Network Working Group                                           R. Enger
Request for Comments: 1470                                           ANS
FYI: 2                                                       J. Reynolds
Obsoletes: 1147                                                      ISI
                                                                 Editors
                                                               June 1993
Page 1

FYI on a Network Management Tool Catalog:

Tools for Monitoring and Debugging TCP/IP Internets

and Interconnected Devices

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.

Abstract

The goal of this FYI memo is to provide an update to FYI 2, RFC 1147 [1], which provided practical information to site administrators and network managers. New and/or updated tools are listed in this RFC. Additonal descriptions are welcome, and should be sent to: noctools- entries@merit.edu.

Introduction

A static document cannot incorporate references to the latest tools nor recent revisions to the older catalog entries. To provide a more timely and responsive information source, the NOCtools catalog is available on-line via the Internet and Usenet.

      news    comp.networks.noctools
      ftp     wuarchive.wustl.edu:/doc/noctools

Because of publication delays and other factors, some of the entries in this catalog may be out of date. The reader is urged to consult the on-line service to obtain the most up-to-date information.

The index provided in this document reflects the current contents of the on-line documentation.

The NOCtools2 Working Group of the Internet Engineering Task Force (IETF) has compiled this revised catalog. Future revisions will be incorporated into the on-line NOCtools catalog. The reader is encouraged to submit new or revised entries for (near-immediate) electronic publication.


Page 2

The tools described in this catalog are in no way endorsed by the IETF. For the most part, we have neither evaluated the tools in this catalog, nor validated their descriptions. Most of the descriptions of commercial tools have been provided by vendors. Caveat Emptor.

Acknowledgements

This catalog is the result of work on the part of the NOCTools2 Working Group of the User Services Area of the IETF. The following individuals made especially notable contributions: Chris Myers, Darren Kinley, Gary Malkin, Mohamed Ellozy, and Mike Patton.

Current Postings

The current contents of the NOCtools catalog may be retrieved via anonymous FTP from wuarchive.wustl.edu. The entries are stored as individual files in the directory /doc/noctools.

"No-Writeups" Appendix

This section contains references to tools which are known to exist, but which have not been fully cataloged. If anyone wishes to author an entry for one of these tools please contact us at:

noctools-request@merit.edu

Keep in mind that if these or other tools are included in the future, they will be available in the on-line version of the catalog.

Each mention is separated by a <form-feed> for improved readability. If you intend to actually print-out this section of the catalog, then you should probably strip-out the <ff>.

How to Submit/Update an Entry

1) review the template included below to determine what information you will need to collect,
2) review the keywords to see what your indexing options are, 3) assemble (update) catalog entry to include results of 1) and 2).
4) Submit your entry using either of the following two methods:

a) Post your submission to: comp.internet.noctools.submissions b) Email your submission to: noctools-entries@merit.edu

New entries will be circulated automatically upon reception. As time permits, the NOCtools editors will review recent submissions and incorporate them into the master indexes. Enquiries regarding the


Page 3

status of a submission should be E-Mailed to:

noctools-request@merit.edu

Those submitting an entry to the catalog should insure that any E- mail addresses provided are correct and functional. Either the catalog editors or prospective users of your tool may wish to reach you.


Page 4

TEMPLATE

NAME

           <tool-name>

KEYWORDS
[<keyword-A1>[,<keyword-A2>[,...,<keyword-An>]]]; [<keyword-B1>[,<keyword-B2>[,...,<keyword-Bn>]]]; [<keyword-C1>[,<keyword-C2>[,...,<keyword-Cn>]]]; [<keyword-D1>[,<keyword-D2>[,...,<keyword-Dn>]]]; [<keyword-E1>[,<keyword-E2>[,...,<keyword-En>]]].

ABSTRACT

           <summary of the tool>
           <summary of the tool>
           <summary of the tool>

MECHANISM

           <high level technical details of how it works>
           <high level technical details of how it works>
           <high level technical details of how it works>

CAVEATS

           <any warnings or cautions>
           <any warnings or cautions>
           <any warnings or cautions>

BUGS

           <any warnings or cautions>
           <any warnings or cautions>
           <any warnings or cautions>

LIMITATIONS

           <any warnings or cautions>
           <any warnings or cautions>
           <any warnings or cautions>

HARDWARE REQUIRED

           <list any hardware requirements>
           <list any hardware requirements>
           <list any hardware requirements>


Page 5

   SOFTWARE REQUIRED
           <list any software requirements>
           <list any software requirements>
           <list any software requirements>

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL

           <How to acquire the tool.>
           <Location/Contact Info to access/obtain tool>

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY

           <Contact info for person responsible for catalog entry>

DATE OF MOST RECENT UPDATE TO THIS CATALOG ENTRY

           <YYMMDD>

Keywords

This catalog uses "keywords" for terse characterizations of the tools. Keywords are abbreviated attributes of a tool or its use. To allow cross-comparison of tools, uniform keyword definitions have been developed, and are given below. Following the definitions, there is an index of catalog entries by keyword.

Keyword Definitions

The keywords are always listed in a prefined order, sorted first by the general category into which they fall, and then alphabetically. The categories that have been defined for management tool keywords are:

  • the general management area to which a tool relates or a tool's functional role;

  • the network resources or components that are managed;

  • the mechanisms or methods a tool uses to perform its functions;

  • the operating system and hardware environment of a tool; and

  • the characteristics of a tool as a hardware product or software release.


Page 6

The keywords used to describe the general management area or functional role of a tool are:

Alarm
a reporting/logging tool that can trigger on specific events within a network.

Analyzer
a traffic monitor that reconstructs and interprets pro- tocol messages that span several packets.

Benchmark
a tool used to evaluate the performance of network com- ponents.

Control
a tool that can change the state or status of a remote network resource.

Debugger
a tool that by generating arbitrary packets and moni- toring traffic, can drive a remote network component to various states and record its responses.

Generator
a traffic generation tool.

Manager
a distributed network management system or system com- ponent.

Map
a tool that can discover and report a system's topology or configuration.

Reference
a tool for documenting MIB structure or system confi- guration.

Routing
a packet route discovery tool.

Security
a tool for analyzing or reducing threats to security.

Status
a tool that remotely tracks the status of network com- ponents.


Page 7

Traffic
a tool that monitors packet flow.

The keywords used to identify the network resources or components that a tool manages are:

Bridge
a tool for controlling or monitoring LAN bridges.

CHAOS
a tool for controlling or monitoring implementations of the CHAOS protocol suite or network components that use it.

DECnet
a tool for controlling or monitoring implementations of the DECnet protocol suite or network components that use it.

DNS
a Domain Name System debugging tool.

Ethernet
a tool for controlling or monitoring network components on ethernet LANs.

FDDI
a tool for controlling or monitoring network components on FDDI LANs or WANs.

IP
a tool for controlling or monitoring implementations of the TCP/IP protocol suite or network components that use it.

OSI
a tool for controlling or monitoring implementations of the OSI protocol suite or network components that use it.

NFS
a Network File System debugging tool.

Ring
a tool for controlling or monitoring network components on Token Ring LANs.


Page 8

SMTP
an SMTP debugging tool.

Star
a tool for controlling or monitoring network components on StarLANs.

The keywords used to describe a tool's mechanism are:

CMIS
a network management system or component based on CMIS/CMIP, the Common Management Information System and Protocol.

Curses
a tool that uses the "curses" tty interface package.

Eavesdrop
a tool that silently monitors communications media (e.g., by putting an ethernet interface into "promiscu- ous" mode).

NMS
the tool is a component of or queries a Network Manage- ment System.

Ping
a tool that sends packet probes such as ICMP echo mes- sages; to help distinguish tools, we do not consider NMS queries or protocol spoofing (see below) as probes.

Proprietary
a distributed tool that uses proprietary communications techniques to link its components.

RMON
a tool which employs the RMON extensions to SNMP.

SNMP
a network management system or component based on SNMP, the Simple Network Management Protocol.

Spoof
a tool that tests operation of remote protocol modules by peer-level message exchange.

X
a tool that uses X-Windows.


Page 9

The keywords used to describe a tool's operating environment are:

DOS
a tool that runs under MS-DOS.

HP
a tool that runs on Hewlett-Packard systems.

Macintosh
a tool that runs on Macintosh personal computers.

OS/2
a tool that runs under the OS/2 operating system.

Standalone
an integrated hardware/software tool that requires only a network interface for operation.
Sun
a tool that runs on Sun Microsystems platforms. (binary distribution built for use on a Sun.)

UNIX
a tool that runs under 4.xBSD UNIX or related OS.

VMS
a tool that runs under DEC's VMS operating system.

The keywords used to describe a tool's characteristics as a hardware or software acquisition are:

Free
a tool is available at no charge, though other restric- tions may apply (tools that are part of an OS distribu- tion but not otherwise available are not listed as "free").

Library
a tool packaged with either an Application Programming Interface (API) or object-level subroutines that may be loaded with programs.

Sourcelib
a collection of source code (subroutines) upon which developers may construct other tools.


Page 10

Tools Indexed by Keywords

Following is an index of the most up-to-date catalog entries sorted by keyword, which is available via:

      news    comp.networks.noctools.tools
      ftp     wuarchive.wustl.edu:/doc/noctool

This index can be used to locate the tools with a particular attribute: tools are listed under each keyword that characterizes them. The keywords and the subordinate lists of tools under them are in alphabetical order.

