NETWATCH page has moved.... This page is dedicated to the LINUX
Community "Netwatch" program for ETHERNET Monitoring.
Comments or Bug Reports to Gordon MacKay
Netwatch is a Linux program created to aid in monitoring Network Connections. It is based on a
program called "statnet" but has been substantially modified for its Ethernet emphasis. It is a
dynamic program which displays the Ethernet status based each the connection's activity. It has
the capability of monitoring hundreds of site statistics simultaneously. The connection's port
number (Well Known Service) and destination address are available as well. There are options
which allow router statistics to be measured on simple networks (with one router). External
network communication is counted and transfer rates are displayed.
The latest versions adds
- bugfix for display of Packet detailed info
- advanced logging of packet information (host basis/all/loc/remote)
- simulation of netwatch using LOG file (as saved previously)
- entire packet information captured/displayed now...
It is interesting to note the prevalence of APACHE as an HTTP Daemon.
The latest available released version is "netwatch-1.0c.src.tgz" otherwise know as Version
NOTE: This version is currently being tested and cannot be considered totally stable.
HTTP Access is as follows:
Available from "sunsite.unc.edu" in
and mirrors throughout the world...
DELAYS: X-Windows version is delayed...
Passive Network Monitoring & Network Security
There is a distinct advantage to passive rather than active network monitoring. In passive
monitoring, the systems outside of the monitor have no loading due to any software for
monitoring. These systems actually have no idea that any monitoring is being performed. This is
an advantage that can be turned into a disadvantage. Security on Ethernet requires tight controls
on packet data encryption otherwise all data transfers, including logins (!), can be seen easily.
REQUIREMENTS for NETWATCH
- 486+ Computer with 8 Meg RAM+
- LINUX (version 1.2.13 Kernel+... although Version 1.0+ should work)
Latest Version tested on:
- Mandriva 2005LE (2.6.x Kernel)
- Ethernet Connection (Thinnet/Thicknet/Twisted Pair)
PPP connection (for Experminental Version)
- Unloaded network box (don't use on a WWW server or Heavy Compilation Box)
- As connections increase, table size increases, searching for entry takes longer, NETWATCH
degrades. Table sizes for remote end can be over 2500 hosts easily.
- A window resizing bug will actually cause a SEG fault in the new
release - resize the window before running and it is ok
Configuration File for Netwatch
As of version 0.8e, Netwatch will accept a configuration file in
"/root/.netwatch.conf". ALL binary users SHOULD make a personal configuration
file. Source code users have other options, but the configuration file
is simplest. Here is a sample configuration file for the latest netwatch (1.0b Pre3): netwatch.conf
A key diagram should be available very soon... :)