DOCSLIB.ORG

Top Contenders

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Top Contenders Top Ten Tops I<M@<NJ Y\e`Z\#=fkfc`X N\g`Zbk_\kfgk\eKfgkffcj KFG:FEK<E;<IJ The famous Unix admin utility known as Top has many imitators. We take a look at some of the top Top tools. BY MARKUS FEILNER AND SASCHA SPREITZER eak loads, I/ O issues, and inex- The top tools in this category – with [2] to query information on the clients plicable system behavior pose one exception – all have one thing in connected to the X server. The XRes- Gproblems for administrators day common: They display the resources QueryClients, XResQueryClientResources, after day. Why is the database using so used by a service or a server in a syntax and XresQueryClientPixmapBytes func- much swap memory? Why is my laptop that is reminiscent of the legendary Unix tions provide the data from which battery discharging so quickly? The leg- Top utility. The rankings here are based Xrestop generates a Top-style view. acy command-line utility Top specializes on how useful the tool is for trouble- Xrestop was originally designed by the in problems like these. shooting. X.org community to help developers lo- Top was the first in a long line of self- cate memory or performance holes in refreshing resource monitoring tools. ('1Oi\jkfg the X server, but in the course of time, it Now numerous imitators vie for the ad- Xrestop [1] shows X11 users which X has gained popularity as a daily adminis- ministrator’s attention. With the help of client programs are using the most re- tration tool. Admins today often use a Linux Magazine jury, we tried out doz- sources, organizing the results neatly by Xrestop to locate undesirable resource ens of wannabe top performers, and now pixmap memory usage (Figure 1). The killers. Although you can locate a proudly present the top 10 Tops. tool relies on the X resource extension crashed or hanging X Window applica- DECEMBER 2008 ISSUE 97 45 045-049_toptools.indd 45 16.10.2008 16:50:02 Uhr I<M@<NJ Top Ten Tops cent versions of Ntop. According to Ntop developer Luca Deri, the next version of Ntop will include the far more compre- hensive Packet Shell (Pksh [4]). But until it is released, Ntop does not offer a com- mand-line client. Thus, despite its enormous feature set, the excellent web interface, and the scope of the information it collects, Ntop comes in at number nine. /18gXZ_\Kfg =`^li\(1Oi\jkfgj_fnjk_\g`odXgd\dfipljX^\]fik_\XZk`m\O((Xggc`ZXk`fej%K_\ ApacheTop [5] is a lean tool that offers jZi\\ej_fknXjkXb\en`k_BJeXgj_fk#n_`Z_\ogcX`ejn_pk_\BJeXgj_fkkffc`jfekfgf] information on current Apache web k_\c`jk% server access, the pages Apache serves up, the number of hits per second, and tion easily, you will need to use another The tool shows the admin details of many other statistics. The helper appli- tool to kill the culprit. Because Xrestop network connections on an interface, cation finds the necessary information in only helps you troubleshoot issues with sorting them by time, host, protocol, or Apache’s access_log files (Figure 3). X applications and does not offer much various other options. Clear RRD-based Some options change the appearance in the line of options, the tool just diagrams give administrators an at-a- of the queries: -q keeps the query strings scrapes into 10th place on the list. glance view of unusual goings on. used by, for example, PHP scripts, -l Although you don’t need to customize forces lower case, and -s number defines 01Ekfg Ntop before you start, the information it the number of numeric sections in the Ntop [3] is a popular instant monitoring collects is volatile and disappears com- URL. Finally, -r resolves host names to tool that gives the admin an overview of pletely if you restart. A workaround for their matching IPs. the network interface card, its through- this is to use Ntop with a database back A web administrator can use the com- put, and all of its connections. The mass end, although this solution will entail far mand line to tell ApacheTop how long to of information that Ntop collects and more configuration. keep statistics before refreshing and de- presents in its neat web interface guar- Until recently, Ntop also included the leting them. To do this, you can define a antees a top 10 spot for the 10-year-old Intop command-line tool, which displays number of hits (-H Hits) or specify a Ntop project. Figure 2 shows just some a continually updated Top-style view of value in seconds (-T seconds), as well as of the statistics that Ntop collects. the current network connections. The set the delay between two refreshes (-d Intop tool, however, is missing from re- seconds). Table 1: Ptop Shortcuts Q Shows the query for a PID entry. E The query plan