Alarm

   -----
   CMIP Library
   Dual Manager
   Eagle
   EMANATE
   EtherMeter
   LanProbe
   LANWatch
   MONET
   NetMetrix Load Monitor
   NetMetrix Protocol Analyzer
   NETMON for Windows
   NETscout
   NOCOL
   SNMP Libraries and Utilities from Empire Technologies
   SNMP Libraries and Utilities from SNMP Research
   snmpd from Empire Technologies
   SpiderMonitor
   XNETMON from SNMP Research
   xnetmon from Wellfleet

Analyzer

   --------
   LANVista
   LANWatch
   NetMetrix Protocol Analyzer
   NETscout
   PacketView
   Sniffer
   SpiderMonitor


Page 11

Benchmark

   ---------
   hammer & anvil
   iozone
   LADDIS
   LANVista
   nhfsstone
   SPIMS
   spray
   ttcp
   XNETMON from SNMP Research

CMIS

   ----
   CMIP library
   Generic Managed System
   MIB Browser

Control

   -------
   CMIP Library
   Dual Manager
   Eagle
   MIB Manager from Empire Technologies
   MONET
   NETMON for Windows
   proxyd
   SNMP Libraries and Utilities from Empire Technologies
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System
   snmpd from Empire Technologies
   TokenVIEW
   XNETMON from SNMP Research

Debugger

   --------
   Ethernet Box II
   LANVista
   NetMetrix Traffic Generator
   ping from UCB
   SPIMS
   XNETMON from SNMP Research

Generator

   ---------
   hammer & anvil
   LADDIS
   LANVista


Page 12

NetMetrix Traffic Generator
nhfsstone
ping
ping from UCB
Sniffer
SpiderMonitor
spray
TTCP

Manager

   -------
   Beholder
   CMIP Library
   CMU SNMP Distribution
   decaddrs by Wellfleet
   Dual Manager
   EMANATE
   Ethernet Box II
   getone by Wellfleet
   Interactive Network Map
   LanProbe
   LANVista
   MIB Manager from Empire Technologies
   MONET
   NetLabs CMOT Agent
   NetLabs SNMP Agent
   NETMON for Windows
   NETscout
   NNStat
   NOCOL
   OverVIEW
   SAS/CPE for Open Systems Software
   SNMP Development Kit
   SNMP Libraries and Utilities from Empire Technologies
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System
   snmpd from Empire Technologies
   tokenview
   Tricklet
   Wollongong-Manager
   XNETMON from SNMP Research
   XNETMON from Wellfleet
   xnetperfmon

Map

   ---
   decaddrs by Wellfleet
   Dual Manager


Page 13

etherhostprobe
EtherMeter
Interactive Network Map
LanProbe
NETMON for Windows
Network Integrator I
NPRV
SNMP Libraries and Utilities from SNMP Research
XNETMON by SNMP Research
XNETMON by Wellfleet

Reference

   ---------
   EMANATE
   ethernet-codes
   HyperMIB
   MIB Manager from Empire Technologies
   XNETMON

Routing

   -------
   arp
   decaddrs by Wellfleet
   etherhostprobe
   getone by Wellfleet
   hopcheck
   MONET
   net_monitor
   NETMON for Windows
   netstat
   NPRV
   ping from UCB
   query
   traceroute

Security

   --------
   Computer Security Checklist
   Dual Manager
   Eagle
   EMANATE
   LAN Patrol
   SNMP Libraries and Utilities from SNMP Research
   XNETMON by SNMP Research
   xnetperfmon


Page 14

Status

   ------
   Beholder
   CMIP Library
   CMU SNMP
   DiG
   dnsstats
   doc
   Dual Manager
   EMANATE
   fping
   getone by Wellfleet
   host
   Internet Rover
   lamers
   LanProbe
   mconnect
   MONET
   net_monitor
   Netlabs CMOT Agent
   Netlabs SNMP Agent
   NETscout
   NNStat
   NOCOL
   NPRV
   OverVIEW
   ping
   ping from UCB
   proxyd from SNMP Research
   SAS/CPE
   SNMP Development Kit
   SNMP Libraries and Utilities from Empire Technologies
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System
   PSI SNMP
   snmpd from Empire Technologies
   snmpd from SNMP Research
   TokenVIEW
   Tricklet
   vrfy
   XNETMON by SNMP Research
   xnetmon by Wellfleet
   xnetperfmon
   xup


Page 15

Traffic

   -------
   etherfind
   EtherMeter
   Ethernet Box II
   EtherView
   getethers
   LAN Patrol
   LanProbe
   LANVista
   LANWatch
   ENTM
   MONET
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   NETMON by Mitre
   NETscout
   netwatch
   Network Integrator I
   nfswatch
   nhfsstone
   NNStat
   ositrace
   PacketView
   Sniffer
   SpiderMonitor
   spray
   tcpdump
   tcplogger
   trpt
   ttcp
   XNETMON by SNMP Research

Bridge

   ------
   decaddrs by Wellfleet
   EMANATE
   MIB Manager from Empire Technologies
   MONET
   proxyd by SNMP Research
   SAS/CPE
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System
   snmpd from SNMP Research
   XNETMON from SNMP Research


Page 16

CHAOS

   -----
   Interactive Network Map
   LANWatch

DECnet

   ------
   decaddrs by Wellfleet
   LANVista
   LANWatch
   MONET
   net_monitor
   NetMetrix Protocol Analyzer
   NETMON for Windows
   NETscout
   Sniffer
   SNMP Libraries and Utilities from SNMP Research
   SpiderMonitor
   XNETMON from SNMP Research
   xnetperfmon from SNMP Research

DNS

   ---
   DiG
   dnsstats
   doc
   lamers
   LANWatch
   NetMetrix Protocol Analyzer
   NOCOL

Ethernet

   --------
   arp
   Beholder
   Eagle
   EMANATE
   etherfind
   etherhostprobe
   EtherMeter
   Ethernet Box II
   ethernet-codes
   EtherView
   getethers
   LAN Patrol
   LanProbe
   LANVista
   LANWatch


Page 17

ENTM
Interactive Network Map
MONET
NetMetrix Load Monitor
NetMetrix NFS Monitor
NetMetrix Protocol Analyzer
NetMetrix Traffic Generator
NETMON for Windows
NETscout
netwatch
Network Integrator I
nfswatch
NNStat
PacketView
proxyd from SNMP Research
SAS/CPE
Sniffer
SNMP Libraries and Utilities from SNMP Research
SNMP Packaged Agent System from SNMP Research
snmpd from SNMP Research
SpiderMonitor
tcpdump
XNETMON from SNMP Research
xnetperfmon from SNMP Research

FDDI

   ----
   EMANATE
   ethernet-codes
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   nfswatch
   SAS/CPE
   SNMP Libraries and utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research
   XNETMON from SNMP Research

IP

   --
   arp
   CMU SNMP
   Dual Manager
   Eagle
   EMANATE
   etherfind


Page 18

etherhostprobe
EtherView
fping
getone from Wellfleet
hammer & anvil
hopcheck
Internet Rover
LanProbe
LANVista
LANWatch
ENTM
Interactive Network Map
MIB Manager from Empire Technologies
MONET
net_monitor
Netlabs CMOT Agent
Netlabs SNMP Agent
NetMetrix Load Monitor
NetMetrix Protocol Analyzer
NetMetrix Traffic Generator
NETMON by Mitre
NETMON for Windows
NETscout
netstat
netwatch
nfswatch
nhfsstone
NNStat
NOCOL
NPRV
OverVIEW
PacketView
ping
ping from UCB
proxyd from SNMP Research
query
SAS/CPE
SNMP Development Kit
SNMP Libraries and Utilities from SNMP Research
SNMP Packaged Agent System from SNMP Research
PSI SNMP
snmpd from Empire Technologies
snmpd from SNMP Research
PSI SNMP
SpiderMonitor
SPIMS
spray
tcpdump


Page 19

tcplogger
traceroute
trpt
ttcp
XNETMON from SNMP Research
xnetmon from Wellfleet
xnetperfmon from SNMP Research

OSI

   ---
   CMIP Library
   Dual Manager
   EMANATE
   LANVista
   LANWatch
   Netlabs CMOT Agent
   NetMetrix Protocol Analyzer
   NETMON for Windows
   NETscout
   NOCOL
   ositrace
   proxyd from SNMP Research
   SAS/CPE
   Sniffer
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research
   SpiderMonitor
   SPIMS
   XNETMON from SNMP Research
   xnetperfmon from SNMP Research

NFS

   ---
   etherfind
   EtherView
   iozone
   LADDIS
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NETscout
   nfswatch
   nhfsstone
   Sniffer
   tcpdump


Page 20

Ring

   ----
   Eagle
   EMANATE
   Interactive Network Map
   LANVista
   LANWatch
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   NETMON by Mitre
   NETMON for Windows
   NETscout
   netwatch
   PacketView
   proxyd from SNMP Research
   Sniffer
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research
   TokenVIEW
   XNETMON from SNMP Research
   xnetperfmon from SNMP Research

SMTP

   ----
   host
   Internet Rover
   LANWatch
   mconnect
   NetMetrix Protocol Analyzer
   Sniffer
   vrfy

Star

   ----
   EMANATE
   Interactive Network Map
   LAN Patrol
   LANWatch
   NETMON for Windows
   NETscout
   proxyd from SNMP Research
   Sniffer
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research


Page 21

XNETMON from SNMP Research
xnetperfmon from SNMP Research

Curses

   ------
   Eagle
   Internet Rover
   net_monitor
   nfswatch
   NOCOL
   PSI SNMP

Eavesdrop

   ---------
   etherfind
   Ethernet Box II
   EtherView
   LAN Patrol
   LANVista
   LANWatch
   ENTM
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetNetrix Traffic Generator
   NETMON from Mitre
   NETscout
   netwatch
   nfswatch
   NNStat
   OSITRACE
   PacketView
   Sniffer
   SpiderMonitor
   tcplogger
   trpt

NMS

   ---
   CMU SNMP
   decaddrs from Wellfleet
   Dual Manager
   EMANATE
   EtherMeter
   Ethernet Box II
   getone from Wellfleet
   Interactive Network Map
   MONET


Page 22

Netlabs CMOT Agent
Netlabs SNMP Agent
NETMON for Windows
NETscout
NNStat
NOCOL
OverVIEW
proxyd from SNMP Research
SNMP Development Kit
SNMP Libraries and Utilities from SNMP Research
SNMP Packaged Agent System from SNMP Research
PSI SNMP
snmpd from Empire Technologies
snmpd from SNMP Research
TokenVIEW
XNETMON from SNMP Research
xnetmon from Wellfleet
xnetperfmon from SNMP Research

Ping

   ----
   etherhostprobe
   fping
   getethers
   hopcheck
   Interactive Network Map
   Internet Rover
   LANWatch
   net_monitor
   NOCOL
   NPRV
   ping
   ping from UCB
   spray
   traceroute
   ttcp
   XNETMON from SNMP Research
   xup

Proprietary

   -----------
   Eagle
   EtherMeter
   Ethernet Box II
   LanProbe
   LANVista
   TokenVIEW


Page 23

RMON

   ----
   Beholder

SNMP

   ----
   Beholder
   CMU SNMP
   decaddrs from Wellfleet
   Dual Manager
   EMANATE
   getone from Wellfleet
   Interactive Network Map
   MIB Manager from Empire Technologies
   MONET
   Netlabs SNMP Agent
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   NETMON for Windows
   NETscout
   NOCOL
   OverVIEW
   proxyd from SNMP Research
   SNMP Development Kit
   SNMP Libraries and utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   PSI SNMP
   snmpd from Empire Technologies
   snmpd from SNMP Research
   Wollongong-Manager
   XNETMON from SNMP Research
   xnetmon from Wellfleet
   xnetperfmon from SNMP Research

Spoof

   -----
   DiG
   doc
   Internet Rover
   host
   LADDIS
   mconnect
   nhfsstone
   NOCOL
   query
   SPIMS


Page 24

vrfy

X

   -
   Dual Manager
   Interactive Network Map
   MIB Manager from Empire Technologies
   NetMetrix Load Monitor
   NetMetrix NFS Monitor
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   SAS/CPE
   PSI SNMP
   XNETMON from SNMP Research
   xnetperfmon from SNMP Research
   xup

