LinuxDig.com Request For Comments

RFC Number : 1147 Title : FYI on a network management tool catalog: Tools for monitoring and debugging TCP/IP internets and interconnected devices. Network Working Group R. Stine, Editor Request for Comments: 1147 SPARTA, Inc. FYI: 2 April 1990 FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices Status of this Memo The goal of this FYI memo is to provide practical informa- tion to site administrators and network managers. This memo provides information for the Internet community. It does not specify any standard. It is not a statement of IAB pol- icy or recommendations. Comments, critiques, and new or updated tool descriptions are welcome, and should be sent to Robert Stine, at stine@sparta.com, or to the NOCTools work- ing group, at noctools@merit.edu. Distribution of this memo is unlimited. 1. Introduction This catalog contains descriptions of several tools avail- able to assist network managers in debugging and maintaining TCP/IP internets and interconnected communications resources. Entries in the catalog tell what a tool does, how it works, and how it can be obtained. The NOCTools Working Group of the Internet Engineering Task Force (IETF) compiled this catalog in 1989. Future editions will be produced as IETF members become aware of tools that should be included, and of deficiencies or inaccuracies. Developing an edition oriented to the OSI protocol suite is also contemplated. The tools described in this catalog are in no way endorsed by the IETF. For the most part, we have neither evaluated the tools in this catalog, nor validated their descriptions. Most of the descriptions of commercial tools have been pro- vided by vendors. Caveat Emptor. 1.1 Purpose The practice of re-inventing the wheel seems endemic to the field of data communications. The primary goal of this IETF NOCTools Working Group [Page 1]  RFC 1147 FYI: Network Management Tool Catalog April 1990 document is to fight that tendency in a small but useful way. By listing the capabilities of some of the available network management tools, we hope to pool and share knowledge and experience. Another goal of this catalog is to show those new in the field what can be done to manage internet sites. A network management tutorial at the end of the document is of further assistance in this area. Finally, by omission, this catalog points out the network management tools that are needed, but do not yet exist. There are other sources of information on available network management tools. Both the DDN Protocol Implementation and Vendors Guide and the DATAPRO series on data communications and LANs are particularly comprehensive and informative. The DDN Protocol Implementation and Vendors Guide addresses a wide range of internet management topics, including evaluations of protocol implementations and network analyzers.* The DATAPRO volumes, though expensive (check your local university or technical libraries!), are good surveys of available commercial products for network manage- ment. DATAPRO also includes tutorials, market analyses, product evaluations, and predictions on technology trends. 1.2 Scope The tools described in this document are used for managing the network resources, LANs, and devices that are commonly interconnected by TCP/IP internets. This document is not, however, a 'how to' manual on network management. While it includes a tutorial, the coverage is much too brief and gen- eral to serve as a sole source: a great deal of further study is required of aspiring network managers. Neither is this catalog is an operations manual for particular tools. Each individual tool entry is brief, and emphasizes the uses to which a tool can be put. A tool's documentation, which in some cases runs to hundreds of pages, should be consulted for assistance in its installation and operation. 1.3 Overview Section 1 describes the purpose, scope, and organization of this catalog. Section 2 lists and explains the standard keywords used in _________________________ * Instructions for obtaining the DDN Protocol Guide are given in Section 7 of the appendix. IETF NOCTools Working Group [Page 2]  RFC 1147 FYI: Network Management Tool Catalog April 1990 the tool descriptions. The keywords can be used as a sub- ject index into the catalog. Section 3, the main body of the catalog, contains the entries describing network management tools. The tool entries in Section 3 are presented in alphabetical order, by tool name. The tool descriptions all follow a standard for- mat, described in the introduction to Section 3. Following the catalog, there is an appendix that contains a tutorial on the goals and practice of network management. 1.4 Acknowledgements The compilation and editing of this catalog was sponsored by the Defense Communications Engineering Center (DCEC), con- tract DCA100-89-C-0001. The effort grew out of an initial task to survey current internet management tools. The cata- log is largely, however, the result of volunteer labor on the part of the NOCTools Working Group, the User Services Working Group, and many others. Without these volunteer contributions, the catalog would not exist. The support from the Internet community for this endeavor has been extremely gratifying. Several individuals made especially notable contributions. Mike Patton, Paul Holbrook, Mark Fedor and Gary Malkin were particularly helpful in composition and editorial review, while Dave Crocker provided essential guidance and encouragement. Bob Enger was active from the first with the gut work of chairing the Working Group and building the catalog. Phill Gross helped to christen the NOCTools Work- ing Group, to define its scope and goals, and to establish its role in the IETF. Mike Little contributed the formative idea of enhancing and publicizing the management tool survey through IETF participation. Responsibility for any deficiencies and errors remains, of course, with the editor. IETF NOCTools Working Group [Page 3]  RFC 1147 FYI: Network Management Tool Catalog April 1990 2. Keywords This catalog uses 'keywords' for terse characterizations of the tools. Keywords are abbreviated attributes of a tool or its use. To allow cross-comparison of tools, uniform key- word definitions have been developed, and are given below. Following the definitions, there is an index of catalog entries by keyword. 2.1 Keyword Definitions The keywords are always listed in a prefined order, sorted first by the general category into which they fall, and then alphabetically. The categories that have been defined for management tool keywords are: o+ the general management area to which a tool relates or a tool's functional role; o+ the network resources or components that are managed; o+ the mechanisms or methods a tool uses to perform its functions; o+ the operating system and hardware environment of a tool; and o+ the characteristics of a tool as a hardware pro- duct or software release. The keywords used to describe the general management area or functional role of a tool are: Alarm a reporting/logging tool that can trigger on specific events within a network. Analyzer a traffic monitor that reconstructs and interprets pro- tocol messages that span several packets. Benchmark a tool used to evaluate the performance of network com- ponents. IETF NOCTools Working Group [Page 4]  RFC 1147 FYI: Network Management Tool Catalog April 1990 Control a tool that can change the state or status of a remote network resource. Debugger a tool that by generating arbitrary packets and moni- toring traffic, can drive a remote network component to various states and record its responses. Generator a traffic generation tool. Manager a distributed network management system or system com- ponent. Map a tool that can discover and report a system's topology or configuration. Reference a tool for documenting MIB structure or system confi- guration. Routing a packet route discovery tool. Security a tool for analyzing or reducing threats to security. Status a tool that remotely tracks the status of network com- ponents. Traffic a tool that monitors packet flow. The keywords used to identify the network resources or com- ponents