for the PID. The PostgreSQL EXPLAIN and EX- PLAIN_ANALYZE functions are used for this (Figure 4). L Shows locks. R Shows statistics (Figure 5). X Shows index data. Table 2: Dnstop Shortcuts S Shows the query source. D The target; that is, the DNS server used. T Shows a list of DNS query types sent by the machine. O The opcodes. Under normal cir- cumstances you will only see query-type lines here. 1, 2, 3 Allows the administrator to ex- tend the view in the server list to top-level, second-level, and third-level domain names, re- spectively. Ctrl+R Resets the counter. =`^li\)18kn_Xkk`d\`jk_\MGEj\im\iYlj`\jk6EkfgXejn\ijk_`jhl\jk`feXe[dfi\n`k_ Ctrl+X Quits the program. `kje\Xkn\Y`ek\i]XZ\% 46 ISSUE 97 DECEMBER 2008 045-049_toptools.indd 46 16.10.2008 16:50:03 Uhr Top Ten Tops I<M@<NJ but with a complete third-level domain name (Figure 6). If you use Dnstop on a router, you can also detect undesirable DNS tunnels. A client on a local network that exchanges a large volume of data via a DNS server will be exposed quickly. ,1@]kfg Snapshots and a traffic overview for all active network connections are Iftop’s [9] specialty. Just like Top, it sorts con- nections by activity and offers a jam- =`^li\*18n\Yj\im\ile[\i`em\jk`^Xk`feYp8gXZ_\Kfg18lj\i`jZlii\ekcpXZZ\jj`e^ packed action set while doing so (see Jhl`ii\cDX`c% Figure 7). Administrators can press H to view on- The tool loses a couple points because To launch Ptop, enter pg_top -d data- line help and configure the view. it is fairly ancient and has not been de- base -U database_user -W password. The Throughput is not only displayed as a veloped actively since 2005. Despite the command takes the user to an interac- figure, but also by a bar chart. Iftop ad- drawbacks, administrators who have in- tive shell, where a number of shortcuts justs the scale at the top of the screen to stalled Fam and Portmap on their web are available (Table 1). reflect the amount of bandwidth used. servers will find ApacheTop a practical Ptop is available for Linux, BSD, and Various options allow users to disable live analysis tool for Apache, with many Mac OS. For more screenshots and de- DNS name resolution, hide sources and applications in production use. tails, go to the website [7]. targets, and sort on various columns. At Unfortunately, the feature scope is re- the bottom edge of the display, you can stricted to command-line options, which -1;ejkfg see the average and accumulated values makes it hard for ApacheTop to keep Dnstop [8] uses the Pcap library to filter and sums for the Ethernet device sorted pace with some of its more feature-rich all the DNS queries on a computer’s net- by input and output. competitors. work interface and list them neatly. The The comprehensive filtering options dnstop network_device -t -s command are really exciting for network adminis- .1Gkfg gives you a list of DNS queries in a Top- trators and can be entered either in inter- Two database tools appear in the top 10. style, configurable view. Table 2 shows active mode (after entering iftop -f op- At seventh place is Ptop [6] (see Figure some Dnstop shortcuts. tions) or by pressing the F key. For exam- 4). Any administrator who has worked When you enter a question mark, ?, ple, -f icmp displays ICMP packages only. with PostgreSQL will be interested in Dnstop displays the integrated online The familiar Tcpdump style can be in- this tool because Ptop provides an over- help. At the same time, Dnstop offers verted by making a selection – for exam- view of all your database processes, at two combined views that give users sev- ple: not port ssh. the same time displaying information eral pieces of information at a glance. The -F option tells Iftop to automati- such as the SQL statements currently The @ entry lets you display the source cally filter out individual hosts, or com- being processed. But that’s not all: Ptop of the query along with the second-level plete networks, leaving only those that also gives you details of locks and statis- domain target-side, along with the vol- match the selected network mask: iftop tics for individual tables and indices ume and percentage of all DNS traffic. -F 192.168.0.0/24 is an example for a (Figure 5). The # option gives you the same results, local network. For more information on =`^li\+1Gkfg^`m\jpfl[\kX`cjf]cfZbjXe[jkXk`jk`Zj]fi`e[`m`[lXc =`^li\,1GkfgËjIfgk`fe^`m\jpfljkXk`jk`Zj#`eZcl[`e^[\kX`cjc`b\ kXYc\jXe[`e[`Z\j%Gkfgn`cc^`m\pflk_\hl\ipgcXe]fiXepZlii\ekcp k_\eldY\if]j\hl\ek`Xci\X[jXe[ni`k\j]ifdXe[kfk_\Gfjk$ XZk`m\hl\ip#gifm`[`e^pfljk`glcXk\<]fi<OGC8@E% ^i\JHCkXYc\% DECEMBER 2008 ISSUE 97 47 045-049_toptools.indd 47 16.10.2008 16:50:04 Uhr I<M@<NJ Top Ten Tops to discover the MySQL statement behind a selected thread.