DEC

   ---
   Wollongong-Manager

DOS

   ---
   Computer Security Checklist
   Ethernet Box II
   hammer & anvil
   hopcheck
   iozone
   LAN Patrol
   LANVista
   netmon
   NETMON for Windows
   netwatch
   OverVIEW
   PacketView
   ping
   SAS/CPE
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research
   TokenVIEW
   Wollongong-Manager
   xnetperfmon from SNMP Research


Page 25

HP

   --
   iozone
   SAS/CPE
   xup

Macintosh

   ---------
   HyperMIB

OS/2

   ----
   Beholder
   Tricklet

Standalone

   ----------
   LANVista
   Sniffer
   SNMP Packaged Agent System from SNMP Research
   SpiderMonitor

Sun

   ---
   Avatar SunSNMPD
   Wollongong Manager

UNIX

   ----
   arp
   CMIP Library
   CMU SNMP
   decaddrs from Wellfleet
   DiG
   doc
   dnsstats
   Eagle
   etherfind
   etherhostprobe
   EtherView
   fping
   getethers
   getone from Wellfleet
   host
   Interactive Network Map
   Internet Rover
   iozone
   LADDIS


Page 26

lamers
mconnect
MIB Manager from Empire Technologies
MONET
net_monitor
Dual Manager
NetMetrix Load Monitor
NetMetrix NFS Monitor
NetMetrix Protocol Analyzer
NetMetrix Traffic Generator
NETMON from Mitre
NETscout
netstat
Network Integrator I
nfswatch
nhfsstone
NNStat
NOCOL
OSITRACE
ping
ping from UCB
proxyd from SNMP Research
query
SAS/CPE
SNMP Development Kit
SNMP Libraries and Utilities from Empire Technologies
SNMP Libraries and Utilities from SNMP Research
SNMP Packaged Agent System from SNMP Research
PSI SNMP
snmpd from Empire Technologies
snmpd from SNMP Research
SPIMS
spray
tcpdump
tcplogger
traceroute
Tricklet
trpt
ttcp
vrfy
XNETMON from SNMP Research
xnetmon from Wellfleet
xnetperfmon from SNMP Research

VMS

   ---
   arp
   ENTM


Page 27

fping
net_monitor
netstat
NPRV
ping
SNMP Libraries and Utilities from SNMP Research
tcpdump
traceroute
ttcp
xnetperfmon from SNMP Research

Free

   ----
   arp
   Beholder
   CMIP Library
   CMU SNMP Distribution
   DiG
   dnsstats
   doc
   ENTM
   fping
   getethers
   hammer & anvil
   hopcheck
   host
   Interactive Network Map
   Internet Rover
   iozone
   lamers
   net_monitor
   netmon from Mitre
   netstat
   netwatch
   nfswatch
   nhfsstone
   NNStat
   NOCOL
   NPRV
   OSITRACE
   PING
   ping from UCB
   query
   SNMP Development Kit
   tcpdump
   tcplogger
   traceroute
   Tricklet


Page 28

trpt
ttcp
vrfy

Library

   -------
   CMIP Library
   CMU SNMP
   Dual Manager
   NetMetrix Protocol Analyzer
   NetMetrix Traffic Generator
   proxyd from SNMP Research
   SAS/CPE

Sourcelib

   ---------
   Beholder
   CMIP Library
   CMU SNMP
   EMANATE
   HyperMIB
   Interactive Network Map
   Internet Rover
   LANWatch
   MIB Manager from Empire Technologies
   net_monitor
   NETMON for Windows
   NOCOL
   proxyd from SNMP Research
   SNMP Development Kit
   SNMP Libraries and Utilities from Empire Technologies
   SNMP Libraries and Utilities from SNMP Research
   SNMP Packaged Agent System from SNMP Research
   snmpd from SNMP Research
   SpiderMonitor
   Tricklet
   XNETMON from SNMP Research
   xnetperfmon from SNMP Research

Tool Descriptions

This section is an updated collection of brief descriptions of tools for managing TCP/IP internets. These entries are in alphabetical order, by tool name.

The entries all follow a standard format. Immediately after the NAME of a tool are its associated KEYWORDS. Keywords are terse descriptions of the purposes or attributes of a tool. A more


Page 29

detailed description of a tool's purpose and characteristics is given in the ABSTRACT section. The MECHANISM section describes how a tool works. In CAVEATS, warnings about tool use are given. In BUGS, known bugs or bug-report procedures are given. LIMITATIONS describes the boundaries of a tool's capabilities. HARDWARE REQUIRED and SOFTWARE REQUIRED relate the operational environment a tool needs. Finally, in AVAILABILITY, pointers to vendors, online repositories, or other sources for a tool are given.

Where tool names conflict, the vendor name is used as well. For example, MITRE, and SNMP Research each submitted an updated description of a tool called, "NETMON". These tools were independently developed, are functionally different, and run in different environments. MITRE's tool is listed as "NETMON_MITRE," and the tool from SNMP Research as "NETMON_WINDOWS_SNMP_RESEARCH".


Page 30

        Internet Tool Catalog                                    ARP

NAME
arp

KEYWORDS
routing; ethernet, IP;; UNIX, VMS; free.

ABSTRACT
Arp displays and can modify the internet-to-ethernet address translations tables used by ARP, the address resolution protocol.

MECHANISM
The arp program accesses operating system memory to read the ARP data structures.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Only the super user can modify ARP entries.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL

Available via anonymous FTP from uunet.uu.net, in directory bsd-sources/src/etc. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP and Process Software Corporation's TCPware for VMS.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
This entry maintained by the NOCtools editors. Send email to noctools-request@merit.edu.


Page 31

          Internet Tool Catalog                    AVATAR-SNMP-TOOLKIT

NAME
SNMP Application Development Toolkit

KEYWORDS
manager;;SNMP;;sourcelib.

ABSTRACT
snmpapi is an api toolkit for developing SNMP applications and agents. The toolkit is simple and very fast that can be used for any type of
application. It is very well suited for embedded systems such as bridges or routers. An example MIB II agent for Sun Sparcstations is provided. snmpapi is distributed in source form only.

MECHANISM
snmpapi is a library of C functions.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None.

HARDWARE REQUIRED
No restrictions.

AVAILABILITY
Available now. For more information, send e-mail to info@avatar.com.


Page 32

          Internet Tool Catalog                         AVATAR-SUNSNMPD

NAME
sunsnmpd

KEYWORDS
manager;;snmp;sun;.

ABSTRACT
sunsnmpd is a fully supported SNMP agent with MIB II support for Sun Sparscations running SunOS 4.1 or higher. sunsnmpd supports both SNMP GET and SET operations.

MECHANISM
sundnmpd is a daemon process which starts up at boot time from the rc.local file. It uses /dev/kmem to access kernel structures.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Must be started by a super user.

HARDWARE REQUIRED
Sun Sparcstations.

AVAILABILITY
Available now. Site licensing only. For more information, send e-mail to info@avatar.com.


Page 33

        Internet Tool Catalog                           ChameLAN-100

NAME
ChameLAN 100

KEYWORDS
analyzer, benchmark, debugger, generator, map, reference, status, traffic; bridge, DECnet, ethernet, FDDI, IP, OSI, NFS, ring; eavesdrop, SNMP, X; standalone, UNIX.

ABSTRACT

Tekelec's ChameLAN 100 is a portable diagnostic system for monitoring and simulation of FDDI, Ethernet and Token Ring networks -- simultaneously. Protocol analysis of multiple topologies, as well as mixed topoloies simultaneously, is a key feature of the product family. Tekelec's proprietary FDDI hardware guarantees complete real-time analysis of networks and network components at the full ring bandwidth of 125 Mbps. It passively connects to the network and captures 100 percent of the data, measures performance and isolates real-time problems.

The simulation option offers full bandwidth load generation that allows you to create and simulate any network condition. It gives you the ability to inject errors and misformed frames. A set of
confidence tests allow simple evaluation of new equipment. A ring map feature displays network topology and status of all nodes via the SMT process.

Monitoring of FDDI, Ethernet and Token Ring allows the user to: view network status in real time; view network, node, or node pair statistics; capture frames; control capture using trigger and filter capabilities; view real-time statistics; view captured frames in decoded format; and view the last frame transmitted by each station.

The following Real-Time Network Statistics of FDDI, Ethernet and Token Ring networks is displayed: frame rate, runts, byte rate, jabbers, CRC/align errors, and collisions.

Product developers can use the ChameLAN 100 to observe


Page 34

and control various events to help debug their FDDI, Ethernet and Token Ring products. End users can perform real-time monitoring to test and
diagnose problems that may occur when developing, installing or managing FDDI, Ethernet and Token Ring networks and network products. End users can use the ChameLAN 100 to aid in the installation and
maintenance of Ethernet and Token Ring networks. To isolate specific network trouble spots the ChameLAN 100 uses filtering and triggering techniques for data capture. Higher level protocol decode includes TCP/IP, OSI and DECnet protocol suites. Protocol decode of IPX, SNMP, XTP, and AppleTalk are also supported. Development of additional protocol decodes is also under development. The ChameLAN 100 family also offers a Protocol Management Development System (PMDS) that enables users to develop custom protocol decode suites.

The FDDI, Ethernet and Token Ring hardware interfaces feature independent processing power. Real-time data is monitored unobtrusively at full bandwidth without affecting network activity. Real-time data may also be saved to a 120MB or optional 200MB hard disk drive for later analysis. FDDI data is captured at 125 megabits per second (Mbps), Ethernet at 10 Mbps and Token Ring at 4 or 16 Mbps.

MECHANISM
This portable, standalone unit incorporates the power of UNIX, X-Windows and Motif. Its UNIX-based programming interface facilitates development of customized monitoring and simulation applications. The ChameLAN 100 may connect to the network at any location using standard equipment. Standard graphical Motif/X-Windows and TCP/IP allow remote control through Ethernet and 10Base T interfaces. Tekelec also offers a rackmounted model -- ChameLAN 100-X. Both models can be controlled via a Sun Workstation remotely.

CAVEATS
none.

BUGS
none known.


Page 35

LIMITATIONS
none reported.

        HARDWARE REQUIRED
                None.  The ChameLAN 100 is a self-contained unit, and
                includes its own interface cards.  It installs
                into a network with standard interface
                connectors.

SOFTWARE REQUIRED
None.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL The ChameLAN 100 product famil y is available commercially. For more information or a free demo, call or write:

1.800.tek.elec
Tekelec
26580 West Agoura Road
Calabasas, CA 91302

                Phone:          818.880.5656
                Fax:            818.880.6993

The ChameLAN 100 is listed on the GSA schedule.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Todd Koch
Public Relations Specialist
818.880.7718
Internet: todd.koch@tekelec.com


Page 36

          Internet Tool Catalog                               CMU_SNMP

NAME
The CMU SNMP Distribution

KEYWORDS
manager, status; IP; NMS, SNMP; UNIX; free, sourcelib.