that a tool manages are: Bridge a tool for controlling or monitoring LAN bridges. IETF NOCTools Working Group [Page 5]  RFC 1147 FYI: Network Management Tool Catalog April 1990 CHAOS a tool for controlling or monitoring implementations of the CHAOS protocol suite or network components that use it. DECnet a tool for controlling or monitoring implementations of the DECnet protocol suite or network components that use it. DNS a Domain Name System debugging tool. Ethernet a tool for controlling or monitoring network components on ethernet LANs. FDDI a tool for controlling or monitoring network components on FDDI LANs or WANs. IP a tool for controlling or monitoring implementations of the TCP/IP protocol suite or network components that use it. OSI a tool for controlling or monitoring implementations of the OSI protocol suite or network components that use it. NFS a Network File System debugging tool. Ring a tool for controlling or monitoring network components on Token Ring LANs. SMTP an SMTP debugging tool. Star a tool for controlling or monitoring network components on StarLANs. The keywords used to describe a tool's mechanism are: IETF NOCTools Working Group [Page 6]  RFC 1147 FYI: Network Management Tool Catalog April 1990 Curses a tool that uses the 'curses' tty interface package. Eavesdrop a tool that silently monitors communications media (e.g., by putting an ethernet interface into 'promiscu- ous' mode). NMS the tool is a component of or queries a Network Manage- ment System. Ping a tool that sends packet probes such as ICMP echo mes- sages; to help distinguish tools, we do not consider NMS queries or protocol spoofing (see below) as probes. Proprietary a distributed tool that uses proprietary communications techniques to link its components. SNMP a network management system or component based on SNMP, the Simple Network Management Protocol. Spoof a tool that tests operation of remote protocol modules by peer-level message exchange. X a tool that uses X-Windows. The keywords used to describe a tool's operating environment are: DOS a tool that runs under MS-DOS. HP a tool that runs on Hewlett-Packard systems. Macintosh a tool that runs on Macintosh personal computers. IETF NOCTools Working Group [Page 7]  RFC 1147 FYI: Network Management Tool Catalog April 1990 Standalone an integrated hardware/software tool that requires only a network interface for operation. UNIX a tool that runs under 4.xBSD UNIX or related OS. VMS a tool that runs under DEC's VMS operating system. The keywords used to describe a tool's characteristics as a hardware or software acquisition are: Free a tool is available at no charge, though other restric- tions may apply (tools that are part of an OS distribu- tion but not otherwise available are not listed as 'free'). Library a tool packaged with either an Application Programming Interface (API) or object-level subroutines that may be loaded with programs. Sourcelib a collection of source code (subroutines) upon which developers may construct other tools. IETF NOCTools Working Group [Page 8]  RFC 1147 FYI: Network Management Tool Catalog April 1990 2.2 Tools Indexed by Keywords Following is an index of catalog entries sorted by keyword. This index can be used to locate the tools with a particular attribute: tools are listed under each keyword that charac- terizes them. The keywords and the subordinate lists of tools under them are in alphabetical order. In the interest of brevity, some liberties have been taken with tool names. Capitalization of the names is as speci- fied by the tool developers or distributers. Note that parenthetical roman numerals following a tool's name are not actually part of the name. The use of roman numerals to differentiate tools with the same name is explained in the introduction of Section 3. alarm bridge CMIP Library ConnectVIEW EtherMeter decaddrs LanProbe NMC LANWatch proxyd NETMON (III) Snmp Libraries osilog snmpd SERAG sma Snmp Libraries CHAOS snmptrapd LANWatch SpiderMonitor map Unisys NCC WIN/MGT Station xnetmon (I) control XNETMON (II) CMIP Library ConnectVIEW NETMON (III) analyzer NMC LANWatch proxyd Sniffer Snmp Libraries SpiderMonitor snmpset TokenVIEW Unisys NCC benchmark WIN/MGT Station hammer XNETMON (II) nhfsstone SPIMS spray TTCP Unisys NCC IETF NOCTools Working Group [Page 9]  RFC 1147 FYI: Network Management Tool Catalog April 1990 curses DOS Internet Rover Comp. Security Checklist net_monitor ConnectVIEW nfswatch hammer osimon hopcheck snmpperfmon LAN Patrol LANWatch netmon (I) debugger NETMON (III) SPIMS netwatch OverVIEW ping DECnet Snmp Libraries decaddrs snmpd (II) LANWatch TokenVIEW NETMON (III) XNETMON (II) net_monitor xnetperfmon NMC Sniffer Snmp Libraries eavesdrop SpiderMonitor ENTM XNETMON (II) etherfind xnetperfmon EtherView LAN Patrol LanProbe DNS LANWatch DiG NETMON (II) LANWatch netwatch netmon (I) nfswatch nslookup NNStat OSITRACE Sniffer SpiderMonitor Tcplogger TRPT IETF NOCTools Working Group [Page 10]  RFC 1147 FYI: Network Management Tool Catalog April 1990 ethernet free arp arp ConnectVIEW CMIP Library ENTM CMU SNMP etherfind DiG etherhostprobe ENTM EtherMeter etherhostprobe EtherView hammer LAN Patrol hopcheck LanProbe HyperMIB LANWatch Internet Rover map map NETMON (III) netmon (I) netwatch NETMON (II) Network Integrator netstat nfswatch netwatch NMC net_monitor NNStat nfswatch proxyd nhfsstone SERAG NNStat Sniffer NPRV Snmp Libraries nslookup snmpd (II) osilog SpiderMonitor osimic tcpdump osimon Unisys NCC OSITRACE WIN/MGT Station ping XNETMON (II) query xnetperfmon sma SNMP Kit tcpdump FDDI tcplogger Unisys NCC traceroute TRPT TTCP generator hammer nhfsstone ping Sniffer SpiderMonitor spray TTCP Unisys NCC IETF NOCTools Working Group [Page 11]  RFC 1147 FYI: Network Management Tool Catalog April 1990 HP IP xup arp CMU SNMP Dual Manager ENTM etherfind etherhostprobe EtherView getone hammer hopcheck Internet Rover LANWatch map Netlabs CMOT Agent Netlabs SNMP Agent netmon (I) NETMON (II) NETMON (III) netstat netwatch net_monitor nfswatch NMC NNStat NPRV OverVIEW ping proxyd query SERAG Sniffer SNMP Kit Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch IETF NOCTools Working Group [Page 12]  RFC 1147 FYI: Network Management Tool Catalog April 1990 snmpxbar snmpxconn manager snmpxmon CMIP Library snmpxperf CMU SNMP snmpxperfmon ConnectVIEW snmpxrtmetric decaddrs SpiderMonitor Dual Manager SPIMS getone spray LanProbe Tcpdump map Tcplogger Netlabs CMOT Agent Traceroute Netlabs SNMP Agent TRPT NETMON (III) TTCP NMC Unisys NCC NNStat WIN/MGT Station osilog xnetmon (I) osimic XNETMON (II) osimon xnetperfmon OverVIEW sma SNMP Kit library Snmp Libraries CMIP Library snmpask Dual Manager snmpd (I) LANWatch snmpd (II) proxyd snmplookup WIN/MGT Station snmpperfmon snmppoll snmpquery Macintosh snmproute HyperMIB snmpsrc snmpset snmpstat snmptrapd snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 13]  RFC 1147 FYI: Network Management Tool Catalog April 1990 map NMS decaddrs CMU SNMP etherhostprobe ConnectVIEW EtherMeter decaddrs LanProbe Dual Manager map EtherMeter NETMON (III) getone Network Integrator LanProbe NPRV map Snmp Libraries Netlabs CMOT Agent snmpxconn Netlabs SNMP Agent snmpxmon NETMON (III) Unisys NCC NMC xnetmon (I) NNStat XNETMON (II) OverVIEW proxyd SERAG NFS SNMP Kit etherfind Snmp Libraries EtherView snmpask nfswatch snmpd (I) nhfsstone snmpd (II) Sniffer snmplookup tcpdump snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 14]  RFC 1147 FYI: Network Management Tool Catalog April 1990 OSI ring CMIP Library ConnectVIEW Dual Manager LANWatch LANWatch map Netlabs CMOT Agent NETMON (III) NETMON (III) netwatch osilog proxyd osimic Sniffer osimon Snmp Libraries OSITRACE snmpd (II) sma TokenVIEW Sniffer XNETMON (II) Snmp Libraries xnetperfmon SpiderMonitor SPIMS XNETMON (II) routing xnetperfmon arp ConnectVIEW decaddrs ping etherhostprobe etherhostprobe getone hopcheck hopcheck Internet Rover NETMON (III) map netstat netmon (I) net_monitor net_monitor NMC NPRV NPRV ping query spray Snmp Libraries traceroute snmproute TTCP snmpsrc Unisys NCC snmpxrtmetric xup traceroute WIN/MGT Station XNETMON (II) proprietary ConnectVIEW EtherMeter