Load more

Recommended publications
  • Monitoring Network Traffic Using Ntopng
    Monitoring Network Traffic using ntopng Luca Deri <[email protected]> © 2013 - ntop.org Outlook • What are the main activities of ntop.org ? • ntop’s view on network monitoring. • From ntop to ntopng. • ntopng architecture and design. • Using ntopng. • Advanced monitoring with ntopng. • Future roadmap items. "2 © 2013 - ntop.org About ntop.org [1/2] • Private company devoted to development of open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration. "3 © 2013 - ntop.org About ntop.org [2/2] • Our software is powering many commercial products... "4 © 2013 - ntop.org ntop Goals • Provide better, yet price effective, traffic monitoring solution by enabling users to have increased traffic visibility. • Go beyond standard metrics and increase traffic visibility by analysing key protocols in detail. • Provide users comprehensive and accurate traffic reports able to offer at a fraction of price what many commercial products do together. • Promote open-source software, while protecting selected IPRs. "5 © 2013 - ntop.org ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. "6 © 2013 - ntop.org Some History • In 1998, the original ntop has been created.
    [Show full text]
  • Ntopng User's Guide
    ! !!" ! ! ! ! ! ! ! ! ! ! ! ! ntopng User’s Guide" High-Speed Web-based Traffic Analysis and Flow Collection " ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Version 1.2" August 2014!" ! ! © 1998-14 - ntop.org" ntopng User’s Guide v.1.2 1.Table of Contents" ! 1. What’s New?"......................................................................................3" 2.It’s time for a completely new ntop."............................................................5" 3. Introduction"..............................................................................................6" 3.1. The main design principles"................................................................7" 3.2. What ntopng can do for me?"..............................................................7" 3.3. ntopng Architecture"..........................................................................9" 3.4. Download ntopng"............................................................................10" 4.Using ntopng"...........................................................................................11" 4.1. Compiling ntopng Source Code".......................................................11" 4.2. Installing a Binary ntopng"................................................................11" 4.3. ntopng Command Line Options".......................................................11" 4.4. ntopng on Windows".........................................................................16" 5. API Scripting Lua".....................................................................................18"
    [Show full text]
  • Getting the Most from Your Linux Cluster
    Linux Clusters Institute: Intro to Networking Bill Abbott Sysadmin – Office of Advanced Research Computing Rutgers University August 2019 1 Background Survey • Familiarity with… • Ethernet • InfiniBand /OmniPath • Fibre Channel • TCP/IP • Firewalls and DMZ • Switches and routers • Tools: • Basic: ip/ifconfig, netstat, ethtool, top • Advanced: tcpdump, iptraf-ng, ntop • Performance: iperf3, bbcp, iftop August 2019 2 What are We Trying to Accomplish? • Speed • Latency vs Bandwidth • Reliability • Accessibility • Public • Campus • Inside/outside • VPN • DMZ August 2019 3 TCP/IP Necessary Background Needed: • Public vs Private (RFC 1918) Addressing • 10.xx.xx.xx • 192.168.xx.xx • 172.16-31.xx.xx • Subnetting • Gateway(s) • DNS • IPv6 August 2019 4 A TCP/IP example You work at Company A. You have to contact Company B’s web department to acquire some data. • You have to call on the phone but don’t know the number, just the company name. • You call 411 and ask, and they give you the number. • You call that number and ask for extension 80. • The person who answers says hello, and you say hello. • The person tells you to call extension 443 instead. • The person who answers says hello, and you say hello. • You request the data, and the person reads it to you. • You both say goodbye. August 2019 5 Ethernet vs InfiniBand (IB) and OmniPath (OPA) • Most clusters have both Ethernet and IB or OPA • Advantages and disadvantages of each • (Relatively) slow Ethernet for external access, file copying, etc. • IB and OPA for MPI • RDMA vs IP • Management (PXE,