ABSTRACT
The CMU SNMP Distribution includes source code for an SNMP agent, several SNMP client applications, an ASN.1 library, and supporting documentation.

The agent compiles into about 10 KB of 68000 code. The distribution includes a full agent that runs on a Kinetics FastPath2/3/4, and is built into the KIP appletalk/ethernet gateway. The machine independent portions of this agent also run on CMU's IBM PC/AT based router.

The applications are designed to be useful in the real world. Information is collected and presented in a useful format and is suitable for everyday status monitoring. Input and output are interpreted symbolically. The tools can be used without
referencing the RFCs.

MECHANISM
SNMP.

CAVEATS
None.

BUGS
None reported. Send bug reports to
sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you zero ell.")

LIMITATIONS
None reported.

HARDWARE REQUIRED
The KIP gateway agent runs on a Kinetics FastPath2/3/4. Otherwise, no restrictions.

SOFTWARE REQUIRED
The code was written with efficiency and portability in mind. The applications compile and run on the follow-


Page 37

ing systems: IBM PC/RT running ACIS Release 3, Sun3/50 running SUNOS 3.5, and the DEC microVax running Ultrix 2.2. They are expected to run on any system with a Berkeley socket interface.

AVAILABILITY
This distribution is copyrighted by CMU, but may be used and sold without permission. Consult the copy- right notices for further information. The distribu- tion is available by anonymous FTP from the host lancaster.andrew.cmu.edu (128.2.13.21) as the files pub/cmu-snmp.9.tar, and pub/kip-snmp.9.tar. The former includes the libraries and the applications, and the latter is the KIP SNMP agent.

Please direct questions, comments, and bug reports to sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you zero ell.") If you pick up this package, please send a note to the above address, so that you may be notified of future enhancements/changes and additions to the set of applications (several are planned).


Page 38

          Internet Tool Catalog            COMPUTER-SECURITY-CHECKLIST

NAME
Computer Security Checklist

KEYWORDS
security; DOS.

ABSTRACT
This program consists of 858 computer security ques- tions divided up in thirteen sections. The program presents the questions to the user and records their responses. After answering the questions in one of the thirteen sections, the user can generate a report from the questions and the user's answers. The thirteen sections are: telecommunications security, physical access security, personnel security, systems develop- ment security, security awareness and training prac- tices, organizational and management security, data and program security, processing and operations security, ergonomics and error prevention, environmental secu- rity, and backup and recovery security.

The questions are weighted as to their importance, and the report generator can sort the questions by weight. This way the most important issues can be tackled first.

MECHANISM
The questions are displayed on the screen and the user is prompted for a single keystroke reply. When the end of one of the thirteen sections is reached, the answers are written to a disk file. The question file and the answer file are merged to create the report file.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.


Page 39

          SOFTWARE REQUIRED
               DOS operating system.

AVAILABILITY
A commercial product available from:

C.D., Ltd.
P.O. Box 58363
Seattle, WA 98138
(206) 243-8700


Page 40

        Internet Tool Catalog                           CMIP-LIBRARY

NAME
CMIP Library

KEYWORDS
manager; osi; cmis; unix; free, sourcelib.

ABSTRACT

The CMIP Library implements the functionality of the Common Management Information Service/Protocol as in the full international standards (ISO 9595, ISO 9596) published in 1990. It is designed to work with the ISODE package and can act as a building block for the construction of CMIP-based agent and manager applications.

MECHANISM
The CMIP library uses ISO ROS, ACSE and ASN.1 presentation, as implemented in ISODE, to provide its service.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None known.

HARDWARE REQUIRED
Has been tested on SUN 3 and SUN 4 architectures.

SOFTWARE REQUIRED
The ISODE protocol suite, BSD UNIX.

AVAILABILITY
The CMIP library and related management tools built upon it, known as OSIMIS (OSI Management Information Service), are publicly available from University College London, England via FTP and FTAM. To obtain information regarding a copy send email to
osimis-request@cs.ucl.ac.uk or call +44 71 380 7366.


Page 41

          Internet Tool Catalog                            DECADDRS

NAME
decaddrs, decaroute, decnroute, xnsroutes, bridgetab

KEYWORDS
manager, map, routing; bridge, DECnet; NMS, SNMP; UNIX.

ABSTRACT
These commands display private MIB information from Wellfleet systems. They retrieve and format for display values of one or several MIB variables from the Wellfleet Communications private enterprise MIB, using the SNMP (RFC1098). In particular these tools are used to examine the non-IP modules (DECnet, XNS, and Bridg- ing) of a Wellfleet system.

Decaddrs displays the DECnet configuration of a Wellfleet system acting as a DECnet router, showing the static parameters associated with each DECnet inter- face. Decaroute and decnroute display the DECnet inter-area and intra-area routing tables (that is area routes and node routes). Xnsroutes displays routes known to a Wellfleet system acting as an XNS router. Bridgetab displays the bridge forwarding table with the disposition of traffic arriving from or directed to each station known to the Wellfleet bridge module. All these commands take an IP address as the argument and can specify an SNMP community for the retrieval. One SNMP query is performed for each row of the table. Note that the Wellfleet system must be operating as an IP router for the SNMP to be accessible.

MECHANISM
Management information is exchanged by use of SNMP.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Distributed and supported for Sun 3 systems.


Page 42

          SOFTWARE REQUIRED
               Distributed and supported for SunOS 3.5 and 4.x.

AVAILABILITY
Commercial product of:
Wellfleet Communications, Inc.
12 DeAngelo Drive
Bedford, MA 01730-2204
(617) 275-2400


Page 43

          Internet Tool Catalog                                    DIG

NAME
DiG

KEYWORDS
status; DNS; spoof; UNIX; free.

ABSTRACT
DiG (domain information groper), is a command line tool which queries DNS servers in either an interactive or a batch mode. It was developed to be more
convenient/flexible than nslookup for gathering perfor- mance data and testing DNS servers.

MECHANISM
Dig is built on a slightly modified version of the bind resolver (release 4.8).

CAVEATS
none.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX.

AVAILABILITY
DiG is available via anonymous FTP from venera.isi.edu in pub/dig.2.0.tar.Z.


Page 44

        Internet Tool Catalog                  EMANATE_SNMP_RESEARCH

NAME
EMANATE: Enhanced MANagement Agent Through Extensions from SNMP Research.

KEYWORDS
alarm, control, manager, reference, security, status; bridge, Ethernet, FDDI, IP, OSI, ring, star; NMS, SNMP;
sourcelib.

ABSTRACT
The EMANATE system provides a run-time extensible SNMP agent that dynamically reconfigures an agent's MIB without having to recompile, relink, or restart the agent. An EMANATE capable SNMP agent can support zero, one, or many subagents and dynamically reconfigure to connect or disconnect those subagents' MIBs.

The EMANATE system consists of several logically independent components and subsystems:

  • Master SNMP agent which contains an API to communicate with subagents.
  • Subagents which implement various MIBS.
  • Subagent Developer's Kit which contains tools to assist in the implementation of subagents.
  • EMANATE libraries which provide the API for the subagent.

MECHANISM
A concise API allows a standard means of communication between the master and subagents. System dependent mechanisms are employed for transfer of information between the master and subagents.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.


Page 45

        HARDWARE REQUIRED
                Multiple platforms including PC's, workstations, hosts,
                and servers are supported.  Contact SNMP Research for
                more details.

SOFTWARE REQUIRED
C compiler.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:

SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing
(615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 46

          Internet Tool Catalog                          ETHERFIND_SUN

NAME
etherfind

KEYWORDS
traffic; ethernet, IP, NFS; eavesdrop; UNIX.

ABSTRACT
Etherfind examines the packets that traverse a network interface, and outputs a text file describing the traffic. In the file, a single line of text describes a single packet: it contains values such as protocol type, length, source, and destination. Etherfind can print out all packet traffic on the ethernet, or traffic for the local host. Further packet filtering can be done on the basis of protocol: IP, ARP, RARP, ICMP, UDP, ND, TCP, and filtering can also be done based on the source, destination addresses as well as TCP and UDP port numbers.

MECHANISM
In usual operations, and by default, etherfind puts the interface in promiscuous mode. In 4.3BSD UNIX and related OSs, it uses a Network Interface Tap (NIT) to obtain a copy of traffic on an ethernet interface.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Minimal protocol information is printed. Can only be run by the super user. The syntax is painful.

HARDWARE REQUIRED
Ethernet.

SOFTWARE REQUIRED
SunOS.

AVAILABILITY
Executable included in Sun OS "Networking Tools and Programs" software installation option.


Page 47

         Internet Tool Catalog                         ETHERNET-CODES

NAME
ethernet-codes

KEYWORDS
reference;
ethernet, fddi;

                ;
                ;
                ;

ABSTRACT
Mike Patton of MIT LCS has compiled a very
comprehensive list of the IEEE numbers used on Ethernet and FDDI (with some permutation).
This file contains collected information on the various codes used on IEEE 802.3 and EtherNet. There are three "pages": type codes, vendor
codes, and the uses of multicast (including
broadcast) addresses.

MECHANISM
FTP the file and use it like a secret decoder ring.

CAVEATS
Since this information is from collected wisdom, there are certainly omissions.

BUGS
Mike welcomes any further additions.
They can be sent to a special mailbox that he has set up:

MAP=EtherNet-codes@LCS.MIT.Edu

LIMITATIONS
See caveats.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
No restrictions.


Page 48

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL The file is stored as flat, non-compressed ASCII text. It can be FTP'ed from:
ftp.lcs.mit.edu

Retreive the file:

                        /pub/map/EtherNet-codes

To submit additions or obtain further assistance, send email to: MAP=EtherNet-codes@LCS.MIT.Edu

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
This entry maintained by the NOCtools editors. Send email to noctools-request@merit.edu


Page 49

        Internet Tool Catalog                 GENERIC-MANAGED-SYSTEM

NAME
Generic Managed System

KEYWORDS
manager; osi; cmis; unix; free, sourcelib

ABSTRACT
The Generic Managed System (GMS) implements the functions that would be common to any OSI managed system. These include the parseing of CMIS requests, selection of managed objects according to the scoping and filtering rules, handling of notifications and event forwarding discriminators etc. The intention is that the implementors should use the GMS as a basis for their own managed object implementations. A support environment is provided to assist with this.

MECHANISM
The GMS uses the UCL CMIP library plus a library of C++ objects representing common managed objects and attribute types.

CAVEATS
The system is still experimental, is subject to change and is not yet well documented.