security LanProbe Comp. Security Checklist SERAG ConnectVIEW TokenVIEW Dual Manager LAN Patrol SERAG reference XNETMON (II) HyperMIB Unisys NCC IETF NOCTools Working Group [Page 15]  RFC 1147 FYI: Network Management Tool Catalog April 1990 SMTP sourcelib Internet Rover CMIP Library LANWatch CMU SNMP mconnect HyperMIB Sniffer Internet Rover LANWatch map SNMP NETMON (III) CMU SNMP net_monitor decaddrs proxyd Dual Manager SNMP Kit getone Snmp Libraries map Snmpd (II) Netlabs SNMP Agent SpiderMonitor NETMON (III) XNETMON (II) NMC xnetperfmon OverVIEW proxyd SNMP Kit spoof Snmp Libraries DiG snmpask Internet Rover snmpd (I) mconnect snmpd (II) nhfsstone snmplookup nslookup snmpperfmon query snmppoll SPIMS snmpquery snmproute snmpset standalone snmpsrc EtherMeter snmpstat Sniffer snmptrapd SpiderMonitor snmpwatch snmpxbar snmpxconn star snmpxmon LAN Patrol snmpxperf LANWatch snmpxperfmon map snmpxrtmetric NETMON (III) Unisys NCC proxyd WIN/MGT Station Sniffer xnetmon (I) Snmp Libraries XNETMON (II) snmpd (II) xnetperfmon XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 16]  RFC 1147 FYI: Network Management Tool Catalog April 1990 status traffic CMIP Library ENTM CMU SNMP etherfind ConnectVIEW EtherMeter DiG EtherView Dual Manager LAN Patrol getone LanProbe Internet Rover LANWatch LanProbe NETMON (II) mconnect netwatch Netlabs CMOT Agent Network Integrator Netlabs SNMP Agent nfswatch netmon (I) NMC net_monitor NNStat NMC osimon NNStat OSITRACE NPRV Sniffer nslookup snmpxperfmon osimic SpiderMonitor osimon tcpdump OverVIEW tcplogger ping TRPT proxyd Unisys NCC sma WIN/MGT Station SNMP Kit Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmpstat snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon xup IETF NOCTools Working Group [Page 17]  RFC 1147 FYI: Network Management Tool Catalog April 1990 snmpxbar UNIX snmpxconn arp snmpxmon CMIP Library snmpxperf CMU SNMP snmpxperfmon decaddrs snmpxrtmetric DiG SPIMS Dual Manager spray etherfind tcpdump etherhostprobe tcplogger EtherView traceroute getone TRPT Internet Rover TTCP map Unisys NCC mconnect WIN/MGT Station NETMON (II) xnetmon (I) netstat XNETMON (II) Network Integrator xnetperfmon net_monitor nfswatch nhfsstone VMS NMC arp NNStat ENTM nslookup netstat osilog net_monitor osimic NPRV osimon nslookup OSITRACE ping ping Snmp Libraries proxyd tcpdump query traceroute SERAG TTCP sma XNETMON (II) SNMP Kit xnetperfmon Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch IETF NOCTools Working Group [Page 18]  RFC 1147 FYI: Network Management Tool Catalog April 1990 X Dual Manager map snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric WIN/MGT Station XNETMON (II) xnetperfmon xup IETF NOCTools Working Group [Page 19]  RFC 1147 FYI: Network Management Tool Catalog April 1990 3. Tool Descriptions This section is a collection of brief descriptions of tools for managing TCP/IP internets. These entries are in alpha- betical order, by tool name. The entries all follow a standard format. Immediately after the NAME of a tool are its associated KEYWORDS. Keywords are terse descriptions of the purposes or attributes of a tool. A more detailed description of a tool's purpose and characteristics is given in the ABSTRACT section. The MECHANISM section describes how a tool works. In CAVEATS, warnings about tool use are given. In BUGS, known bugs or bug-report procedures are given. LIMITATIONS describes the boundaries of a tool's capabilities. HARDWARE REQUIRED and SOFTWARE REQUIRED relate the operational environment a tool needs. Finally, in AVAILABILITY, pointers to vendors, online repositories, or other sources for a tool are given. We deal with the problem of tool-name clashes -- different tools that have the same name -- by appending parenthetical roman numerals to the names. For example, BYU, MITRE, and SNMP Research each submitted a description of a tool called 'NETMON.' These tools were independently developed, are functionally different, run in different environments, and are no more related than Richard Burton the 19th century explorer and Richard Burton the 20th century actor. BYU's tool 'NETMON' is listed as 'NETMON (I),' MITRE's as 'NETMON (II),' and the tool from SNMP Research as 'NETMON (III).' The parenthetical roman numerals reveal only the order in which the catalog editor received the tool descriptions. They should not be construed to indicate any sort of prefer- ence, priority, or rights to a tool name. IETF NOCTools Working Group [Page 20]  Internet Tool Catalog ARP NAME arp KEYWORDS routing; ethernet, IP; UNIX, VMS; free. ABSTRACT Arp displays and can modify the internet-to-ethernet address translations tables used by ARP, the address resolution protocol. MECHANISM The arp program accesses operating system memory to read the ARP data structures. CAVEATS None. BUGS None known. LIMITATIONS Only the super user can modify ARP entries. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX or related OS, or VMS. AVAILABILITY Available via anonymous FTP from uunet.uu.net, in directory bsd-sources/src/etc. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP. IETF NOCTools Working Group [Page 21]  Internet Tool Catalog CMIP LIBRARY NAME CMIP Library KEYWORDS alarm, control, manager, status; OSI; UNIX; free, library, sourcelib. ABSTRACT The CMIP Library implements the functionality of the Common Management Information Service/Protocol as in the documents ISO DP 9595-2/9596-2 of March 1988. It can act as a building block for the construction of CMIP-based agent and manager applications. MECHANISM The CMIP library uses ISO ROS, ACSE and ASN.1 presenta- tion, as implemented in ISODE, to provide its service. CAVEATS None. BUGS None known. LIMITATIONS The M-CREATE, M-DELETE and M-ACTION protocol primitives are not implemented in this version. HARDWARE REQUIRED Developed on Sun3, tested on Sun3 and VAXStation. SOFTWARE REQUIRED The ISODE protocol suite, BSD UNIX. AVAILABILITY The CMIP library and related management tools built upon it, known as OSIMIS (OSI Management Information Service), are publicly available from University Col- lege London, England via FTP and FTAM. To obtain information regarding a copy send email to gknight@ac.ucl.cs.uk or call +44 1 380 7366. IETF NOCTools Working Group [Page 22]  Internet Tool Catalog CMU SNMP NAME The CMU SNMP Distribution KEYWORDS manager, status; IP; NMS, SNMP; UNIX; free, sourcelib. ABSTRACT The CMU SNMP Distribution includes source code for an SNMP agent, several SNMP client applications, an ASN.1 library, and supporting documentation. The agent compiles into about 10 KB of 68000 code. The distribution includes a full agent that runs on a Kinetics FastPath2/3/4, and is built into the KIP appletalk/ethernet gateway. The machine independent portions of this agent also run on CMU's IBM PC/AT based router. The applications are designed to be useful in the real world. Information is collected and presented in a useful format and is suitable for everyday status moni- toring. Input and output are interpreted symbolically. The tools can be used without referencing the RFCs. MECHANISM SNMP. CAVEATS None. BUGS None reported. Send bug reports to sw0l+snmp@andrew.cmu.edu. ('sw0l' is 'ess double-you zero ell.') LIMITATIONS None reported. HARDWARE REQUIRED The KIP gateway agent runs on a Kinetics FastPath2/3/4. Otherwise, no restrictions. SOFTWARE REQUIRED The code was written with efficiency and portability in mind. The applications compile and run on the follow- ing systems: IBM PC/RT running ACIS Release 3, Sun3/50 running SUNOS 3.5, and the DEC microVax running Ultrix 2.2. They are expected to run on any system with a IETF NOCTools Working Group [Page 23]  Internet Tool Catalog CMU SNMP Berkeley socket interface. AVAILABILITY This distribution is copyrighted by CMU, but may be used and sold without permission. Consult the copy- right notices for further information. The distribu- tion is available by anonymous FTP from the host lancaster.andrew.cmu.edu (128.2.13.21) as the files pub/cmu-snmp.9.tar, and pub/kip-snmp.9.tar. The former includes the libraries and the applications, and the latter is the KIP SNMP agent. Please direct questions, comments, and