Network Monitoring Tools

Cricket

Cricket is a high performance network tool that can be used to help visualize and monitor network traffic. SNMP is used to gather link information from the hiseasnet router. SNMP queries each of the interfaces currently in use on the routers at five minute intervals.

Cacti

Cyberoam

Other useful tools

tcpdump

  • If you ssh into a computer and want to use tcpdump to view traffic, ssh (22) can be excluded
    	 tcpdump -i eth0 -n 'port!22'
    
  • Capture traffic leaving a host
             tcpdump -pi eth0 src host [hostname]
    
  • Watch for traffic leaving one network and entering two other networks
             tcpdump -pi eth0 src net [network] and dst net [network2] or [network3]
             tcpdump -pi eth0 src net 128.128.252.0/28 and dst 192.168.11.0/24 or 192.168.12/24
    

    NMAP

  • To see what computers are up, what OS they are running and what ports are open:
    	nmap -sS -O [network]    ie: nmap -sS -O 192.168.11.0
    

    iftop

  • To look at https traffic on the science network:
           iftop -i eth2 -f "dst port 443"
    

    iPerf

  • Need to setup a server (sender) and client (listener)
         On shore just listen
             iperf -s -u
         On shore listen on a certain port    
          iperf -s -u -p 55437
    
         From ship, send 7 M
         iperf -c [shoreip number]  -u -t 120 -b 7M
    

    MTR

  • mtr (my traceroute) is used to see packet losses and transmit times. If mtr consistently shows greater than 5 percent packet losses and a long transit time on the same router, there are probably problems.
          * view in real time
    	mtr -c100 orielly.com
          * save to a file
            mtr -r -c100 oreilly.com >> mtr.txt
    


    lstolp April 2008