BUGS
See above.

LIMITATIONS
None known.

HARDWARE REQUIRED
Has been tested on SUN 3 and SUN 4 architectures.

SOFTWARE REQUIRED
The ISODE protocol suite, BSD UNIX, UCL CMIP Library, GNU C++ (g++).

AVAILABILITY
The CMIP library and related management tools built upon it, known as OSIMIS (OSI Management Information Service), are publicly available from University College London, England via FTP and FTAM. To obtain information regarding a copy send email to
osimis-request@cs.ucl.ac.uk or call +44 71 380 7366.


Page 50

        Internet Tool Catalog                              GETETHERS

NAME
getethers

KEYWORDS
Traffic; Ethernet; Ping; UNIX; Free

ABSTRACT
Getethers runs through all addresses on an ethernet segment (a.b.c.1 to a.b.c.254) and pings each address, and then determines the ethernet address for that host. It produces a list, in either plain ASCII, the file format for the Excelan Lanalyzer, or the file format for the Network General Sniffer, of
hostname/ethernet address pairs for all hosts on the local nework. The plain ASCII list optionally includes the vendor name of the ethernet card in each system, to aid in the determination of the identity of unknown systems.

MECHANISM
Getethers uses a raw IP socket to generate ICMP echo requests and receive ICMP echo replies, and then examines the kernel ARP table to determine the ethernet address of each responding system.

CAVEATS
Assumes that the ethernet it is looking at is either a Class C IP network, or part of a Class B IP network that is subnetted with a netmask of 255.255.255.0. (This is easy to change, but it's compiled in.)

BUGS
None known.

LIMITATIONS
None.

HARDWARE REQUIRED
Has been tested on Sun-3 and Sun-4 (SPARC) systems under SunOS 4.1.x, DEC VAXes under 4.3BSD.

SOFTWARE REQUIRED
Runs under SunOS 4.x and 4.3BSD; should be easy to port to any other Berkeley-like system. Requires raw sockets and the ioctl calls to get at the ARP table.


Page 51

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Public domain, and freely distributable. Available via anonymous FTP from harbor.ecn.purdue.edu; also has been posted to comp.sources.unix. The current version is Version 1.4 from May 1992.

Contact point:
Dave Curry
Purdue University
Engineering Computer Network
1285 Electrical Engineering Bldg.
West Lafayette, IN 47907-1285
davy@ecn.purdue.edu

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Dave Curry (see address above).


Page 52

          Internet Tool Catalog                       GETONE_WELLFLEET

NAME
getone, getmany, getroute, getarp, getaddr, getif, getid.

KEYWORDS
manager, routing, status; IP; NMS, SNMP; UNIX.

ABSTRACT
These commands retrieve and format for display values of one or several MIB variables (RFC1066) using the SNMP (RFC1098). Getone and getmany retrieve arbitrary MIB variables; getroute, getarp, getaddr, and getif retrieve and display tabular information (routing tables, ARP table, interface configuration, etc.), and getid retrieves and displays system name, identifica- tion and boot time.

Getone <target> <mibvariable> retrieves and displays the value of the designated MIB variable from the specified target system. The SNMP community name to be used for the retrieval can also be specified. Getmany works similarly for groups of MIB variables rather than individual values. The name of each variable, its value and its data type is displayed. Getroute returns information from the ipRoutingTable MIB structure, displaying the retrieved information in an accessible format. Getarp behaves similarly for the address translation table; getaddr for the ipAddressTable; and getif displays information from the interfaces table, supplemented with information from the ipAddressTable. Getid displays the system name, identification, ipFor- warding state, and the boot time and date. All take a system name or IP address as an argument and can specify an SNMP community for the retrieval. One SNMP query is performed for each row of the table.

MECHANISM
Queries SNMP agent(s).

CAVEATS
None.

BUGS
None known.


Page 53

LIMITATIONS
None reported.

          HARDWARE REQUIRED
               Distributed and supported for Sun 3 systems.

SOFTWARE REQUIRED
Distributed and supported for SunOS 3.5 and 4.x.

AVAILABILITY
Commercial product of:
Wellfleet Communications, Inc.
12 DeAngelo Drive
Bedford, MA 01730-2204
(617) 275-2400


Page 54

          Internet Tool Catalog                           HAMMER_ANVIL

NAME
hammer & anvil

KEYWORDS
benchmark, generator; IP; DOS; free.

ABSTRACT
Hammer and Anvil are the benchmarking programs for IP routers. Using these tools, gateways have been tested for per-packet delay, router-generated traffic over- head, maximum sustained throughput, etc.

MECHANISM
Tests are performed on a gateway in an isolated testbed. Hammer generates packets at controlled rates. It can set the length and interpacket interval of a packet stream. Anvil counts packet arrivals.

CAVEATS
Hammer should not be run on a live network.

BUGS
None reported.

LIMITATIONS
Early versions of hammer could not produce inter-packet intervals shorter than 55 usec.

HARDWARE REQUIRED
Hammer runs on a PC/AT or compatible, and anvil requires a PC or clone. Both use a Micom Interlan NI5210 for LAN interface.

SOFTWARE REQUIRED
MS-DOS.

AVAILABILITY
Hammer and anvil are copyrighted, though free. Copies are available from pub/eutil on husc6.harvard.edu.


Page 55

          Internet Tool Catalog                               HOPCHECK

NAME
hopcheck

KEYWORDS
routing; IP; ping; DOS; free.

ABSTRACT
Hopcheck is a tool that lists the gateways traversed by packets sent from the hopcheck-resident PC to a desti- nation. Hopcheck uses the same mechanism as traceroute but is for use on IBM PC compatibles that have ethernet connections. Hopcheck is part of a larger TCP/IP pack- age that is known as ka9q that is for use with packet radio. Ka9q can coexist on a PC with other TCP/IP packages such as FTP Inc's PC/TCP, but must be used independently of other packages. Ka9q was written by Phil Karn. Hopcheck was added by Katie Stevens, dkstevens@ucdavis.edu. Unlike traceroute, which requires a UNIX kernel mod, hopcheck will run on the standard, unmodified ka9q release.

MECHANISM
See the description in traceroute.

CAVEATS
See the description in traceroute.

BUGS
None known.

HARDWARE REQUIRED
IBM PC compatible with ethernet network interface card; ethernet card supported through FTP spec packet driver.

SOFTWARE REQUIRED
DOS.

AVAILABILITY
Free for radio amateurs and educational institutions; others should contact Phil Karn, karn@ka9q.bellcore.com. Available via anonymous FTP at ucdavis.edu, in the directory "dist/nethop".


Page 56

          Internet Tool Catalog                         INTERNET_ROVER

NAME
Internet Rover

KEYWORDS
status; IP, SMTP; curses, ping, spoof; UNIX; free, sourcelib.

ABSTRACT
Internet Rover is a prototype network monitor that uses multiple protocol "modules" to test network functional- ity. This package consists of two primary pieces of code: the data collector and the problem display.

There is one data collector that performs a series of network tests, and maintains a list of problems with the network. There can be many display processes all displaying the current list of problems which is useful in a multi-operator NOC.

The display task uses curses, allowing many terminal types to display the problem file either locally or from a remote site. Full source is provided. The data collector is easily configured and extensible. Contri- butions such as additional protocol modules, and shell script extensions are welcome.

MECHANISM
A configuration file contains a list of nodes, addresses, NodeUp? protocol test (ping in most cases), and a list of further tests to be performed if the node is in fact up. Modules are included to test TELNET, FTP, and SMTP. If the configuration contains a test that isn't recognized, a generic test is assumed, and a filename is checked for existence. This way users can create scripts that create a file if there is a prob- lem, and the data collector simply checks the existence of that file to determine if there is problem.

CAVEATS
None.

BUGS
None known.


Page 57

LIMITATIONS
This tool does not yet have the capability to perform actions based on the result of the test. Rather, it is intended for a multi-operator environment, and simply displays a list of what is wrong with the net.

HARDWARE REQUIRED
This software is known to run on Suns and IBM RTs.

SOFTWARE REQUIRED
Curses, 4.xBSD UNIX socket programming libraries, BSD ping.

AVAILABILITY
Full source available via anonymous FTP from merit.edu (35.1.1.42) in the ~ftp/pub/inetrover directory. Source and executables are public domain and can be freely distributed for non-commercial use. This pack- age is unsupported, but bug reports and fixes may be sent to: wbn@merit.edu.


Page 58

        Internet Tool Catalog                                 IOZONE

NAME
iozone

KEYWORDS
benchmark; nfs;; dos,hp,unix,vmx; free.

ABSTRACT
Software to assess the sequential file I/O capability of a system. May be useful as reference to compare against results obtained when files are accessed via NFS, Andrew, etc.

MECHANISM
This test writes a X MEGABYTE sequential file in Y byte chunks, then rewinds it and reads it back. [The size of the file should be big enough to factor out the effect of any disk cache.]. Finally, IOZONE deletes the temporary file. Options allow one to vary X and Y. In addition, 'auto test' runs IOZONE repeatedly using record sizes from 512 to 8192 bytes (adjustable), and file sizes from 1 to 16 megabytes (adjustable). It creates a table of results.

CAVEATS
The file is written (filling any cache buffers), and then read. If the cache is >= X MB, then most if not all the reads will be satisfied from the cache. However, if it is less than or equal to
.5X MB, then NONE of the reads will be satisfied from the cache. This is becase after the file is written, a .5X MB cache will contain the upper .5 MB of the test file, but we will start reading
from the beginning of the file (data which is no longer in the cache).

In order for this to be a fair test, the length of the test file must be AT LEAST 2X the amount of disk cache memory for your system. If not, you are really testing the speed at which your CPU
can read blocks out of the cache (not a fair test).

BUGS
none known at this time.


Page 59

LIMITATIONS
IOZONE does not normally test the raw I/O speed of your disk or system-em. It tests the speed of sequential I/O to actual files.
Therefore, this measurement factors in the efficiency of you machines file system, operating system, C compiler, and C runtime library. It produces a measurement which is the number of bytes
per second that your system can read or write to a file.