bug reports to sw0l+snmp@andrew.cmu.edu. ('sw0l' is 'ess double-you zero ell.') If you pick up this package, please send a note to the above address, so that you may be notified of future enhancements/changes and additions to the set of applications (several are planned). IETF NOCTools Working Group [Page 24]  Internet Tool Catalog COMPUTER SECURITY CHECKLIST NAME Computer Security Checklist KEYWORDS security; DOS. ABSTRACT This program consists of 858 computer security ques- tions divided up in thirteen sections. The program presents the questions to the user and records their responses. After answering the questions in one of the thirteen sections, the user can generate a report from the questions and the user's answers. The thirteen sections are: telecommunications security, physical access security, personnel security, systems develop- ment security, security awareness and training prac- tices, organizational and management security, data and program security, processing and operations security, ergonomics and error prevention, environmental secu- rity, and backup and recovery security. The questions are weighted as to their importance, and the report generator can sort the questions by weight. This way the most important issues can be tackled first. MECHANISM The questions are displayed on the screen and the user is prompted for a single keystroke reply. When the end of one of the thirteen sections is reached, the answers are written to a disk file. The question file and the answer file are merged to create the report file. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED DOS operating system. IETF NOCTools Working Group [Page 25]  Internet Tool Catalog COMPUTER SECURITY CHECKLIST AVAILABILITY A commercial product available from: C.D., Ltd. P.O. Box 58363 Seattle, WA 98138 (206) 243-8700 IETF NOCTools Working Group [Page 26]  Internet Tool Catalog CONNECTVIEW NAME ConnectVIEW KEYWORDS control, manager, routing, security, status; bridge, ethernet, ring; NMS, proprietary; DOS. ABSTRACT The ConnectVIEW Network Management System consists of various software managers that control and manage Hal- ley System's internets made of of ConnectLAN 100 ether- net and ConnectLAN 200 Token Ring Brouters. The management software provides an icon-based graphical network display with real-time monitoring and report- ing, along with configuration, fault, performance and security management functions for managing ConnectLAN brouters. A Planning function is also provided that allows users to draw their networks. MECHANISM Proprietary. CAVEATS The ConnectVIEW software must be running under Micro- soft Windows, preferably on a dedicated management sta- tion. There is, however, no degradation of LAN throughput. BUGS None known. LIMITATIONS Currently works only with Halley System's products. HARDWARE REQUIRED Requires a PC/AT compatible, with 640KB RAM, EGA adapter and monitor, keyboard, mouse, and ethernet adapter. SOFTWARE REQUIRED MSDOS 3.3 or higher. Microsoft Windows/286 version 2.1. AVAILABILITY Commercially available from: Halley Systems, Inc. 2730 Orchard Parkway San Jose, CA 95134 IETF NOCTools Working Group [Page 27]  Internet Tool Catalog CONNECTVIEW NAME decaddrs, decaroute, decnroute, xnsroutes, bridgetab KEYWORDS manager, map, routing; bridge, DECnet; NMS, SNMP; UNIX. ABSTRACT These commands display private MIB information from Wellfleet systems. They retrieve and format for display values of one or several MIB variables from the Wellfleet Communications private enterprise MIB, using the SNMP (RFC1098). In particular these tools are used to examine the non-IP modules (DECnet, XNS, and Bridg- ing) of a Wellfleet system. Decaddrs displays the DECnet configuration of a Wellfleet system acting as a DECnet router, showing the static parameters associated with each DECnet inter- face. Decaroute and decnroute display the DECnet inter-area and intra-area routing tables (that is area routes and node routes). Xnsroutes displays routes known to a Wellfleet system acting as an XNS router. Bridgetab displays the bridge forwarding table with the disposition of traffic arriving from or directed to each station known to the Wellfleet bridge module. All these commands take an IP address as the argument and can specify an SNMP community for the retrieval. One SNMP query is performed for each row of the table. Note that the Wellfleet system must be operating as an IP router for the SNMP to be accessible. MECHANISM Management information is exchanged by use of SNMP. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Distributed and supported for Sun 3 systems. SOFTWARE REQUIRED Distributed and supported for SunOS 3.5 and 4.x. IETF NOCTools Working Group [Page 28]  Internet Tool Catalog DECADDRS, DECAROUTE, et al. AVAILABILITY Commercial product of: Wellfleet Communications, Inc. 12 DeAngelo Drive Bedford, MA 01730-2204 (617) 275-2400 IETF NOCTools Working Group [Page 29]  Internet Tool Catalog DIG NAME DiG KEYWORDS status; DNS; spoof; UNIX; free. ABSTRACT DiG (domain information groper), is a command line tool which queries DNS servers in either an interactive or a batch mode. It was developed to be more convenient/flexible than nslookup for gathering perfor- mance data and testing DNS servers. MECHANISM Dig is built on a slightly modified version of the bind resolver (release 4.8). CAVEATS none. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX. AVAILABILITY DiG is available via anonymous FTP from venera.isi.edu in pub/dig.1.0.tar.Z. IETF NOCTools Working Group [Page 30]  Internet Tool Catalog DUAL MANAGER NAME Dual Manager KEYWORDS alarm, control, manager, map, security, status; IP, OSI; NMS, SNMP, X; UNIX; library. ABSTRACT Netlabs' Dual Manager provides management of TCP/IP networks using both SNMP and CMOT protocols. Such management can be initiated either through the X- Windows user interface (both Motif and Openlook), or through OSI Network Management (CMIP) commands. The Dual Manager provides for configuration, fault, secu- rity and performance management. It provides extensive map management features, including scanned maps in the background. It provides simple mechanisms to extend the MIB and assign specific lists of objects to specific network elements, thereby providing for the management of all vendors' specific MIB extensions. It provides an optional relational DBMS for storing and retrieving MIB and alarm information. Finally, the Dual Manager is an open platform, in that it provides several Application Programming Interfaces (APIs) for users to extend the functionality of the Dual Manager. The Dual Manager is expected to work as a TCP/IP 'branch manager' under DEC's EMA, AT&T's UNMA and other OSI-conformant enterprise management architectures. MECHANISM The Netlabs Dual Manager supports the control and moni- toring of network resources by use of both CMOT and SNMP message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Runs on Sun/3 and Sun/4s. IETF NOCTools Working Group [Page 31]  Internet Tool Catalog DUAL MANAGER SOFTWARE REQUIRED Available on System V or SCO Open Desktop environments. Uses X-Windows for the user interface. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam) IETF NOCTools Working Group [Page 32]  Internet Tool Catalog ENTM NAME ENTM -- Ethernet Traffic Monitor KEYWORDS traffic; ethernet, IP; eavesdrop; VMS; free. ABSTRACT ENTM is a screen-oriented utility that runs under VAX/VMS. It monitors local ethernet traffic and displays either a real time or cumulative, histogram showing a percent breakdown of traffic by ethernet pro- tocol type. The information in the display can be reported based on packet count or byte count. The per- cent of broadcast, multicast and approximate lost pack- ets is reported as well. The screen display is updated every three seconds. Additionally, a real time, slid- ing history window may be displayed showing ethernet traffic patterns for the last five minutes. ENTM can also report IP traffic statistics by packet count or byte count. The IP histograms reflect infor- mation collected at the TCP and UDP port level, includ- ing ICMP type/code combinations. Both the ethernet and IP histograms may be sorted by ASCII protocol/port name or by percent-value. All screen displays can be saved in a file for printing later. MECHANISM This utility simply places the ethernet controller in promiscuous mode and monitors the local area network traffic. It preallocates 10 receive buffers and attempts to keep 22 reads pending on the ethernet dev- ice. CAVEATS Placing the ethernet controller in promiscuous mode may severly slow down a VAX system. Depending on the speed of the VAX system and the amount of traffic on the lo- cal ethernet, a large amount of CPU time may be spent on the Interrupt Stack. Running this code on any pro- duction system during operational hours is discouraged. IETF NOCTools Working Group [Page 33]  Internet Tool Catalog ENTM BUGS Due to a bug in the VAX/VMS ethernet/802 device driver, IEEE 802 format packets may not always be detected. A simple test is performed to 'guess' which packets are in IEEE 802 format (DSAP equal to SSAP). Thus, some DSAP/SSAP pairs may be reported as an ethernet type, while valid ethernet types may be reported as IEEE 802 packets. In some hardware configurations, placing an ethernet controller in promiscuous mode with automatic-restart enabled will hang the controller. Our VAX 8650 hangs running this code, while our uVAX IIs and uVAX IIIs do not. Please report any additional bugs to the author at: Allen Sturtevant National Magnetic Fusion Energy Computer Center Lawrence Livermore National Laboratory P.O. Box 808; L-561 Livermore, CA 94550 Phone : (415) 422-8266 E-Mail: sturtevant@ccc.nmfecc.gov LIMITATIONS The user is required to have PHY_IO, TMPMBX and NETMBX privileges. When activated, the program first checks that the user process as enough quotas remaining (BYTLM, BIOLM, ASTLM and PAGFLQUO) to successfully run the program without entering into an involuntary wait state. Some quotas require a fairly generous setting. The contents of IEEE 802 packets are not examined. Only the presence of IEEE 802 packets on the wire is reported. The count of lost packets is approximated. If, after each read completes on the ethernet device, the utility detects that it has no reads pending on that device, the lost packet counter is incremented by one. When the total number of bytes processed exceeds 7fffffff hex, all counters are automatically reset to zero. HARDWARE REQUIRED A DEC ethernet controller. IETF NOCTools Working Group [Page 34]  Internet Tool Catalog ENTM SOFTWARE REQUIRED VAX/VMS version V5.1+. AVAILABILITY For executables only, FTP to the ANONYMOUS account (password GUEST) on CCC.NMFECC.GOV and GET the follow- ing files: [ANONYMOUS.PROGRAMS.ENTM]ENTM.DOC (ASCII text) [ANONYMOUS.PROGRAMS.ENTM]ENTM.EXE (binary) [ANONYMOUS.PROGRAMS.ENTM]EN_TYPES.DAT (ASCII text) [ANONYMOUS.PROGRAMS.ENTM]IP_TYPES.DAT (ASCII text) IETF NOCTools Working Group [Page 35]  Internet Tool Catalog ETHERFIND NAME etherfind KEYWORDS traffic; ethernet, IP, NFS; eavesdrop; UNIX. ABSTRACT Etherfind examines the packets that traverse a network interface, and outputs a text file describing the traffic. In the file, a single line of text describes a single packet: it contains values such as protocol type, length, source, and destination. Etherfind can print out all packet traffic on the ethernet, or traffic for the local host. Further packet filtering can be done on the basis of protocol: IP, ARP, RARP, ICMP, UDP, ND, TCP, and filtering can also be done based on the source, destination addresses as well as TCP and UDP port numbers. MECHANISM In usual operations, and by default, etherfind puts the interface in promiscuous mode. In 4.3BSD UNIX and related OSs, it uses a Network Interface Tap (NIT) to obtain a copy of traffic on an ethernet interface. CAVEATS None. BUGS None known. LIMITATIONS Minimal protocol information is printed. Can only be run by the super user. The syntax is painful. HARDWARE REQUIRED Ethernet. SOFTWARE REQUIRED SunOS. AVAILABILITY Executable included in Sun OS 'Networking Tools and Programs' software installation option. IETF NOCTools Working Group [Page 36]  Internet Tool Catalog ETHERHOSTPROBE NAME etherhostprobe KEYWORDS map, routing; ethernet, IP; ping; UNIX; free. ABSTRACT Output list of hosts on an ethernet that respond to IP ARP. Produces a list in the following format: 08:00:20:01:96:62 128.18.4.114 apptek4 08:00:20:00:02:fe 128.18.4.115 apptek5 08:00:20:00:57:6a 128.18.4.116 apptek6 08:00:20:00:65:34 128.18.4.117 apptek7 08:00:20:06:58:6f 128.18.4.118 apptek8 08:00:20:00:03:4f 128.18.4.119 apptek9 The first column is the ethernet address, the second the IP address, and the third is the hostname (which is omitted if the name could not be found via gethost- byaddr). A starting and ending IP address may be specified on the command line, which will limit the search. MECHANISM Etherhostprobe sends a UDP packet to the ``echo'' port, then looks in the kernel's ARP cache for the corresponding address entry. Explicit response (or lack of same) to the UDP packet is ignored. The cache will be checked up to four times at one-quarter-second intervals. Note that this allows the program to be run by a user with no special privileges. CAVEATS Etherhostprobe will fill the kernel's ARP cache with possibly useless entries, possibly causing delays to programs foolishly attempting to accomplish real work. Etherhostprobe causes -lots- of ARPs to be generated, possibly fooling network monitoring software (or peo- ple) into concluding that something is horribly broken. Etherhostprobe spends up to one second looking for each possible address. Thus, exhaustively searching a class-C network will take about four minutes, and exhaustively searching a class-B network will take about 18 hours. Exhaustively searching a class-A net- work will take the better part of a year, so don't even IETF NOCTools Working Group [Page 37]  Internet Tool Catalog ETHERHOSTPROBE think about it. Etherhostprobe will be fooled by gateways that imple- ment proxy ARP; every possible address on the proxy- ARPed subnet will be listed with the gateway's ethernet address. BUGS None known. LIMITATIONS If a given machine is not running IP ARP at the time that it is probed, it will be considered nonexistent. In particular, if a given machine is down at the time that it is probed . . . All hosts being probed must be on the same (possibly bridged) ethernet. HARDWARE REQUIRED No restrictions, but see below. SOFTWARE REQUIRED Runs on SunOS 3.5, and possibly elsewhere. The major non-standard portion of code is ``tx_arp.c'', which reads the kernel's ARP cache. AVAILABILITY Copyrighted, but freely distributed. Available via anonymous FTP from spam.itstd.sri.com (128.18.10.1). From pub directory, file EHP.1 for etherhostprobe, and files IPF.1 and IPF.2 for ipForwarding. IETF NOCTools Working Group [Page 38]  Internet Tool Catalog ETHERMETER NAME EtherMeter (tm), model LANB/150 KEYWORDS alarm, map, traffic; ethernet; NMS, proprietary; stan- dalone. ABSTRACT The Network Applications Technology (NAT) EtherMeter product is a dedicated ethernet traffic monitor that provides statistics on the ethernet segment to which it is attached. The EtherMeter reports three major kinds of statistics. For good packets, it reports the total number of good packets seen on the segment, the number of multicast and broadcast packets, and the total number of bytes in all packets seen. For packets with errors, it reports the number of CRC errors, short packets, oversize packets, and alignment errors. It also reports the distribution of packet by type, and the number of protocols seen on the segment. A count of transmit collisions is reported. Peak and current ethernet utilization rates are also reported, etc. Alarms can be set for utilization rate, packet rate, total error count, and delta error. The EtherMeter reports the statistics to a Network Management Station (NMS), also available from NAT, via IP/UDP datagrams, so that the meters can be monitored through routers. The NMS displays graphical and/or textual information, and EtherMeter icons turn colors to indicate status. Alarms can be set, and if the lev- els are exceeded an audible alarm is generated on the NMS, and the