Survey : Network Traffic Monitoring and analysis system

1
Survey Network Traffic Monitoring and analysis
system

• Yang Dong-min
• 20033327
• likeba_at_nds.postech.ac.kr

2
Contents

• Categorization
• How to describe
• AdventNet Web NMS(Commercial)
• ActiveXperts(Commercial)
• EtherPeek(Commercial)
• LinkFerret(Commercial)
• Alchemy Network Monitor(Commercial)
• PagerEnterprise(Commercial)
• BigSister(Free Software)
• Analyzer(Free Software)

3
Contents

• Ethereal(Free Software)
• WinDump/TcpDump(Free Software)
• Net Probe(Free Software)
• Snuffle(Free Software)

4
Categorization

• Whether it supports NMP(Network Monitoring
  Platforms) or not
• Monitoring Tools Integrated with NMP
• Monitoring Tools, not integrated with an NMP
• Whether it is supported for free or not
• Commercial Monitoring Tools
• Public Domain Network Monitoring Tools

5
How to describe

1. Name, CompanyOrganizationDeveloper
2. Functionalities
3. Architecture
4. Platfroms supported
5. User Interfaces supported
6. URLs
7. Important things

6
AdventNet Web NMS

1. AdventNet, Web NMS 4
2. .  

Open standards-based arch. with support for TL1, SNMP, CORBA, CLI, RMI, XML, and TMF
Proactive alarm/event management with customizable filtering/ propagation and drill down
Event correlation and root cause analysis
Multi-level thresholding and hysteresis
Parameterized XML tasks for streamlining configuration and provisioning functions
Powerful configuration management add/modify/delete with rollback capability, audit logs
Fine-grained security with extensible access control and authorization with support for users, groups, roles, operations, and object views
J2EE security model
Business rules capability for dynamic control
Customizable reporting
XML mediation for management protocols such as SNMP/TL1/CORBA/TFTP/XML/CLI/Telnet
7
AdventNet Web NMS

2. Windows NT 4/95/98/2000/XP, RedHat Linux 6.2/7.2,
   Solaris 2.6/2.7/2.8, HP-UX, IBM AIX

8
AdventNet Web NMS
Start NMS

Chassis View of DSLAM Device
Displaying DSLAM Devices in a Map
9
AdventNet Web NMS
Configuring DSLAM Device Parameters 
Alerts from the DSLAM Device and Sub-components
and Its Propagation

• http//adventnet.com/products/webnms/

10
ActiveXperts

1. ActiveXperts Network Monitor 5.21, ActiveXperts

Monitoring various application services Monitoring various databases, like Oracle, MS SQL and any ODBC compliant databases Monitoring networks, network protocols and network services Write custom Monitor Functions using the standard VBScript scripting language Monitor Rules are processed simultaneously by the multithreaded monitoring engine. By default, there are 16 threads to process Monitor Rules simultaneously Monitoring engine is self-tuning the number of threads adapt to the number of rules to be processed per minute
11
ActiveXperts

1. Engine(monitoring, notifying, triggering
   actions, recovery, logging)
   Manager(viewing results,
   configuring)
2. Windows/Novell/UNIX/LINUX

12
ActiveXperts

• To make changes to the configuration and view the
  monitoring resultsTo enable operators to monitor
  and configure from their desktopExplorer-like
  user interface, with a Folder pane, a Monitor
  Rules pane and a Log paneUser permission
  mechanism
• http//www.activxperts.com/activmonitor/

13
EtherPeek

1. EtherPeek, WildPackets

Capturing packets Conversations view Name resolution Alarms Filters Global statistics Viewing decoded packets Viewing statistics with your web browser
14
EtherPeek

1. NDIS 3 or higher
2. Windows 2000/XP

15
EtherPeek

2. http//www.wildpackets.com/products/etherpeek

16
LinkFerret

1. LinkFerret, BaseBand

Ethernet and 802.11B network monitor and packet sniffer Wireless monitoring functionality, including signal monitoring, channel scannning, and WEP decryption Remote capturing functionality Supports a variety of standard trace file and report formats that make it easy to capture, store and share network traffic data
17
LinkFerret

1. Windows 98/ME/2000/XP/NT 4.0 with Service Pack 4
   or better installed IE ver.5
3. http//www.baseband.com/

18
Alchemy Network Monitor

• DEK, Alchemy Network Monitor
• Alchemy Network Monitor monitors server functions
  using a variety of protocols and services
• TCP/IPICMPIPX/SPXOracle ServerMS
  SQLServerFree disk spaceNT Event LogSQLquery
  resultHTTP(S)/FTP URLAny Database serverNT
  Service StatusExternal application
  executionFile existence monitoringNetBIOSSMTP/P
  OP3RAS Server Custom VBScript programs

