the current network status generate alarms on status changes generate a history of status changes interoperate with other Big Sister or Big Brother instances or foreign network monitors (such as HP Openview)

B.

POSTECH

Networking and Distributed Systems

BigSister (Free software)

C.

D.

Linux/Systems supporting Win32

POSTECH

Networking and Distributed Systems

BigSister (Free software)

E.

POSTECH

Networking and Distributed Systems

BigSister
E.

F.

http://bigsister.graeff.com/

POSTECH

Networking and Distributed Systems

Analyzer (Free software)

A. B. Analyzer, http://analyzer.polito.it/(Fulvio Risso, Gianluca Varenni)
It captures packets from network. It displays them through a graphical interface. It uses WinPcap library. Full IPv6 support Support for remote capture through the proproper extensions to WinPcap. Please refers to WinPcap for the proper documentation for installing a remote capture server Potential cross platform support, although the current release supports only Win32 LAN node discovery, to see all the hosts that are on your LAN segment Network statistics Network monitor HTML support Event Logging capabilities NetPDL-based protocol definition: it has a new protocol decoding engine based on XML
Networking and Distributed Systems

POSTECH

Analyzer (Free software)

C.

D.

http://analyzer.polito.it/

POSTECH

Networking and Distributed Systems

Analyzer (Free software)

POSTECH

Networking and Distributed Systems

Ethereal (Free software)

A. B. Ethereal, Ethereal
GUI Capture files can be programmatically edited or converted via command-line switches to the "editcap" program 393 protocols : 802.11 MGT, AAL1, AAL3_4, AARP, ACAP, AFP, AFS (RX), AH, AIM, AJP13, ANS, AODV, ARCNET, ARP/RARP, ASAP, ASF, ASP, ATM, ATM LANE, ATP, ATSVC Output can be saved or printed as plain text or PS Data display can be refined using a display filter Display filters can also be used to selectively highlight and color packet summary information All or part of each captured network trace can be saved to disk.

POSTECH

Networking and Distributed Systems

Ethereal (Free software)

C.

NPF(Netgroup Packet Filter) device driver

D.

SunOS, Linux, Windows95/2000/XP

POSTECH

Networking and Distributed Systems

Ethereal (Free software)

E.

F.

http://winpcap.polito.it/ http://www.ethereal.com/
Networking and Distributed Systems

POSTECH

WinDump/TcpDump (Free software)

A. B. TcpDump, http://www.tcpdump.org/ - Van Jacobson Tcpdump prints out the headers of packets on a network interface that match the boolean expression.

C.

POSTECH

Networking and Distributed Systems

WinDump/TcpDump (Free software)

D. TcpDump : Linux/Unix WinDump : Windows 98/2000/XP

E.

Tcpdump
POSTECH
Networking and Distributed Systems

WinDump/TcpDump (Free software)

E.

Windump
POSTECH
Networking and Distributed Systems

WinDump/TcpDump (Free software)

F. http://windump.polito.it/ http://www.tcpdump.org/

POSTECH

Networking and Distributed Systems

Net Probe (Free software)

A. B. Net Probe, ObjectPlanet
Watch in real time which protocols are used on your network Watch in real time which hosts are active on your network and the Internet Watch in real time which conversations are taking place on your network and to and from the Internet Watch in real time detailed protocol statistics per host Watch in real time detailed protocol statistics per conversation Watch in real time network card details for your network Watch traffic amount over time for any host, conversation, and protocol Watch traffic amount of selected entries relative to the total and filtered traffic Filter out selected protocols, selected hosts, selected conversations, and selected network cards Sort network traffic by the amount of bytes or packets sent/received Export network traffic statistics data Password protection Configure users

C.
POSTECH
Networking and Distributed Systems

Net Probe (Free software)

D. Windows NT/2K/XP/2003/Linux/FreeBSD/Solaris/Mac OS X Java 1.1.8 runtime or later installed Network card with promiscuous mode capability

POSTECH

Networking and Distributed Systems

Net Probe (Free software)

E.

POSTECH

Networking and Distributed Systems

Net Probe (Free software)

F. http://www.objectplanet.com/Probe/

POSTECH

Networking and Distributed Systems

Snuffle (Free software)

A. B. Snuffle, Berthold Rathke/Christian Hoene

To observe protocol behavior directly inside the protocol instances of endsystems( IPv4, TCP and UDP) To observes the traffic resulting from a data communication between two mobile stations by a third station, because of the instable wireless physical link, in wireless environment

POSTECH

Networking and Distributed Systems

Snuffle (Free software)

C.

D.

Linux (i386, Kernel 2.2.10)

POSTECH

Networking and Distributed Systems

Snuffle (Free software)

E. To control Snuffle remotely, they implemented a comfortable GUI, completely written in Java (JDK 1.1.7a or higher required). http://www.tkn.tu-berlin.de/equipment/snuffle/intro.html

F.

POSTECH

Networking and Distributed Systems