NETWATCH TOPICS (Moved)...

NETWATCH page has moved.... This page is dedicated to the LINUX Community "Netwatch" program for ETHERNET Monitoring.

NETWATCH TOPICS

Background Information
Latest Version
FTP Site Access
Passive Network Monitoring & Security

Comments or Bug Reports to Gordon MacKay

BACKGROUND INFORMATION

Netwatch is a Linux program created to aid in monitoring Network Connections. It is based on a program called "statnet" but has been substantially modified for its Ethernet emphasis. It is a dynamic program which displays the Ethernet status based each the connection's activity. It has the capability of monitoring hundreds of site statistics simultaneously. The connection's port number (Well Known Service) and destination address are available as well. There are options which allow router statistics to be measured on simple networks (with one router). External network communication is counted and transfer rates are displayed.

The latest versions adds

bugfix for display of Packet detailed info
advanced logging of packet information (host basis/all/loc/remote)
simulation of netwatch using LOG file (as saved previously)
entire packet information captured/displayed now...

It is interesting to note the prevalence of APACHE as an HTTP Daemon.

LATEST VERSION

The latest available released version is "netwatch-1.0c.src.tgz" otherwise know as Version 1.0c

NOTE: This version is currently being tested and cannot be considered totally stable.

HTTP Access is as follows:

TAR GZ SOURCE Package
TAR GZ BINARY Package
BINARY RPM Package (Mandriva 2005LE or equiv.)
SOURCE RPM Package

Reload feature for periodic saves and clears
Routing Summaries with character graphics display
Saves of Routing Statistics for last day of run (min. by min.)
Freeze display (continue logging) for remote efficiency
PPP Connectivity Monitoring
Multiple Interface Support (1 at a time)

Available from "sunsite.unc.edu" in pub/Linux/system/network/monitor
and mirrors throughout the world...

DELAYS: X-Windows version is delayed...

Passive Network Monitoring & Network Security

There is a distinct advantage to passive rather than active network monitoring. In passive monitoring, the systems outside of the monitor have no loading due to any software for monitoring. These systems actually have no idea that any monitoring is being performed. This is an advantage that can be turned into a disadvantage. Security on Ethernet requires tight controls on packet data encryption otherwise all data transfers, including logins (!), can be seen easily.

REQUIREMENTS for NETWATCH

486+ Computer with 8 Meg RAM+
LINUX (version 1.2.13 Kernel+... although Version 1.0+ should work)
Latest Version tested on:
- Mandriva 2005LE (2.6.x Kernel)
Ethernet Connection (Thinnet/Thicknet/Twisted Pair)
or
PPP connection (for Experminental Version)
Unloaded network box (don't use on a WWW server or Heavy Compilation Box)

LIMITATIONS

As connections increase, table size increases, searching for entry takes longer, NETWATCH
degrades. Table sizes for remote end can be over 2500 hosts easily.

BUG NOTES

A window resizing bug will actually cause a SEG fault in the new release - resize the window before running and it is ok

Configuration File for Netwatch

As of version 0.8e, Netwatch will accept a configuration file in "/root/.netwatch.conf". ALL binary users SHOULD make a personal configuration file. Source code users have other options, but the configuration file is simplest. Here is a sample configuration file for the latest netwatch (1.0b Pre3): netwatch.conf

Documentation

A key diagram should be available very soon... :)