EtherMeter icon changes from green to yel- low on the network map. MECHANISM The EtherMeter is a self-contained board that can either be plugged into a PC/AT bus for power or installed in a small stand-alone enclosure. The board can be obtained with either a 10BASE5 thick ethernet transceiver cable connector, or a 10BASE2 thin ethernet BNC connector. CAVEATS The EtherMeter is primarily a passive device whose only impact on the network will come from the monitoring packets sent to the NMS. The EtherMeter is assigned an IP address for communication with the NMS. IETF NOCTools Working Group [Page 39]  Internet Tool Catalog ETHERMETER BUGS None known. LIMITATIONS Proprietary protocol currently in use. The company has stated its intention to develop SNMP for the EtherMeter product in the first half of 1990. Currently the NMS does not keep log files. This limitation is ack- nowledged, and plans are underway to add ASCII log file capability to the NMS. HARDWARE REQUIRED An EtherMeter board and a PC/AT bus to plug it into, or a stand-alone enclosure with power supply (available from NAT). A Network Management Station and its software is required as well, to fully interact with the EtherMeter devices. SOFTWARE REQUIRED The EtherMeter software is included in ROM on the dev- ice. The NMS software is bundled in with the NMS hardware. AVAILABILITY The EtherMeter device, stand-alone enclosure, and Net- work Management Station, are available commercially from: Network Application Technology, Inc. 21040 Homestead Road Cupertino, California 95014 Phone: (408) 733-4530 Fax: (408) 733-6478 IETF NOCTools Working Group [Page 40]  Internet Tool Catalog ETHERVIEW NAME EtherView(tm) KEYWORDS traffic; ethernet, IP, NFS; eavesdrop; UNIX. ABSTRACT EtherView is a network monitoring tool which runs on Sun workstations and allows you to monitor your hetero- geneous internet network. It monitors all systems on the ethernet. It has three primary functions: Load Profile: It allows users to monitor the load on the ethernet over extended periods of time. The net- work administrator can use it to characterize load gen- erated by a node on the network, determine which sys- tems and applications generate how much of the load and how that load fluctuates over long periods of time. NFS Profile: It allows the network administrator to determine the load on NFS servers, the average response time NFS servers and the mix of NFS load on each of the servers. Users can use the data to benchmark different NFS servers, determine which servers are overloaded, deduce the number of clients that each server can sup- port and evaluate the effectiveness of NFS accelera- tors. Protocol Analyzer: Users can capture packets based on source, destination, application, protocol, bit pat- tern, packet size or a boolean filtering expression. It provides all standard features such as configurable buffer size, packet slicing and bit pattern based triggering criterion. It does automatic disassembly of NFS, TCP, UDP, IP, ICMP, ARP and RARP packets. Packets can be examined in any combination of summary, hex or detail format. MECHANISM EtherView uses the Sun's NIT interface to turn the eth- ernet interface into promiscuous mode to capture pack- ets. A high level process manages the interface and a low level process does the actual capturing and filter- ing. Shared memory is used to communicate between the two processes. BUGS None known. IETF NOCTools Working Group [Page 41]  Internet Tool Catalog ETHERVIEW LIMITATIONS Because of limitations in Sun's NIT interface, Ether- View will not capture packets originating from the sys- tem where it is run. EtherView requires super-user privileges on the system where it is run. HARDWARE REQUIRED EtherView runs on all models of Sun-3, Sun-4 and Sun- 386i. SOFTWARE REQUIRED Sun-3 - SunOS 4.0.3. (SunOS 4.0 with NIT fixes). Sun-4 - SunOS 4.0. Sun-386i - SunOS 4.0. Runs under SunView. Will run under X Windows in future. AVAILABILITY EtherView is copyrighted, commercial product of: Matrix Computer Systems, Inc. 7 1/2 Harris Road Nashua, NH 03062 Tel: (603) 888-7790 email: ...uunet!matrix!eview IETF NOCTools Working Group [Page 42]  Internet Tool Catalog GETONE, GETMANY, et al. NAME getone, getmany, getroute, getarp, getaddr, getif, getid. KEYWORDS manager, routing, status; IP; NMS, SNMP; UNIX. ABSTRACT These commands retrieve and format for display values of one or several MIB variables (RFC1066) using the SNMP (RFC1098). Getone and getmany retrieve arbitrary MIB variables; getroute, getarp, getaddr, and getif retrieve and display tabular information (routing tables, ARP table, interface configuration, etc.), and getid retrieves and displays system name, identifica- tion and boot time. Getone retrieves and displays the value of the designated MIB variable from the specified target system. The SNMP community name to be used for the retrieval can also be specified. Getmany works similarly for groups of MIB variables rather than individual values. The name of each variable, its value and its data type is displayed. Getroute returns information from the ipRoutingTable MIB structure, displaying the retrieved information in an accessible format. Getarp behaves similarly for the address translation table; getaddr for the ipAddressTable; and getif displays information from the interfaces table, supplemented with information from the ipAddressTable. Getid displays the system name, identification, ipFor- warding state, and the boot time and date. All take a system name or IP address as an argument and can specify an SNMP community for the retrieval. One SNMP query is performed for each row of the table. MECHANISM Queries SNMP agent(s). CAVEATS None. BUGS None known. LIMITATIONS None reported. IETF NOCTools Working Group [Page 43]  Internet Tool Catalog GETONE, GETMANY, et al. HARDWARE REQUIRED Distributed and supported for Sun 3 systems. SOFTWARE REQUIRED Distributed and supported for SunOS 3.5 and 4.x. AVAILABILITY Commercial product of: Wellfleet Communications, Inc. 12 DeAngelo Drive Bedford, MA 01730-2204 (617) 275-2400 IETF NOCTools Working Group [Page 44]  Internet Tool Catalog HAMMER & ANVIL NAME hammer & anvil KEYWORDS benchmark, generator; IP; DOS; free. ABSTRACT Hammer and anvil are the benchmarking programs for IP routers. Using these tools, gateways have been tested for per-packet delay, router-generated traffic over- head, maximum sustained throughput, etc. MECHANISM Tests are performed on a gateway in an isolated testbed. Hammer generates packets at controlled rates. It can set the length and interpacket interval of a packet stream. Anvil counts packet arrivals. CAVEATS Hammer should not be run on a live network. BUGS None reported. LIMITATIONS Early versions of hammer could not produce inter-packet intervals shorter than 55 usec. HARDWARE REQUIRED Hammer runs on a PC/AT or compatible, and anvil requires a PC or clone. Both use a Micom Interlan NI5210 for LAN interface. SOFTWARE REQUIRED MS-DOS. AVAILABILITY Hammer and anvil are copyrighted, though free. Copies are available from pub/eutil on husc6.harvard.edu. IETF NOCTools Working Group [Page 45]  Internet Tool Catalog HOPCHECK NAME hopcheck KEYWORDS routing; IP; ping; DOS; free. ABSTRACT Hopcheck is a tool that lists the gateways traversed by packets sent from the hopcheck-resident PC to a desti- nation. Hopcheck uses the same mechanism as traceroute but is for use on IBM PC compatibles that have ethernet connections. Hopcheck is part of a larger TCP/IP pack- age that is known as ka9q that is for use with packet radio. Ka9q can coexist on a PC with other TCP/IP packages such as FTP Inc's PC/TCP, but must be used independently of other packages. Ka9q was written by Phil Karn. Hopcheck was added by Katie Stevens, dkstevens@ucdavis.edu. Unlike traceroute, which requires a UNIX kernel mod, hopcheck will run on the standard, unmodified ka9q release. MECHANISM See the description in traceroute. CAVEATS See the description in traceroute. BUGS None known. LIMITATIONS Host table required. Does not work with domain name server or with IP address as the argument. This is mainly an inconvenience. HARDWARE REQUIRED IBM PC