HARDWARE REQUIRED

This program has been ported and tested on the following computer operating systems:

Vendor Operating System Notes on compiling IOzone
-----------------------------------------------------------------------
Apollo Domain/OS no cc switches -- BSD domain
AT&T UNIX System V R4
AT&T 6386WGS AT&T UNIX 5.3.2 define SYSTYPE_SYSV
Generic AT&T UNIX System V R3 may need cc -DSVR3
Convergent Unisys/AT&T SVR3 cc -DCONVERGENT -o iozone iozone.c
Digital Equipment ULTRIX V4.1
Digital Equipment VAX/VMS V5.4 see below **
Digital Equipment VAX/VMS (POSIX)
Hewlett-Packard HP-UX 7.05
IBM AIX Ver. 3 rel. 1
Interactive UNIX System V R3
Microsoft MS-DOS 3.3 tested Borland, Microsoft C
MIPS RISCos 4.52
NeXt NeXt OS 2.x
OSF OSF/1
Portable! POSIX 1003.1-1988 may need to define _POSIX_SOURCE
QNX QNX 4.0
SCO UNIX System V/386 3.2.2
SCO XENIX 2.3
SCO XENIX 3.2
Silicon Graphics UNIX cc -DSGI -o iozone iozone.c
Sony Microsystems UNIX same as MIPS
Sun Microsystems SUNOS 4.1.1
Tandem Computers GUARDIAN 90 1. call the source file IOZONEC
2. C/IN IOZONEC/IOZONE;RUNNABLE 3. RUN IOZONE
Tandem Computers Non-Stop UX

** for VMS, define iozone as a foreign command via this DCL command:

        $IOZONE :== $SYS$DISK:[]IOZONE.EXE


Page 60

this lets you pass the command line arguments to IOZONE

SOFTWARE REQUIRED
OS as shown in the hardware listing above.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Author: Bill Norcott
1060 Hyde Avenue
San Jose, CA 95129
norcott_bill@tandem.com

Availability:
This tool has been posted to comp.sources.misc. It is available from the usual archive sites. Program can be located using ARCHIE or other servers.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
This entry is maintained by the noctools editors. Send email to noctools-request@merit.edu.


Page 61

        Internet Tool Catalog                                 LADDIS

NAME
LADDIS

KEYWORDS
benchmark, generator;
NFS;
spoof;
unix;
free.

ABSTRACT

"LADDIS: A Multi-Vendor and Vendor-Neutral SPEC NFS Benchmark", Bruce Nelson, LADDIS Group & Auspex Systems.

Over the past 24 months, engineers from Legato, Auspex, Data General, DEC, Interphase, and Sun (LADDIS) met regularly to create the LADDIS NFS benchmark: an unbiased, standard, vendor-independent, scalable NFS performance test.

The purpose of the LADDIS benchmark is to give users a credible and undisputed test of NFS performance, and to give vendors a publishable standard performance measure that customers can use for load planning, system configuration, and equipment buying decisions. Toward this end, the LADDIS benchmark is being adopted by SPEC (the System Performance Evaluation
Cooperative, creators of SPECmarks) as the first member of SPEC's System-level File Server (SFS) benchmark suite."

"In particular, we have had unexpected interest from some router vendors in using LADDIS to both rate and stress-test IP routers. This is because LADDIS can send back-to-back full-size packet trains, and because it can generate a 90%-Ethernet util on simulated "real" NFS workloads, just like routers encounter in the real world. But LADDIS is for local Ethernet or FDDI nets only, not WAN."

MECHANISM
Generates NFS requests and measures responsiveness of the server.


Page 62

CAVEATS
"LADDIS is not released yet by SPEC, although a free beta version, quite stable, is available now as PRE-LADDIS. So you might want to put PRE-LADDIS in your listing, noting that full LADDIS
availability from SPEC is expected by the end of 1992."

BUGS
The licensee is requested to direct beta test comments via electronicmail to:
"spec-preladdis-comments@riscee.pko.dec.com".

This alias will forward all comments to the SPECSFS mailing list (which includes the LADDIS Group).

LIMITATIONS
LADDIS is for local Ethernet or FDDI nets only, not WAN.

HARDWAE REQUIRED
A host with LAN connectivity. Presumably, a host with enough horsepower to generate an adequate work load.

SOFTWARE REQUIRED
LADDIS is a sophisticated Unix-based NFS traffic generator program.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Date: Mon, 10 Feb 92 13:12:20 PST
From: bnelson (Bruce Nelson)

Dear Person:

The SPEC PRE-LADDIS beta test process became operational on Monday, February 3, 1992. This email describes the process as announced during the LADDIS Group's presentation at UniForum '92 and
also at Interop '91. The content of the beta test license and the license request process are consistent with the proposals approved by the SPEC Steering Committee at the January 1992 meeting in Milpitas, California.

The SPEC PRE-LADDIS beta test will consist of one beta test version of PRE-LADDIS distributed ONLY by electronic mail. The SPEC PRE-LADDIS Beta test software is licensed by SPEC, not by the LADDIS Group.


Page 63

To obtain the PRE-LADDIS Beta test software, an individual must:

1. Request the SPEC PRE-LADDIS beta test License by
electronic mail to
"spec-preladdis-beta-test@riscee.pko.dec.com" with a subject line of "Request SPEC PRE-LADDIS Beta Test License".
2. Print a hardcopy of the license and sign.
3. Attach a cover letter written on the individual's company letterhead requesting the PRE-LADDIS Beta Test Kit.
4. U.S. Mail the signed license and cover letter to:
SPEC PRE-LADDIS Beta Test
c/o NCGA, 2722 Merrilee Drive, Suite 200 Fairfax, VA 22031

After completing these steps, the SPEC PRE-LADDIS beta test kit will be emailed to the requestor from riscee.pko.dec.com. The licensee is requested to direct beta test comments via electronic mail to "spec-preladdis-comments@riscee.pko.dec.com". This alias will forward all comments to the SPECSFS mailing list (which includes the
LADDIS Group).

Note that PRE-LADDIS is ONLY available through electronic mail and ONLY through the process listed above in steps 1-4. If you do not have internet email available to you (which is unlikely if you are receiving THIS email), you must arrange delivery of PRE-LADDIS through some email-capable part of your organization, not through LADDIS members like Auspex, DEC, Sun, etc.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
This entry is maintained by the NOCtools editors. Send E-mail to noctools-request@merit.edu.


Page 64

          Internet Tool Catalog                             LAN_PATROL

NAME
LAN Patrol

KEYWORDS
security, traffic; ethernet, star; eavesdrop; DOS.

ABSTRACT
LAN Patrol is a full-featured network analyzer that provides essential information for effective fault and performance management. It allows network managers to easily monitor user activity, find traffic overloads, plan for growth, test cable, uncover intruders, balance network services, and so on. LAN Patrol uses state of the art data collection techniques to monitor all activity on a network, giving an accurate picture of how it is performing.

LAN Patrol's reports can be saved as ASCII files to disk, and imported into spreadsheet or database pro- grams for further analysis.

MECHANISM
The LAN Patrol interface driver programs a standard interface card to capture all traffic on a network seg- ment. The driver operates from the background of a standard PC, maintaining statistics for each station on the network. The information can be viewed on the PC's screen, or as a user-defined report output either to file or printer.

CAVEATS
None. Normal operation is completely passive, making LAN Patrol transparent to the network.

BUGS
None known.

LIMITATIONS
LAN Patrol can monitor up to 10,000 packets/sec on an AT class PC, and is limited to monitoring a maximum of 1024 stations for intervals of up to 30 days.

Because LAN Patrol operates at the physical level, it will only see traffic for the segment on which it is installed; it cannot see traffic across bridges.


Page 65

          HARDWARE REQUIRED
               Computer: IBM PC/XT/AT, PS/2 Model 30, or compatible.
               Requires 512K memory and a hard drive or double-sided
               disk drive.

Display: Color or monochrome text. Color display allows color-coding of traffic information.

Ethernet, StarLAN, LattisNet, or StarLAN 10 network interface card.

SOFTWARE REQUIRED
PC DOS, MS-DOS version 3.1 or greater.

AVAILABILITY
LAN Patrol many be purchased through network dealers, or directly from:
Legend Software, Inc.
Phone: (201) 227-8771

                    FAX:    (201) 906-1151


Page 66

        Internet Tool Catalog                               LANVista

NAME
LANVista

KEYWORDS
analyzer, benchmark, debugger, generator, manager, traffic; DECnet, Ethernet, IP, OSI, Ring; Eavesdrop, Proprietary; DOS, Standalone.

ABSTRACT
CXR/Digilog's LANVista family of protocol and statistical analyzers provide the tools to troubleshoot an Ethernet and Token Ring 4/16Mbps network. LANVista lets you capture frames to RAM and or disk, generate traffic for stress testing, test your network cable for fault isolation, and decode all 7 layers of many popular protocol stacks. LANVista's 100 family offers exceptional price/performance and a wide range of options. Combined with an
integrated upgrade path to the fully distributed LANVista 200 system, the 100 line provides a reasonably priced entry into LAN management and protocol analysis.

All LANVista models are fully operable under Microsoft Windows. Under Windows, LANVista can be operated in the background, gathering data and alarms as other tasks are completed. Displayed data may easily be cut from LANVista and pasted into other Windows
applications such as Excel, Lotus 1-2-3, Harvard Graphics, etc.

The versatile LANVista family can also be remotely controlled through the use of PC Anywhere, Commute, Carbon Copy, or other PC remote control packages. This feature allows the use of "co-pilot" mode which enables an operator at the central site to guide and train a remote operator through network management or analysis tasks.

All LANVista models provide features vital to effective network management and troubleshooting. Basic
capabilities include: Network database, statistics based on the entire network and on a node basis, Token Ring functional address statistics, Bridged traffic statistics, Protocol statistics, logging of statistics to a printer or file of user definable alarms, Hardware Pre-Capture filtering, Post capture filtering, Playback of captured data, Traffic simulation and On-line context


Page 67

sensitive Help.

Protocol Interpreters used for decoding network traffic supported by LANVista include: TCP/IP, DECnet, Banyan Vines, XNS/MS-Net, AppleTalk, IBM Token Ring, Novell, 3Com 3+ Open, SNMP and OSI.

MECHANISM
LANVista is available in three forms. A kit version which consists of a plug-in PC card and Master software, a self contained unit that packages the kit version in a portable PC, and a Distributed system. The LANVista distributed system allows slave units placed anywhere in the world to be controlled from a single central location for centralized management of an enterprise network. LANVista's PC cards provides a physical interface to the LAN and frame preprocessing power. The Master software controls the PC card, and the display and processing of information gathered from the network.

CAVEATS
Optimal performance of LANVista's master software is achieved with DOS 5.0 by utilizing RAMDRIVE.SYS, SMARTDRV.SYS and High memory.

BUGS
None Known.

LIMITATIONS
None Known.

HARDWARE REQUIRED
IBM PC AT, 386, 486 or compatible.

SOFTWARE REQUIRED
DOS

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL LANVista is available worldwide. For information on a local sales representative contact:

CXR/DIGILOG
900 Business Center Drive
Horsham, PA 19044
Phone 1-800-DIGILOG
FAX: 215-956-0108

GSA schedule pricing is honored.


Page 68

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
CXR/DIGILOG Help Desk 1-800-DIGILOG
Send email to: lanvista@digilog.uucp


Page 69

          Internet Tool Catalog                               LANPROBE

NAME
LanProbe -- the HP 4990S LanProbe Distributed Analysis System.

