Topic: Network Probe Howto Completed

[Cyrus Bharda]

Well after some fine tuning and some help from the wonderful people in the dev-info list, I have finished the netprobe howto which can be found here:

http://mirror.contribs.org/smeserver/contribs/cbharda/howto/netprobe-howto.htm

Network Probe

This free network monitor and protocol analyzer gives you an instant picture of the traffic situation on your network and enables you to monitor network traffic in real time, hunt down, identify, and isolate traffic problems and congestions on your network.
All traffic is monitored in real time and presented to the user as a combination of tables and charts, giving detailed information about hosts and protocols, as well as an instant overview of the traffic situation on your network.

All the information can be searched, sorted, and filtered by protocols, hosts, conversations, and network interfaces. With the click of a button you can see individual usage of specific protocols, how much traffic each user generates, and which sites on the Internet they have visited.



Enjoy!

Cyrus Bharda

[Hsing-Foo]

Congrats on this one Cyrus!

Thanks.

Regards,
RequestedDeletion

[Jim Danvers]

Hey Cyrus...

Thats good stuff!  Thanks for the info and contrib!  I haven't tried it yet, but look fwd to - hopefully i'll be able to muddle through our directions and get it going.

-=- jd -=-

[peter smit]

Thanx worked great

[Arkman]

Cyrus,
 Excellent job! Works perfectly.

[mike mattos]

re promiscous mode, I remember talking to the support staff at Network Instruments when I was installing their 'Observer' software, and they stated that it would work ONLY with a card in promiscous mode, ie, the card had to react to all network traffic in order to monitor it.  Not much point in monitoring only the traffic directed to the probe!

They provided special drivers to put the network cards INTO promiscous mode.

Perhaps someone more knowledgable can comment on this.

mike

[Cyrus Bharda]

I contacted ObjectPlanet and this reply:
So I guess we'll just have to sit tight and wait

----- Original Message -----
From: "Eivind Pedersen"
To:
Sent: Wednesday, March 19, 2003 7:38 PM
Subject: RE: netprobe on Linux putting external devices into promiscuous
mode


We could add an option that lets you start it without promiscuous mode. I'm
not sure this will be implemented for the next release, but we will keep you
informed.

Regards,
Eivind Pedersen
ObjectPlanet, Inc.

[Derek]

Great utility.

To start it on boot, how about adding a line to /etc/rc.d/rc.local? I added a line at the bottom that calls a simple netprobe startup script and it seems to do the trick. Are there any e-smith issues with modifying /etc/rc.d/rc.local?

[Cyrus Bharda]

This was discussed in the dev-info list:

http://www.mail-archive.com/devinfo%40lists.e-smith.org/msg11671.html

But it is all a bit just over my head, and I really do not have the time to muck around and learn it.

There is a couple of was, I just do not have a definate on the 100% best way of implementing netprobe to start when SME boots.

If you have firgured out a way and you think it is 100% foolproof, then please email me instructions and I will change the howto accordingly plus that section will have your name as the author on it just so that if there are any questions you can handle them

Thanks,

Cyrus Bharda

[Cyrus Bharda]

Hi all,

Just to update this thread I have some interesting information from objectplanet:

Bjorn J. Kvande  
  Re: Very large amount of Ether.IP.TCP.netbios-ssn
Posted: May 5, 2003 3:24 PM      Reply  
 

The only traffic the probe generates is name lookups. However, there is a problem in version 0.4 which generates an excessive amount of dns lookups.

This will be fixed in 0.5, and a -nodns option will be added to avoid any traffic generated by the probe

Bjorn


 
Bjorn J. Kvande  
  Network Probe 0.5 performance update
Posted: Apr 25, 2003 11:21 AM      Reply  
 

We have done some extensive work on tuning the probe code for the next release (for the nth time) and these are the results so far:

1) Startup memory usage has decreased by 70%
2) Runtime memory consumption has decreased by 60%
3) Protocol decoding performance has increased by 50%

On my little eMac 700Mhz machine (if you get it to run (fast) on eMac, it runs on anything) it now processes about 35,000 packets per second. This means it handles a 100Mbit network on full speed with no problem.

BTW: Using JDK 1.4.1 instead of 1.3.1 the performance increased to about 50,000 packets per second.

Regards,
Bjorn
 
Version 0.5 is due out end of June

Cyrus Bharda

[Cyrus Bharda]

netprobe 0.5 is now released and it does have a nodns option which stops the huge amount of dns lookup traffic! Also has a very nice graphing utility in it. Lower strain on CPU and can take more traffic than 0.4 using less resources.

My howto is now updated to reflect change!

http://mirror.contribs.org/smeserver/contribs/cbharda/howto/

Cyrus Bharda