    [Show full text]
  • Linux Pocket Guide.Pdf
    3rd Edition Linux Pocket Guide ESSENTIAL COMMANDS Daniel J. Barrett 3RD EDITION Linux Pocket Guide Daniel J. Barrett Linux Pocket Guide by Daniel J. Barrett Copyright © 2016 Daniel Barrett. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebasto‐ pol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promo‐ tional use. Online editions are also available for most titles (http://safaribook‐ sonline.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Editor: Nan Barber Production Editor: Nicholas Adams Copyeditor: Jasmine Kwityn Proofreader: Susan Moritz Indexer: Daniel Barrett Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Rebecca Demarest June 2016: Third Edition Revision History for the Third Edition 2016-05-27: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781491927571 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Linux Pocket Guide, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellec‐ tual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software
    Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software Luca Deri, NETikos S.p.A. not only in terms of volume but also in terms of type, as Abstract—Passive network monitoring is a complex these applications redefined the concept of client and server. activity that mainly consists in packet capturing and Usually a server is a host that provides a service to several classification. Unfortunately this architecture often cannot clients. In terms of IP traffic: be applied to gigabit networks, as the amount of data to • A client establishes one or more connections with a capture is too large for the monitoring applications. server, uses the server, and then closes the connections. This paper describes the challenges and lessons learnt by the author while monitoring networks at gigabit speeds and • Servers can exchange data with both clients and above. Finally, it describes an architecture able to servers, whereas clients talk only with servers. successfully monitor networks at high speeds using • Client to server connections are often asymmetrical commodity hardware and open source software. (e.g. in HTTP the client sends little data with respect to the server). Index Terms—Passive Network Monitoring, Packet Capture, NetFlow, sFlow. • Packets such as ICMP port unreachable or TCP packets with the RST flag set are relatively rare, and they are used to indicate that there is a problem somewhere. I. PASSIVE NETWORK MONITORING: STATE OF THE ART • Servers and applications usually listen on well-known ears ago, many computer specialists predicted the need ports. Yto have more bandwidth available because people were supposed to need it mostly for multimedia applications.
    [Show full text]
  • 20 Linux System Monitoring Tools Every Sysadmin Should Know
    20 Linux System Monitoring Tools Every SysAdmi... http://www.cyberciti.biz/tips/top-linux-monitoring-t... About Forum Howtos & FAQs Low graphics Shell Scripts RSS/Feed nixcraft - insight into linux admin work powered by Howtos: Linux / UNIX: Speed up SSH X11 Forwarding - Jan 05, 2011 20 Linux System Monitoring Tools Every SysAdmin Should Know by Vivek Gite on June 27, 2009 · 177 comments Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as: 1. Finding out bottlenecks. 2. Disk (storage) bottlenecks. 3. CPU and memory bottlenecks. 4. Network bottlenecks. #1: top - Process Activity Command The top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds. 1 of 45 01/13/2011 01:26 AM 20 Linux System Monitoring Tools Every SysAdmi... http://www.cyberciti.biz/tips/top-linux-monitoring-t... Fig.01: Linux top command Commonly Used Hot Keys The top command provides several useful hot keys: Hot Usage Key t Displays summary information off and on. m Displays memory information off and on. Sorts the display by top consumers of various system resources.