KEYWORDS
alarm, manager, map, status, traffic; ethernet; eaves- drop, NMS; proprietary.

ABSTRACT
The LanProbe distributed monitoring system performs remote and local monitoring of ethernet LANs in a pro- tocol and vendor independent manner.

LanProbe discovers each active node on a segment and displays it on a map with its adapter card vendor name, ethernet address, and IP address. Additional informa- tion about the nodes, such as equipment type and physi- cal location can be entered in to the data base by the user.

When the NodeLocator option is used, data on the actual location of nodes is automatically entered and the map becomes an accurate representation of the physical lay- out of the segment. Thereafter when a new node is installed and becomes active, or when a node is moved or becomes inactive, the change is detected and shown on the map in real time. The system also provides the network manager with precise cable fault information displayed on the map.

Traffic statistics are gathered and displayed and can be exported in (comma delimited) CSV format for further analysis. Alerts can be set on user defined thres- holds.

Trace provides a remote protocol analyzer capability with decodes for common protocols.

Significant events (like power failure, cable breaks, new node on network, broadcast IP source address seen, etc.) are tracked in a log that is uploaded to Pro- beView periodically.

ProbeView generates reports that can be manipulated by MSDOS based word processors, spreadsheets, and DBMS.


Page 70

MECHANISM
The system consists of one or more LanProbe segment monitors and ProbeView software running under Microsoft Windows. The LanProbe segment monitor attaches to the end of an ethernet segment and monitors all traffic. Attachment can be direct to a thin or thick coax cable, or via an external transceiver to fiber optic or twist- ed pair cabling. Network data relating to the segment is transferred to a workstation running ProbeView via RS-232, ethernet, or a modem connection.

ProbeView software, which runs on a PC/AT class works- tation, presents network information in graphical displays.

The HP4992A NodeLocator option attaches to the opposite end of the cable from the HP4991A LanProbe segment mon- itor. It automatically locates the position of nodes on the ethernet networks using coaxial cabling schemes.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
HP 4991A LanProbe segment monitor
HP 4992A NodeLocator (for optional capabilities) 80386 based PC capable of running MS-Windows

SOFTWARE REQUIRED
HP 4990A ProbeView
MSDOS 3.0 or higher and Microsoft Windows/286 2.1.

AVAILABILITY
A commercial product available from:
Hewlett-Packard Company

P.O. Box 10301,
Palo Alto, CA 94303-0890


Page 71

          Internet Tool Catalog                               LANWATCH

NAME
LANWatch

KEYWORDS
alarm, analyzer, traffic; CHAOS, DECnet, DNS, ethernet, IP, OSI, ring, SMTP, star; eavesdrop; DOS; library, sourcelib.

ABSTRACT
LANWatch 2.0 is an inexpensive, powerful and flexible network analyzer that runs under DOS on personal com- puters and requires no hardware modifications to either the host or the network. LANWatch is an invaluable tool for installing, troubleshooting, and monitoring local area networks, and for developing and debugging new protocols. Network managers using LANWatch can inspect network traffic patterns and packet errors to isolate performance problems and bottlenecks. Protocol developers can use LANWatch to inspect and verify proper protocol handling. Since LANWatch is a software-only package which installs easily in existing PCs, network technicians and field service engineers can carry LANWatch in their briefcase for convenient network analysis at remote sites.

LANWatch has two operating modes: Display and Examine. In Display Mode, LANWatch traces network traffic by displaying captured packets in real time. Examine Mode allows you to scroll back through stored packets to inspect them in detail. To select a subset of packets for display, storage or retrieval, there is an exten- sive set of built-in filters. Using filters, LANWatch collects only packets of interest, saving the user from having to sort through all network traffic to isolate specific packets. The built-in filters include alarm, trigger, capture, load, save and search. They can be controlled separately to match on source or destination address, protocol, or packet contents at the hardware and transport layers. LANWatch also includes suffi- cient source code so users can modify the existing filters and parsers or add new ones.

The LANWatch distribution includes executables and source for several post-processors: a TCP protocol analyzer, a node-by-node traffic analyzer and a dump file listing tool.


Page 72

MECHANISM
Uses many common PC network interfaces by placing them in promiscuous mode and capturing traffic.

CAVEATS
Most PC network interfaces will not capture 100% of the traffic on a fully-loaded network (primarily missing back-to-back packets).

BUGS
None known.

LIMITATIONS
LANWatch can't analyze what it doesn't see (see Caveats).

HARDWARE REQUIRED
LANWatch requires a PC or PS/2 with a supported network interface card.

SOFTWARE REQUIRED
LANWatch runs in DOS. Modification of the supplied source code or creation of additional filters and parsers requires Microsoft C 5.1

AVAILABILITY
LANWatch is commercially available from FTP Software, Incorporated, 26 Princess Street, Wakefield, MA, 01880 (617 246-0900).


Page 73

          Internet Tool Catalog                               LLL_ENTM

NAME
ENTM -- Ethernet Traffic Monitor

KEYWORDS
traffic; ethernet, IP; eavesdrop; VMS; free.

ABSTRACT
ENTM is a screen-oriented utility that runs under VAX/VMS. It monitors local ethernet traffic and displays either a real time or cumulative, histogram showing a percent breakdown of traffic by ethernet pro- tocol type. The information in the display can be reported based on packet count or byte count. The per- cent of broadcast, multicast and approximate lost pack- ets is reported as well. The screen display is updated every three seconds. Additionally, a real time, slid- ing history window may be displayed showing ethernet traffic patterns for the last five minutes.

ENTM can also report IP traffic statistics by packet count or byte count. The IP histograms reflect infor- mation collected at the TCP and UDP port level, includ- ing ICMP type/code combinations. Both the ethernet and IP histograms may be sorted by ASCII protocol/port name or by percent-value. All screen displays can be saved in a file for printing later.

MECHANISM
This utility simply places the ethernet controller in promiscuous mode and monitors the local area network traffic. It preallocates 10 receive buffers and attempts to keep 22 reads pending on the ethernet dev- ice.

CAVEATS
Placing the ethernet controller in promiscuous mode may severly slow down a VAX system. Depending on the speed of the VAX system and the amount of traffic on the lo- cal ethernet, a large amount of CPU time may be spent on the Interrupt Stack. Running this code on any pro- duction system during operational hours is discouraged.

BUGS
Due to a bug in the VAX/VMS ethernet/802 device driver, IEEE 802 format packets may not always be detected. A simple test is performed to "guess" which packets are


Page 74

in IEEE 802 format (DSAP equal to SSAP). Thus, some DSAP/SSAP pairs may be reported as an ethernet type, while valid ethernet types may be reported as IEEE 802 packets.

In some hardware configurations, placing an ethernet controller in promiscuous mode with automatic-restart enabled will hang the controller. Our VAX 8650 hangs running this code, while our uVAX IIs and uVAX IIIs do not.

Please report any additional bugs to the author at: Allen Sturtevant
National Magnetic Fusion Energy Computer Center Lawrence Livermore National Laboratory

P.O. Box 808; L-561
Livermore, CA 94550
Phone : (415) 422-8266
E-Mail: sturtevant@ccc.nmfecc.gov

LIMITATIONS
The user is required to have PHY_IO, TMPMBX and NETMBX privileges. When activated, the program first checks that the user process as enough quotas remaining (BYTLM, BIOLM, ASTLM and PAGFLQUO) to successfully run the program without entering into an involuntary wait state. Some quotas require a fairly generous setting.

The contents of IEEE 802 packets are not examined. Only the presence of IEEE 802 packets on the wire is reported.

The count of lost packets is approximated. If, after each read completes on the ethernet device, the utility detects that it has no reads pending on that device, the lost packet counter is incremented by one.

When the total number of bytes processed exceeds 7fffffff hex, all counters are automatically reset to zero.

HARDWARE REQUIRED
A DEC ethernet controller.

SOFTWARE REQUIRED
VAX/VMS version V5.1+.


Page 75

AVAILABILITY
For executables only, FTP to the ANONYMOUS account (password GUEST) on CCC.NMFECC.GOV and GET the follow- ing files:

               [ANONYMOUS.PROGRAMS.ENTM]ENTM.DOC     (ASCII text)
               [ANONYMOUS.PROGRAMS.ENTM]ENTM.EXE     (binary)
               [ANONYMOUS.PROGRAMS.ENTM]EN_TYPES.DAT (ASCII text)
               [ANONYMOUS.PROGRAMS.ENTM]IP_TYPES.DAT (ASCII text)


Page 76

          Internet Tool Catalog                Interactive Network Map

NAME
map -- Interactive Network Map

KEYWORDS
manager, map; CHAOS, ethernet, IP, ring, star; NMS, ping, SNMP, X; UNIX; free, sourcelib.

ABSTRACT
Map draws a map of network connectivity and allows interactive examination of information about various components including whether hosts can be reached over the network.

The program is supplied with complete source and is written in a modular fashion to make addition of dif- ferent protocols stacks, displays, or hardcopy devices relatively easy. This is one of the reasons why the initial version supports at least two of each. Contri- butions of additional drivers in any of these areas will be welcome as well as porting to additional plat- forms.

MECHANISM
Net components are pinged by use of ICMP echo and, optionally, CHAOS status requests and SNMP "gets." The program initializes itself from static data stored in the file system and therefore does not need to access the network in order to get running (unless the static files are network mounted).

CAVEATS
As of publication, the tool is in beta release.

BUGS
Several minor nits, documented in distribution files. Bug discoveries should be reported by email to Bug- Map@LCS.MIT.Edu.

LIMITATIONS
See distribution file for an indepth discussion of sys- tem capabilities and potential.

HARDWARE REQUIRED
An X display is needed for interactive display of the map, non-graphical interaction is available in non- display mode. For hardcopy output a PostScript or Tek-


Page 77

tronix 4692 printer is required.

SOFTWARE REQUIRED
BSD UNIX or related OS. IP/ICMP is required; CHAOS/STATUS and SNMP can be used but are optional. X-Windows is required for interactive display of the map.

AVAILABILITY
The program is Copyright MIT. It is available via anonymous FTP with a license making it free to use and distribute for non-commercial purposes. FTP to host FTP.LCS.MIT.Edu, directory nets. The complete distribution is in map.tar.Z and some short
documentation files are there (as well as in the distribution). Of most interest are ReadMe and Intro.

To be added to the email forum that discusses the software, or for other administrative details, send a request to: MAP-Request@LCS.MIT.Edu


Page 78

          Internet Tool Catalog                               MCONNECT

NAME
mconnect

KEYWORDS
status; SMTP; spoof; UNIX.

ABSTRACT
Mconnect allows an interactive session with a remote mailer. Mail delivery problems can be diagnosed by connecting to the remote mailer and issuing SMTP com- mands directly.