19
Alchemy Network Monitor

2. Windows 9X, NT, 2000, XP, 2003 Server
   Compatible
4. http//www.deksoftware.com/alchemy/index.html

20
PagerEnterprise

1. PagerEnterprise, AVTECH

To monitor systems, servers, logfiles, TCP/IP, SNMP MIBs, disks, syslogs, services, files, web pages, WMI, scheduled FTPs, devices, network connections, task objects, processes, directories and more To support mixed platform networks by polling various OS(Windows NT/2000/XP, Novell NetWare, UNIX, Linux and others) Information obtained from various system resources or log files allows PageR to alert staff or take corrective actions when needed Regularly to check the system, server network issues on a time interval specified by the manager during setup, typically every minute or a multiple of minutes To monitor across an unlimited number of systems or OS types, throughout the department or enterprise
21
PagerEnterprise

2. Windows NT4/XP/2000

22
PagerEnterprise

2. http//www.avtech.com/Products/PageR/

23
BigSister (Free software)

1. BigSister, BigSister

monitor networked systems provide a simple view of the current network status generate alarms on status changes generate a history of status changes interoperate with other Big Sister or Big Brother instances or foreign network monitors (such as HP Openview)
24
BigSister (Free software)

2. Linux/Systems supporting Win32

25
BigSister (Free software)

26
BigSister

2. http//bigsister.graeff.com/

27
Analyzer (Free software)

1. Analyzer, http//analyzer.polito.it/(Fulvio
   Risso, Gianluca Varenni)

It captures packets from network. It displays them through a graphical interface. It uses WinPcap library. Full IPv6 support Support for remote capture through the proproper extensions to WinPcap. Please refers to WinPcap for the proper documentation for installing a remote capture server Potential cross platform support, although the current release supports only Win32 LAN node discovery, to see all the hosts that are on your LAN segment Network statistics Network monitor HTML support Event Logging capabilities NetPDL-based protocol definition it has a new protocol decoding engine based on XML
28
Analyzer (Free software)

2. http//analyzer.polito.it/

29
Analyzer (Free software)
30
Ethereal (Free software)

1. Ethereal, Ethereal

GUI Capture files can be programmatically edited or converted via command-line switches to the "editcap" program 393 protocols 802.11 MGT, AAL1, AAL3_4, AARP, ACAP, AFP, AFS (RX), AH, AIM, AJP13, ANS, AODV, ARCNET, ARP/RARP, ASAP, ASF, ASP, ATM, ATM LANE, ATP, ATSVC Output can be saved or printed as plain text or PS Data display can be refined using a display filter Display filters can also be used to selectively highlight and color packet summary information All or part of each captured network trace can be saved to disk.
31
Ethereal (Free software)

2. SunOS, Linux, Windows95/2000/XP

NPF(Netgroup Packet Filter) device driver
32
Ethereal (Free software)

2. http//winpcap.polito.it/http//www.ethereal.com/
   

33
WinDump/TcpDump (Free software)

1. TcpDump, http//www.tcpdump.org/ - Van Jacobson
2. Tcpdump prints out the headers of packets on a
   network interface that match the boolean
   expression.

34
WinDump/TcpDump (Free software)

1. TcpDump Linux/UnixWinDump Windows 98/2000/XP

Tcpdump
35
WinDump/TcpDump (Free software)

Windump
36
WinDump/TcpDump (Free software)

• http//windump.polito.it/http//www.tcpdump.org/

37
Net Probe (Free software)

1. Net Probe, ObjectPlanet

Watch in real time which protocols are used on your network Watch in real time which hosts are active on your network and the Internet Watch in real time which conversations are taking place on your network and to and from the Internet Watch in real time detailed protocol statistics per host Watch in real time detailed protocol statistics per conversation Watch in real time network card details for your network Watch traffic amount over time for any host, conversation, and protocol Watch traffic amount of selected entries relative to the total and filtered traffic Filter out selected protocols, selected hosts, selected conversations, and selected network cards Sort network traffic by the amount of bytes or packets sent/received Export network traffic statistics data Password protection Configure users
38
Net Probe (Free software)

1. Windows NT/2K/XP/2003/Linux/FreeBSD/Solaris/Mac
   OS XJava 1.1.8 runtime or later installed
   Network card with promiscuous mode capability

39
Net Probe (Free software)

40
Net Probe (Free software)

1. http//www.objectplanet.com/Probe/

41
Snuffle (Free software)

1. Snuffle, Berthold Rathke/Christian Hoene

• To observe protocol behavior directly inside the
  protocol instances of endsystems( IPv4, TCP and
  UDP)
• To observes the traffic resulting from a data
  communication between two mobile stations by a
  third station, because of the instable wireless
  physical link, in wireless environment

42
Snuffle (Free software)

2. Linux (i386, Kernel 2.2.10)

43
Snuffle (Free software)

1. To control Snuffle remotely, they implemented a
   comfortable GUI, completely written in Java (JDK
   1.1.7a or higher required).
2. http//www.tkn.tu-berlin.de/equipment/snuffle/intr
   o.html