    [Show full text]
  • The Bioinformatics Lab Linux Proficiency Terminal-Based Text Editors Version Control Systems
    The Bioinformatics Lab Linux proficiency terminal-based text editors version control systems Jonas Reeb 30.04.2013 “What makes you proficient on the command line?” - General ideas I Use CLIs in the first place I Use each tool for what it does best I Chain tools for more complex tasks I Use power of shell for small scripting jobs I Automate repeating tasks I Knowledge of regular expression 1 / 22 Standard tools I man I ls/cd/mkdir/rm/touch/cp/mv/chmod/cat... I grep, sort, uniq I find I wget/curl I scp/ssh I top(/htop/iftop/iotop) I bg/fg 2 / 22 Input-Output RedirectionI By default three streams (“files”) open Name Descriptor stdin 0 stdout 1 stderr 2 Any program can check for its file descriptors’ redirection! (isatty) 3 / 22 Input-Output RedirectionII Output I M>f Redirect file descriptor M to file f, e.g. 1>f I Use >> for appending I &>f Redirect stdout and stderr to f I M>&N Redirect fd M to fd N Input I 0<f Read from file f 4 / 22 Pipes I Forward output of one program to input of another I Essential for Unix philosophy of specialized tools I grep -P -v "^>" *.fa | sort -u > seqs I Input and arguments are different things. Use xargs for arguments: ls *.fa | xargs rm 5 / 22 Scripting I Quick way to get basic programs running I Basic layout: #!/bin/bash if test"$1" then count=$1 else count=0 fi for i in {1..10} do echo $((i+count)) let"count +=1" done 6 / 22 Motivation - “What makes a good text editor” I Fast execution, little system load I Little bandwidth needed I Available for all (your) major platforms –> Familiar environment I Fully controllable via keyboard I Extensible and customizable I Auto-indent, Auto-complete, Syntax highlighting, Folding, ..
    [Show full text]
  • Network Traffic and Security Monitoring Using Ntopng and Influxdb
    Network Traffic and Security Monitoring Using ntopng and InfluxDB Luca Deri <[email protected]> @lucaderi © 2018 - ntop.org 1 Part I: Welcome to ntopng © 2018 - ntop.org 2 About Me • (1997) Founder of the ntop.org project with the purpose of creating a simple, and open source web-based traffic monitoring application. • Lecturer at the University of Pisa, Italy. • Author of various open source projects ◦n2n: peer-to-peer layer 2 VPN. ◦nDPI: deep-packet-inspection library. ◦PF_RING: high-speed packet capture and transmission. © 2018 - ntop.org 3 About ntop.org • ntop develops open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration (bro and suricata). © 2018 - ntop.org 4 ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. © 2018 - ntop.org 5 Motivation For Traffic Monitoring If you can’t measure it, you can’t improve it (Lord Kelvin, 1824 – 1907) If you can’t measure it, you can’t manage it (Peter Drucker, 1909 – 2005) © 2018 - ntop.org 6 What Happens in Our Network? • Do we have control over our network? • It’s not possible to imagine a healthy network without a clear understanding of traffic flowing on our network.
    [Show full text]
  • DDOS Detection and Denial Using Third Party Application in SDN
    International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS-2017) DDOS Detection and Denial using Third Party Application in SDN Roshni Mary Thomas Divya James Dept. of Information Technology Dept. of Information Technology Rajagiri School of Engineering & Technology Rajagiri School of Engineering & Technology Ernakulam, India Ernakulam, India [email protected] [email protected] Abstract— Software Defined Networking(SDN) is a developing introduced i.e, Software Defined Networking (SDN). Software area where network managers can manage the network behavior Defined Networking (SDN) is a developing area where it programmatically such as modify, control etc. Using this feature extract the limitations of traditional network which make we can empower, facilitate or e network related security networking more uncomplicated. In SDN we can develop or applications due to the its capacity to reprogram the data plane change the network functions or behavior program. To make at any time. DoS/DDoS attacks are attempt to make controller the decision where the traffic needs to send with the updated functions such as online services or web applications unavailable to clients by exhausting computing or memory resources of feature SDN decouple the network planes into two. servers using multiple attackers. A DDoS attacker could produce 1. Control Plane enormous flooding traffic in a short time to a server so that the 2. Data Plane services provided by the server get degraded. This will lose of In control plane we can add update or add new features customer support, brand trust etc. to improve the network programmatically also we can change To detect this DDoS attack we use a traffic monitoring method the traffic according to our decision and in updated traffic are iftop in the server as third party application and check the traffic applied in data plane.
