Welcome to the NETWATCH page. This page is dedicated to the LINUX Community "Netwatch" program for ETHERNET Monitoring.



NETWATCH TOPICS

Comments or Bug Reports to Gordon MacKay

BACKGROUND INFORMATION

Netwatch is a Linux program created to aid in monitoring Network Connections. It is based on a program called "statnet" but has been substantially modified for its Ethernet emphasis. It is a dynamic program which displays the Ethernet status based each the connection's activity. It has the capability of monitoring hundreds of site statistics simultaneously. The connection's port number (Well Known Service) and destination address are available as well. There are options which allow router statistics to be measured on simple networks (with one router). External network communication is counted and transfer rates are displayed.

The latest versions adds

It is interesting to note the prevalence of APACHE as an HTTP Daemon.



LATEST VERSION

The latest available released version is "netwatch-1.3.0-1.tgz" otherwise know as Version 1.3.0

NOTE: This version is currently being tested and cannot be considered totally stable.

HTTP Access is as follows:

Available from "sunsite.unc.edu" in pub/Linux/system/network/monitor
and mirrors throughout the world...


Passive Network Monitoring & Network Security

There is a distinct advantage to passive rather than active network monitoring. In passive monitoring, the systems outside of the monitor have no loading due to any software for monitoring. These systems actually have no idea that any monitoring is being performed. This is an advantage that can be turned into a disadvantage. Security on Ethernet requires tight controls on packet data encryption otherwise all data transfers, including logins (!), can be seen easily.

FULL CONTENT MONITORING

In Network Forensics, it is essential to save the entire history of packet usage for a network. Netwatch can help here. It can log the entire collection of packets exchanged for a network saving it to a file for viewing later. It can AUTOMATICALLY save an entire day (or hour or....) and reload to begin saving the next time frame. Placing a netwatch-enabled system on a firewall, hub or switch management port can facilitate activity analysis if your systems become compromised.

SESSION DATA

Analysis of saved netwatch files can be viewed within netwatch using a "simulation mode". In this mode, you have VCR-like controls that allow you to play, fast forward, reverse and rewind. It allows you to stop and examine data exchanges as they happen and to view the individual packet details (using "Watch Mode" and selecting the desired host).  There are NO restrictions on what you can examine in "simulation mode". You can even decide to log ONE host saving that data to a file (or as many hosts as you desire). As you play, the data gets saved to a file using the host name to name the log file (and your desired prefix).
 

REQUIREMENTS for NETWATCH

Limitations

Phoning Home


BUG NOTES

WHO HAS USED NETWATCH AND LIKED IT???

WHAT WOULD YOU LIKE IN NETWATCH?

WOULD YOU LIKE TO SUPPORT NETWATCH?

Configuration File for Netwatch

As of version 0.8e, Netwatch will accept a configuration file in "/root/.netwatch.conf". ALL binary users SHOULD make a personal configuration file. Source code users have other options, but the configuration file is simplest. Here is a sample configuration file for the latest netwatch (1.2.0): netwatch.conf

Documentation

A key diagram should be available very soon... :)