Mind the Ether with Network Monitors for Windows and Linux

The wise network admin employs an array of tools to monitor network
activity. There are almost as many monitoring apps as network admins,
here are some I’ve found to be useful and versatile. I like color
pictures and graphs, you can’t beat scary little red icons for quickly
identifying trouble spots.

A note on downloading: please be sure to use any method offered to
verify the file integrity and authenticity of your downloaded
files. MD5 is a common checksum utility, it works on many platforms,
including Linux and Windows. Youll often find MD5 signatures in ftp
directories, next to their associated files, or in the download
instructions on the vendor’s Web site. Simply put the MD5 executable
in the same directory as your downloaded file, change to that
directory, then type

md5 <filename>

There may be an extended period of nothing happening before it reports
the result. An MD5 signature is a long string of letters and numbers,


If the signatures don’t match, most likely the download is corrupted,
just try it again. Worst case is the ftp server has been compromised by a malicious user.

Big Brother

Available for most major operating systems, including Linux, Windows,
Mac, and Netware, Big Brother monitors system and network
services. While Big Brother is quite sophisticated and customizable,
its reporting concept is simplicity itself: green is good, red is
bad. Not only are specific items marked by green or red icons, the
status page background color also changes to green or red.

Big Brother operates in real time. It displays the information in both
HTML and WML, for display on Web pages, and on WAP-enabled devices,
such as wireless phones and PDAs. It uses standard client-server
architecture, for networks or single machines. To monitor a single
machine simply install the server and client components on the same
machine. Use it to monitor CPU status, disk quotas, services,
databases- it even comes with a hook for MRTG, Multi-Router Traffic
Grapher, for monitoring bandwidth. One very nice use for BB is
monitoring your Service Level Agreements- you’ll see quickly if they
are not being kept, and have the data to prove it.

Out of the box, Big Brother supports a wide range of testing and
reporting; it also supports creating additional plug-ins, written in
the language of your choice. It supports email paging, alpha-numeric
paging, or even write a custom module for the alert notification of
your choice.

Of course, Big Brother uses port 1984, officially assigned by IANA,
Internet Assigned Numbers Authority.

The documentation is good, here are a few important points:

On Unix/Linux, it must be installed from source. If you’re not
comfortable with this, check the documentation for your OS,
also see the Resources section below. Install Big Brother as
root, but do not run it as root. Create a user account just
for Big Brother, call it anything you like, as long it is not
root. You might want to restrict access to BB’s Web or WAP
pages, and definitely restrict incoming connections to
authorized IPs only, via /etc/security.

MRTG, The Multi-Router Traffic Grapher

MRTG, written in Perl and C, is versatile and endlessly
adaptable. MRTG generates HTML pages containing live traffic data in
detailed, nicely readable graphs. MRTG uses SNMP (Simple Network
Management Protocol) to collect traffic data from routers and other
network links. It is helpful to understand SNMP before diving into

Warning: CERT has issued an alert concerning multiple vulnerabilities
in SNMP. As SNMP is widely used, chances are your network is
affected. Please see
http://www.cert.org/advisories/CA-2002-03.html for details.

One of its nicest features is the efficient way it limits log file
size, without losing data. The uses for MRTG are limited only by your
imagination. Some users have adapted it to monitor:

  • inbound and outbound email traffic
  • CPU load-to-disk usage
  • Squid
  • FTP usage
  • Frame relay stats
  • Seti@home
  • Weather
  • LDAP server

MRTG works on Unix/Linux/BSD, and Win32.


Now here’s the tool of choice for admins who don’t need a fancy GUI to
keep an eye on their IP traffic, just the facts. IPTraf is quick to
install and configure, as it does not require any Web-interface
futzing. The current stable version is 2.5, for Linux only. IPTraf
runs from the command line, and provides a sensible,
logically-organized menu interface. IPTraf monitors just about every
network protocol and interface there is, some examples are:

  • packets, bytes, and flags
  • TCP/UDP breakdown
  • LAN station monitor- view traffic data on users PCs
  • ISDN, Ethernet, PPP

The LAN station monitor tracks nodes by their MAC addresses. As MAC
addresses are a bit difficult to relate to, IPTraf allows assigning
descriptions in colon-delimited text-format:

009027C57018:Carla_Schroder PC

Don’t put any colons or periods in the MAC address. A really slick
benefit of this format is it allows linking to a database- most useful
when you have a lot of nodes to track.

And of course there is filtering, to fine-tune the data you wish to
view, and logging. IPTraf will even run in the background. View the
logs to see what went on when you werent looking.

IPTraf runs nicely on an older Pentium II, the minimum requirements
are PII 200 mhz, 16 megs RAM. Realistically, more RAM is better, at
least 64 megs, depending on how many nodes it is monitoring. Plug it
in into any IP network.


The final entry in our network monitor roundup is Mon. I quote the
creator: “mon is a general-purpose scheduler for monitoring service
availability and triggering alerts upon detecting failures.” In
other words, it’s a service monitor daemon: ftp, http, smtp, etc., and
it sends an alert if they fail.

Mon is extremely configurable and customizable. It was developed to
run on Linux, but as it is written in Perl, it is possible to port it
to other platforms without too much aggravation. Write your own
extensions and modifications, or take advantage of the many
community-created tools. Mon is great for the do-it-yourselfer,
probably too painful for the admin who wants something that works
“out of the box”.

Visit the Web sites of these fine monitors to learn more. Each one has
good documentation, and good user mailing lists.



See All Articles by Columnist
Carla Shroder

Get the Free Newsletter!
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Follow Us On Social Media

Explore More