    [Show full text]
  • High Performance Linux Shell Programming Reference 2015 Edition
    Extensive, example-based Linux shell programming reference includes an English-to-shell dictionary, a tutorial and handbook, and many tables of information useful to programmers. Besides listing more than 2000 shell one- liners, it explains the principles and techniques of how to increase performance (execution speed, reliability, and efficiency), which apply to many other programming languages beyond shell. High Performance Linux Shell Programming Reference 2015 Edition Order the complete book from Booklocker.com http://www.booklocker.com/p/books/7831.html?s=pdf or from your favorite neighborhood or online bookstore. Your free excerpt appears below. Enjoy! High Performance Linux Shell Programming Reference 2015 Edition High Performance Linux Shell Programming Reference, 2015 Edition Copyright © 2015 by Edward J. Smeltz ISBN 978-1-63263-401-6 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, recording or otherwise, without the prior written permission of the author. Printed on acid-free paper All information herein is believed to be accurate and correct, but the author and Booklocker.com, Inc assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained in this book. Manufacturers and sellers often use specific designations for their products to distinguish them in the marketplace. Where such designations appear in this book, and E. J. Smeltz was aware of a trademark claim, the designations have been printed in all caps or in initial caps. All trademarks are the property of their respective owners.
    [Show full text]
  • Flexible Internet Router for Linux
    fli4l – flexible internet router for linux Version 3.10.18 The fli4l-Team email: [email protected] September 15, 2019 Contents 1. Documentation of the base package 10 1.1. Introduction...................................... 10 2. Setup and Configuration 13 2.1. Unpacking the archives................................ 13 2.2. Configuration..................................... 14 2.2.1. Editing the configuration files........................ 14 2.2.2. Configuration via a special configuration file................ 15 2.2.3. Variables................................... 15 2.3. Setup flavours..................................... 15 2.3.1. Router on a USB-Stick............................ 16 2.3.2. Router on a CD, or network boot...................... 16 2.3.3. Type A: Router on hard disk—only one FAT partition.......... 16 2.3.4. Type B: Router on hard disk—one FAT and one ext3 partition..... 16 3. Base configuration 18 3.1. Example file...................................... 19 3.2. General settings.................................... 25 3.3. Console settings.................................... 30 3.4. Hints To Identify Problems And Errors...................... 31 3.5. Usage of a customized /etc/inittab......................... 32 3.6. Localized keyboard layouts............................. 32 3.7. Ethernet network adapter drivers.......................... 33 3.8. Networks....................................... 42 3.9. Additional routes (optional)............................. 44 3.10. The Packet Filter................................... 44 3.10.1. Packet Filter
    [Show full text]
  • Network Troubleshooting Using Ntopng Luca Deri <[email protected]>
    Network Troubleshooting Using ntopng Luca Deri <[email protected]> Outlook • Part 1: Introduction to ntopng ◦ntopng architecture and design. ◦ntopng as a flow collector. ◦Exploring system activities using ntopng. • Part 2: ntopng+Wireshark Monitoring Use Cases ◦Using ntopng. ◦ntopng and Wireshark. ◦Advanced monitoring with ntopng. ◦Future roadmap items. 2 SharkFest 2015 - Computer History Museum June 22-15, 2015 About ntop.org • ntop develops open source network traffic monitoring applications. • ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. • Today our products range from traffic monitoring, to high-speed packet processing, deep-packet inspection, and IDS/IPS acceleration (snort, Bro and suricata). 3 SharkFest 2015 - Computer History Museum June 22-15, 2015 ntop’s Approach to Traffic Monitoring • Ability to capture, process and (optionally) transmit traffic at line rate, any packet size. • Leverage on modern multi-core/NUMA architectures in order to promote scalability. • Use commodity hardware for producing affordable, long-living (no vendor lock), scalable (use new hardware by the time it is becoming available) monitoring solutions. • Use open-source to spread the software, and let the community test it on unchartered places. 4 SharkFest 2015 - Computer History Museum June 22-15, 2015 Some History • In 1998, the original ntop has been created. • It was a C-based app embedding a web server able to capture traffic and analyse it. • Contrary to many tools available at that time, ntop used a web GUI to report traffic activities. • It is available for Unix and Windows under GPL. 5 SharkFest 2015 - Computer History Museum June 22-15, 2015 ntop Architecture Cisco NetFlow HTTP/HTTPS RRD InMon sFlow 6 SharkFest 2015 - Computer History Museum June 22-15, 2015 Why was ntop obsolete? • Its original LAN-oriented design prevented ntop from handling more than a few hundred Mbit.
    [Show full text]