Version 0.9e (NETWATCH) NETWATCH is VERY loosely based on the code from Statnet... thanks out to Jeroen and Scot... NETWATCH allows a user (superuser) to monitor an ETHERNET and examine activity on the network. Hostnames are highlighted in colours (for those supporting them) to indicate activity on the bus network based on time ( less than 1 minute RED, less than 5 minutes YELLOW, less than 30 minutes GREEN and otherwise BLUE). The monitor includes statistics on a) Transmitted and received packets b) Transmitted and received bytes c) Protocol of LAST packet (TX or RC) d) LAST Communication partner (IP address) e) Logging entire stats to ASCII file (large...) The number of hosts capable of support is a function of memory. They are stored in 2 doubly-linked lists (local and remote). Screen updates take place 1 per second (unless a rare lockout... when linked list links are updating... in which case it displays in the next second) Keyboard usage is admittedly limited. TAB Switches between LOCAL and REMOTE sections of screen Go forward to next display option Go backward to previous display option Go back to previous page (back 20 lines on most consoles) (working on the selected REMOTE OR LOCAL section) Go forward to next page (forward 20 lines on most consoles) (working on the selected REMOTE OR LOCAL section) c Clear counters for fresh counting n Clear linked lists for new start d Toggle between allowing remote DOMAIN service hosts and not b Toggle between showing the OLD (blue) hosts and not There is rudimentary logging capability, using the 'l' command. This saves the current statistics (all) to a file called "/etc/netwatch.stats". WARNING: This file may get VERY large. Statistics for the local machines are dumped THEN the remote machines. This info is APPENDED to the file. LOGGING is improving.. stay tuned RELOAD option in the config file allows the user to set a start time for RELOADing as well as an offset time (to indicate when the next RELOAD will occur). Stats are saved on a reload and the netwatch stats are cleared. It is a simple program to execute for ETHERNET under LINUX. As of version 0.6a, the program will search for information from the "/proc" file system. If it is not there, it assumes that there is a "/etc/rc.d/rc.inet1" file for network configuration. If so, it checks for an "eth0" ifconfig and picks up the netmask from the file. For those with multiple "eth" interfaces, I am sorry it doesn't support both simultaneously. For "eth1" support, use the command line netwatch -e eth1 As of version 0.6a, this program calls home with a simple packet of info including the domain and machine name which is running. It is not used for anything except registering netwatch use on the Internet. It creates a file in your home directory called ~/.netwatch.. If the file is already there, it does not call home. This means that it will call home only once for the program. It is not a true registration in the sense of obtaining a license (or anything like that). Info transmitted is very limited. The "ppp" interface is NOW supported (as of 0.9b). Simply specify netwatch -e ppp0 (or whatever ppp device you desire) Status Line is configurable via the "s" command... which cycles through the various status lines (13 in all) Status Line #1: Standard Netwatch Status line Status Line #2: NetBus Attack Warning Status Line #3: B.O. Attack Warning Status Line #4: Bad Mac Address display Status Line #5: Netresolv stats -> IP address to name conversion Status Line #6: Number of Hosts in List (Local and Remote) Status Line #7: RELOAD status (option via config file) Status Line #8: Base filename for stats logging (for reload and "l") Status Line #9: Netwatch Config filename Status Line #10: Log filename (for "p" command) Status Line #11: Device/Netmask/Local IP Status Line #12: Mail warning destination for Netbus & B.O. attacks Status Line #13: Debug line... unused in release The multiple command works with "s" so 10s repeats the s command 10 times NOTE: This repeat works with normal movement commands as well to go down in a list quickly etc... The ROUTER WATCH has been extended to include a character graphics router summary for the previous DAY (only a DAY worth stored). To obtain the graph... "w" for watch mode "r" for router stats "s" for router stats summary (a toggle..."s" again returns to normal stats) while in summary mode... there is a time option where stats are summarized (default is 60 min). To cycle through the legitimate times use the "d" command. The time should be updated to 60/30/15/1 minutes... The graph indicates the router throughput average over the summary time. The graph is automatically scaled using the maximum burst throughput as the maximum for the display. LEFT ARROW will allow you to move to the left in the graph to see previous values RIGHT ARROW will allow you to return to right in the graph. Arrow commands may be used with Numbers as well i.e. 10 will move to the left by 10 units Units in the graph are dependent on your time option. One unit in the 60 min. mode is 60 min. AUTHOR: G. MacKay E-MAIL: mackay@gmml.slctech.org INSTALLATION of SOURCE based package: 1.0 Unpack the ARCHIVE (which you have probably already done to read this) Try: tar -xzf netwatch.0.8f.src.tgz cd netwatch (move to the new directory with source) 2.0 Run the shell script ./configure This should generate a Makefile..... 3.0 Compile the program make netwatch (actually "make" by itself works) 4.0 If there are no errors, you can install the program make install (Warning... you must be root to install AND due to the nature of the program it is NO LONGER SET-UID root... you must have privileges to run it) NOTE: INSTALL DIRECTORY is /usr/local/bin Edit Makefile to change for your preference. (copying netwatch and netresolv to a directory in your SEARCH PATH will also work) INSTALLATION of BINARY based package: 1.0 Unpack the ARCHIVE (which you have probably already done to read this) Try: tar -xzf netwatch.0.8f.bin.tgz cd netwatch (move to the new directory with source) 2.0 Install the software make install (Warning... you must be root to install AND due to the nature of the program it is NO LONGER SET-UID root... you must have privileges to run it) NOTE: INSTALL DIRECTORY is /usr/local/bin Edit Makefile to change for your preference. (copying netwatch and netresolv to a directory in your SEARCH PATH will also work) Good luck... Gord. NOTE: A sample configuration file is available "netwatch.conf.eg" Place this in /root/.netwatch.conf and set as you will