compatible with ethernet network interface card, though does not work with 3Com 505 board. SOFTWARE REQUIRED DOS. IETF NOCTools Working Group [Page 46]  Internet Tool Catalog HOPCHECK AVAILABILITY Free. On deposit at the National Center for Atmospher- ic Research. For access from UNIX, available via anonymous FTP from windom.ucar.edu, in directory 'etc,' as hopcheck.tar.Z. For access directly from a PC, fetch nethop.exe and readme.hop; nethop.exe is execut- able. Also available via anonymous FTP at ucdavis.edu, in the nethopexe or nethopsrc suite of files in direc- tory 'dist.' IETF NOCTools Working Group [Page 47]  Internet Tool Catalog HYPERMIB NAME HyperMIB KEYWORDS reference; Macintosh; free, sourcelib. ABSTRACT HyperMIB is a hypertext presentation of the MIB (RFC1066). The tree structure of the MIB is presented graphically, and the user traverses the tree by select- ing branches of the tree. When the MIB variables are displayed, selecting them causes a text window to appear and show the definition of that variable (using the actual text of the MIB document). MECHANISM The Apple Macintosh HyperCard utility is used. The actual text of the MIB document is read into scrollable text windows, and a string search is done on the vari- able selected. A person familiar with HyperCard pro- gramming could modify the program to suit their needs (such as to add the definitions for their company's private space). CAVEATS None. BUGS None known. LIMITATIONS This program only gives the definition of the MIB vari- ables. It cannot poll a node to find the value of the variables. HARDWARE REQUIRED Apple Macintosh computer with at least 1MByte of RAM. SOFTWARE REQUIRED Apple Macintosh operating system and HyperCard. AVAILABILITY This software may be copied and given away without charge. The files are available by anonymous FTP on CCC.NMFECC.GOV. The files are: [Anonymous.programs.HyperMIB]Hyper_MIB.help (ASCII text) [Anonymous.programs.HyperMIB]Hyper.MIB (binary) IETF NOCTools Working Group [Page 48]  Internet Tool Catalog HYPERMIB [Anonymous.programs.HyperMIB]MIB.tree (binary) The software is also available for a nominal fee from: National Energy Software Center Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (312) 972-7250 IETF NOCTools Working Group [Page 49]  Internet Tool Catalog INTERNET ROVER NAME Internet Rover KEYWORDS status; IP, SMTP; curses, ping, spoof; UNIX; free, sourcelib. ABSTRACT Internet Rover is a prototype network monitor that uses multiple protocol 'modules' to test network functional- ity. This package consists of two primary pieces of code: the data collector and the problem display. There is one data collector that performs a series of network tests, and maintains a list of problems with the network. There can be many display processes all displaying the current list of problems which is useful in a multi-operator NOC. The display task uses curses, allowing many terminal types to display the problem file either locally or from a remote site. Full source is provided. The data collector is easily configured and extensible. Contri- butions such as additional protocol modules, and shell script extensions are welcome. MECHANISM A configuration file contains a list of nodes, addresses, NodeUp? protocol test (ping in most cases), and a list of further tests to be performed if the node is in fact up. Modules are included to test TELNET, FTP, and SMTP. If the configuration contains a test that isn't recognized, a generic test is assumed, and a filename is checked for existence. This way users can create scripts that create a file if there is a prob- lem, and the data collector simply checks the existence of that file to determine if there is problem. CAVEATS None. BUGS None known. IETF NOCTools Working Group [Page 50]  Internet Tool Catalog INTERNET ROVER LIMITATIONS This tools does not yet have the capability to perform actions based on the result of the test. Rather, it is intended for a multi-operator environment, and simply displays a list of what is wrong with the net. HARDWARE REQUIRED This software is known to run on Suns and IBM RTs. SOFTWARE REQUIRED Curses, 4.xBSD UNIX socket programming libraries, BSD ping. AVAILABILITY Full source available via anonymous FTP from merit.edu (35.1.1.42) in the ~ftp/pub/inetrover directory. Source and executables are public domain and can be freely distributed for non-commercial use. This pack- age is unsupported, but bug reports and fixes may be sent to: wbn@merit.edu. IETF NOCTools Working Group [Page 51]  Internet Tool Catalog LAN PATROL NAME LAN Patrol KEYWORDS security, traffic; ethernet, star; eavesdrop; DOS. ABSTRACT LAN Patrol is a full-featured network analyzer that provides essential information for effective fault and performance management. It allows network managers to easily monitor user activity, find traffic overloads, plan for growth, test cable, uncover intruders, balance network services, and so on. LAN Patrol uses state of the art data collection techniques to monitor all activity on a network, giving an accurate picture of how it is performing. LAN Patrol's reports can be saved as ASCII files to disk, and imported into spreadsheet or database pro- grams for further analysis. MECHANISM The LAN Patrol interface driver programs a standard interface card to capture all traffic on a network seg- ment. The driver operates from the background of a standard PC, maintaining statistics for each station on the network. The information can be viewed on the PC's screen, or as a user-defined report output either to file or printer. CAVEATS None. Normal operation is completely passive, making LAN Patrol transparent to the network. BUGS None known. LIMITATIONS LAN Patrol can monitor up to 10,000 packets/sec on an AT class PC, and is limited to monitoring a maximum of 1024 stations for intervals of up to 30 days. Because LAN Patrol operates at the physical level, it will only see traffic for the segment on which it is installed; it cannot see traffic across bridges. IETF NOCTools Working Group [Page 52]  Internet Tool Catalog LAN PATROL HARDWARE REQUIRED Computer: IBM PC/XT/AT, PS/2 Model 30, or compatible. Requires 512K memory and a hard drive or double-sided disk drive. Display: Color or monochrome text. Color display allows color-coding of traffic information. Ethernet, StarLAN, LattisNet, or StarLAN 10 network interface card. SOFTWARE REQUIRED PC DOS, MS-DOS version 3.1 or greater. AVAILABILITY LAN Patrol many be purchased through network dealers, or directly from: Legend Software, Inc. Phone: (201) 227-8771 FAX: (201) 906-1151 IETF NOCTools Working Group [Page 53]  Internet Tool Catalog LANPROBE NAME LanProbe -- the HP 4990S LanProbe Distributed Analysis System. KEYWORDS alarm, manager, map, status, traffic; ethernet; eaves- drop, NMS; proprietary. ABSTRACT The LanProbe distributed monitoring system performs remote and local monitoring of ethernet LANs in a pro- tocol and vendor independent manner. LanProbe discovers each active node on a segment and displays it on a map with its adapter card vendor name, ethernet address, and IP address. Additional informa- tion about the nodes, such as equipment type and physi- cal location can be entered in to the data base by the user. When the NodeLocator option is used, data on the actual location of nodes is automatically entered and the map becomes an accurate representation of the physical lay- out of the segment. Thereafter when a new node is installed and becomes active, or when a node is moved or becomes inactive, the change is detected and shown on the map in real time. The system also provides the network manager with precise cable fault information displayed on the map. Traffic statistics are gathered and displayed and can be exported in (comma delimited) CSV format for further analysis. Alerts can be set on user defined thres- holds. Trace provides a remote protocol analyzer capability with decodes for common protocols. Significant events (like power failure, cable breaks, new node on network, broadcast IP source address seen, etc.) are tracked in a log that is uploaded to Pro- beView periodically. ProbeView generates reports that can be manipulated by MSDOS based word processors, spreadsheets, and DBMS. IETF NOCTools Working Group [Page 54]  Internet Tool Catalog LANPROBE MECHANISM The system consists of one or more LanProbe segment monitors and ProbeView software running under Microsoft Windows. The LanProbe segment monitor attaches to the end of an ethernet segment and monitors all traffic. Attachment can be direct to a thin or thick coax cable, or via an external transceiver to fiber optic or twist- ed pair cabling. Network data relating to the segment is transferred to a workstation running ProbeView via RS-232, ethernet, or a modem connection. ProbeView software, which runs on a PC/AT class works- tation, presents network information in graphical displays. The HP4992A NodeLocator option attaches to the opposite end of the cable from the HP4991A LanProbe segment mon- itor. It automatically locates the position of nodes on the ethernet networks using coaxial cabling schemes. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED HP 4991A LanProbe segment monitor HP 4992A NodeLocator (for optional capabilities) 80386 based PC capable of running MS-Windows SOFTWARE REQUIRED HP 4990A ProbeView MSDOS 3.0 or higher and Microsoft Windows/286 2.1. AVAILABILITY A commercial product available from: Hewlett-Packard Company P.O. Box 10301, Palo Alto, CA 94303-0890 IETF NOCTools Working Group [Page 55]  Internet Tool Catalog LANWATCH NAME LANWatch KEYWORDS alarm, analyzer, traffic; CHAOS, DECnet, DNS, ethernet, IP, OSI, ring, SMTP, star; eavesdrop; DOS; library, sourcelib. ABSTRACT LANWatch 2.0 is an inexpensive, powerful and flexible network analyzer that runs under DOS on personal com- puters and requires no hardware modifications to either the host or the network. LANWatch is an invaluable tool for installing, troubleshooting, and monitoring local area networks, and for developing and debugging new protocols. Network managers using LANWatch can inspect network traffic patterns and packet errors to isolate performance problems and bottlenecks. Protocol developers can use LANWatch to inspect and verify proper protocol handling. Since LANWatch is a software-only package which installs easily in existing PCs, network technicians and field service engineers can carry LANWatch in their briefcase for convenient network analysis at remote sites. LANWatch has two operating modes: Display and Examine. In Display Mode, LANWatch traces network traffic by displaying captured packets in real time. Examine Mode allows you to scroll back through stored packets to inspect them in detail. To select a subset of packets for display, storage or retrieval, there is an exten- sive set of built-in filters. Using filters, LANWatch collects only packets of interest, saving the user from having to sort through all network traffic to isolate specific packets. The built-in filters include alarm, trigger, capture, load, save and search. They can be controlled separately to match on source or destination address, protocol, or packet contents at the hardware and transport layers. LANWatch also includes suffi- cient source code so users can modify the existing filters and parsers or add new ones. The LANWatch distribution includes executables and source for several post-processors: a TCP protocol analyzer, a node-by-node traffic analyzer and a dump file listing tool. MECHANISM IETF NOCTools Working Group [Page 56]  Internet Tool Catalog LANWATCH Uses many common PC network interfaces by placing them in promiscuous mode and capturing traffic. CAVEATS Most PC network interfaces will not capture 100% of the traffic on a fully-loaded network (primarily missing back-to-back packets). BUGS None known. LIMITATIONS LANWatch can't analyze what it doesn't see (see Caveats). HARDWARE REQUIRED LANWatch requires a PC or PS/2 with a supported network interface card. SOFTWARE REQUIRED LANWatch runs in DOS. Modification of the supplied source code or creation of additional filters and parsers requires Microsoft C 5.1 AVAILABILITY LANWatch is commercially available from FTP Software, Incorporated, 26 Princess Street, Wakefield, MA, 01880 (617 246-0900). IETF NOCTools Working Group [Page 57]  Internet Tool Catalog MAP NAME map -- Interactive Network Map KEYWORDS manager, map; CHAOS, ethernet, IP, ring, star; NMS, ping, SNMP, X; UNIX; free, sourcelib. ABSTRACT Map draws a map of network connectivity and allows interactive examination of information about various components including whether hosts can be reached over the network. The program is supplied with complete source and is written in a modular fashion to make addition of dif- ferent protocols stacks, displays, or hardcopy devices relatively easy. This is one of the reasons why the initial version supports at least two of each. Contri- butions of additional drivers in any of these areas will be welcome as well as porting to additional plat- forms. MECHANISM Net components are pinged by use of ICMP echo and, optionally, CHAOS status requests and SNMP 'gets.' The program initializes itself from static data stored in the file system and therefore does not need to access the network in order to get running (unless the static files are network mounted). CAVEATS As of publication, the tool is in beta release. BUGS Several minor nits, documented in distribution files. Bug discoveries should be reported by email to Bug- Map@LCS.MIT.Edu. LIMITATIONS See distribution file for an indepth discussion of sys- tem capabilities and potential. HARDWARE REQUIRED An X display is needed for interactive display of the map, non-graphical interaction is available in non- display mode. For hardcopy output a PostScript or Tek- tronix 4692 printer is required. IETF NOCTools Working Group [Page 58]  Internet Tool Catalog MAP SOFTWARE REQUIRED BSD UNIX or related OS. IP/ICMP is required; CHAOS/STATUS and SNMP can be used but are optional. X-Windows is required for interactive display of the map. AVAILABILITY As of publication, map is in beta release. To be added to the email forum that discusses the software, or to obtain individual files or instructions on getting the full current release, send a request to: MAP-Request@LCS.MIT.Edu. The program is Copyright MIT. It is available via anonymous FTP with a license making it free to use and distribute for non-commercial purposes. IETF NOCTools Working Group [Page 59]  Internet Tool Catalog MCONNECT NAME mconnect KEYWORDS status; SMTP; spoof; UNIX. ABSTRACT Mconnect allows an interactive session with a remote mailer. Mail delivery problems can be diagnosed by connecting to the remote mailer and issuing SMTP com- mands directly. MECHANISM Opens a TCP connection to remote SMTP on port 25. Pro- vides local line buffering and editing, which is the distinction between mconnect and a TELNET to port 25. CAVEATS None. BUGS None known. LIMITATIONS Mconnect is not a large improvement over using a TELNET connection to port 25. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX or related OS. AVAILABILITY Available with 4.xBSD UNIX and related operating sys- tems. IETF NOCTools Working Group [Page 60]  Internet Tool Catalog NETLABS CMOT AGENT NAME Netlabs CMOT Agent KEYWORDS manager, status; IP, OSI; NMS. ABSTRACT Netlabs' CMOT code debuted in Interop 89. The CMOT code comes with an Extensible MIB, which allows users to add new MIB variables. The code currently supports all the MIB variables in RFC 1095 via the data types in RFC 1065, as well as the emerging MIB-II, which is currently in experimental stage. The CMOT has been benchmarked at 100 Management Operations per Second (MOPS) for a 1-MIPS machine. MECHANISM The Netlabs CMOT agent supports the control and moni- toring of network resources by use of CMOT message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Portable to most hardware. SOFTWARE REQUIRED Portable to most operating systems. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam) IETF NOCTools Working Group [Page 61]  Internet Tool Catalog NETLABS SNMP AGENT NAME Netlabs SNMP Agent. KEYWORDS manager, status; IP; NMS, SNMP. ABSTRACT Netlabs' SNMP code debuted in Interop 89, where it showed interoperation of the code with several imple