MECHANISM
Opens a TCP connection to remote SMTP on port 25. Pro- vides local line buffering and editing, which is the distinction between mconnect and a TELNET to port 25.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Mconnect is not a large improvement over using a TELNET connection to port 25.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS.

AVAILABILITY
Available with 4.xBSD UNIX and related operating sys- tems.


Page 79

        Internet Tool Catalog                             MIB-BROWSER

NAME
MIB Browser

KEYWORDS
manager; osi; cmis, x; unix; free, sourcelib.

ABSTRACT
The MIB Browser is an X Windows HCI tool that allows you to "browse" through the objects in a Management Information Base (MIB). The browser is generic in that it can connect to a CMIS agent without having any prior knowledge of the structure of the MIB in the agent.

MECHANISM
CMIP is used to transfer the values of attributes between the managed system and the browser.

CAVEATS
None.

BUGS
Unexpected termination of the agent can cause browser to crash (ISODE bug!).

HARDWARE REQUIRED
Unix workstation, has been tested on SUN 3 and SUN 4 architectures.

SOFTWARE REQUIRED
The ISODE protocol suite, BSD UNIX, X Windows, GNU C++ (g++), Interviews (2.6).

AVAILABILITY
The CMIP library and related management tools built upon it, known as OSIMIS (OSI Management Information Service), are publicly available from University College London, England via FTP and FTAM. To obtain information regarding a copy send email to
osimis-request@cs.ucl.ac.uk or call +44 71 380 7366.


Page 80

        Internet Tool Catalog                                  MONET

NAME
MONET -- the Hughes LAN Systems SNMP Network Management Center (formerly the Hughes LAN Systems 9100) software product runs on a Sun SPARCStation hardware platform.

KEYWORDS
control, graphics, network topology,manager, routing, status, traffic; bridge, configuration, performance, alarm management, relational database, mib parser for RDBMS, intelligent hub management, DECnet, ethernet, IP; NMS, SNMP; UNIX.

ABSTRACT
Monet provides the capability to manage and control SNMP-based networking products from any vendor including those from Hughes LAN Systems.

A comprehensive relational database manages the data and ensures easy access and control of resources throughout the network.

Monet provides multivendor management through its advanced Mib master MIB parser that allows the parsing of enterprise MIBs (ASN.1 format per RFC1212) directly into the RDBMS for use by Monet's applications.

Major features include:

Remote access with X:
Use of the X/Motif user-interface, enabling remote access to the all applications.

Database Management
Stores and retrieves the information required to administer and configure the network. It can be used to:

                         - Store and recall configuration data for all
                           devices.
                         - Provide availability history for devices.
                         - Assign new internet addresses.
                         - Provide administrative information such as
                           physical location of devices, responsible
                           person, maintenance history, asset data,
                           hardware/software versions, etc.
                         - Full-function SQL interface.
                         - User-customizable RDBMS report generation.


Page 81

Graphics and Network Mapping
The Graphics module enables the user to view the nodes in the network as "dynamic" icons in heirarchical maps. The network is represented by these heirarchical maps. Though there is a library of device icons, cities and geographical maps included, the user has access to a graphics editor that allows customizing and the creation of new icons and maps.
A Device's icon may be selected to:

                        - Register/deregister the device,
                        - Access the open alarms and acknowledge
                          faults for the selected device,
                        - Ping the device to determine accessibility,
                        - Draw graphs of any of the device's numeric
                          MIB objects, either the values as retrieved
                          in real-time or the history values
                          previously stored in the RDBMS by the
                          Performance Manager,
                        - Telnet to the device,
                        - Customize the graphical dynamics (color,
                          fill, rotation, etc.) of the device's icon
                          by associating them to the values of the
                          device's MIB objects.

Configuration Management

                    - Retrieves configuration information from SNMP
                      devices.
                    - Stores device parameters in the RDBMS, with
                      common sets of parameters used for multiple
                      devices, or for multiple ports on a device,
                      stored only once in the RDBMS.
                    - Configures devices from the parameters stored in
                      the RDBMS, including those relating to TCP/IP,
                      DECnet and any other protocol/feature
                      configurable via SNMP.
                    - Polls devices to compare their current parameter
                      values with those in the database and produce
                      reports of the discrepancies.
                    - Collect data about the state of the network.
                    - Learn the parameters of the devices in the
                      network and populate the database.

Performance Management

                    - Displays local network traffic graphically, by
                      packet size, protocol, network utilization,
                      sources and destinations of packets, etc.
                    - Provides for the scheduling of jobs to retrieve


Page 82

MIB values of a device and store them in the RDBMS for review or summary reporting at a later time.

                    - Allows high/low thresholds to be set on retrieved
                      values with alarms generated when thresholds are
                      exceeded.

Fault Management

                    - Provides availability monitoring and indicates
                      potential problems.
                    - Creates alarms from received SNMP traps, and from
                      other internally-generated conditions,
                    - Records alarms in the alarm log in the RDBMS.
                    - Lists alarms for selected set of devices,
                      according to various filter conditions,
                    - Possible causes and suggested actions for the
                      alarms are listed.
                    - New alarms are indicated by a flashing icon and
                      optional audio alert.
                    - Visual indication of alarms bubbles up the network
                      map heirarchy.
                    - Cumulative reports can be produced.

Utilities Function

                    - View and/or terminate current NMC processes,
                    - Access to database maintenance utilities.

MECHANISM
SNMP.

CAVEATS
None reported.

BUGS
None known.

LIMITATIONS
Maximum number of nodes that can be monitored is 18,000. This can include Hosts, Terminal Servers, PCs, Routers, and Bridges.

HARDWARE REQUIRED
The host for the NMC software is a Sun 4 desktop works- tation. Recommended minimum hardware is the Sun IPX Color workstation, with a 1/4" SCSI tape drive.

SOFTWARE REQUIRED
MONET V5.0, which is provided on 1/4" tape format, runs on the Sun 4.1.1 Operating System.


Page 83

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL A commercial product of:
Hughes LAN Systems Inc.
1225 Charleston Road
Mountain View, CA 94043
Phone: (415) 966-7300
Fax: (415) 960-3738
RCA Telex: 276572

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
kishoret@msgate.hls.com
kzm@hls.com


Page 84

          Internet Tool Catalog                            NET_MONITOR

NAME
net_monitor

KEYWORDS
routing, status; DECnet, IP; curses, ping; UNIX, VMS; free, sourcelib.

ABSTRACT
Net_monitor uses ICMP echo (and DECnet reachability information on VAX/VMS) to monitor a network. The mon- itoring is very simplistic, but has proved useful. It periodically tests whether hosts are reachable and reports the results in a full-screen display. It groups hosts together in common sets. If all hosts in a set become unreachable, it makes a lot of racket with bells, since it assumes that this means that some com- mon piece of hardware that supports that set has failed. The periodicity of the tests, hosts to test, and groupings of hosts are controlled with a single configuration file.

The idea for this program came from the PC/IP monitor facility, but is an entirely different program with different functionality.

MECHANISM
Reachability is tested using ICMP echo facilities for TCP/IP hosts (and DECnet reachability information on VAX/VMS). A DECnet node is considered reachable if it appears in the list of hosts in a "show network" com- mand issued on a routing node.

CAVEATS
This facility has been found to be most useful when run in a window on a workstation rather than on a terminal connected to a host. It could be useful if ported to a PC (looks easy using FTP Software's programming libraries), but this has not been done. Curses is very slow and cpu intensive on VMS, but the tool has been run in a window on a VAXstation 2000. Just don't try to run it on a terminal connected to a 11/750.

BUGS
None known.


Page 85

LIMITATIONS
This tool is not meant to be a replacement for a more comprehensive network management facility such as is provided with SNMP.

HARDWARE REQUIRED
A host with a network connection.

SOFTWARE REQUIRED
Curses, 4.xBSD UNIX socket programming libraries (lim- ited set) and some flavor of TCP/IP that supports ICMP echo request (ping). It has been run on VAX/VMS run- ning WIN/TCP and several flavors of 4BSD UNIX (includ- ing SunOS 3.2, 4.0, and 4.3BSD). It could be ported to any platform that provides a BSD-style programming li- brary with an ICMP echo request facility and curses.

AVAILABILITY
Requests should be sent to the author:

Dale Smith
Asst Dir of Network Services
University of Oregon
Computing Center
Eugene, OR 97403-1211

Internet: dsmith@oregon.uoregon.edu.
BITNET: dsmith@oregon.bitnet
UUCP: ...hp-pcd!uoregon!dsmith
Voice: (503)686-4394

With the source code, a makefile is provided for most any UNIX box and a VMS makefile compatible with the make distributed with PMDF. A VMS DCL command file is also provided, for use by those VMS sites without "make."

The author will attempt to fix bugs, but no support is promised. The tool is copyrighted, but free (for now).


Page 86

          Internet Tool Catalog                     NETLABS_CMOT_AGENT

NAME
Netlabs CMOT Agent

KEYWORDS
manager, status; IP, OSI; NMS.

ABSTRACT
Netlabs' CMOT code debuted in Interop 89. The CMOT code comes with an Extensible MIB, which allows users to add new MIB variables. The code currently supports all the MIB variables in RFC 1095 via the data types in RFC 1065, as well as the emerging MIB-II, which is currently in experimental stage. The CMOT has been benchmarked at 100 Management Operations per Second (MOPS) for a 1-MIPS machine.

MECHANISM
The Netlabs CMOT agent supports the control and moni- toring of network resources by use of CMOT message exchanges.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Portable to most hardware.

SOFTWARE REQUIRED
Portable to most operating systems.

AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)


Page 87

          Internet Tool Catalog                   NETLABS_DUAL_MANAGER

NAME
Dual Manager

KEYWORDS
alarm, control, manager, map, security, status; IP, OSI; NMS, SNMP, X; UNIX; library.

ABSTRACT
Netlabs' Dual Manager provides management of TCP/IP networks using both SNMP and CMOT protoocls. Such management can be initiated either through the X- Windows user interface (both Motif and Openlook), or through OSI Network Management (CMIP) commands. The Dual Manager provides for configuration, fault, secu- rity and performance management. It provides extensive map management features, including scanned maps in the background. It provides simple mechanisms to extend the MIB and assign specific lists of objects to specific network elements, thereby providing for the management of all vendors' specific MIB extensions. It provides an optional relational DBMS for storing and retrieving MIB and alarm information. Finally, the Dual Manager is an open platform, in that it provides several Application Programming Interfaces (APIs) for users to extend the functionality of the Dual Manager.

The Dual Manager is expected to work as a TCP/IP "branch manager" under DEC's EMA, AT&T's UNMA and other OSI-conformant enterprise management architectures.

MECHANISM
The Netlabs Dual Manager supports the control and moni- toring of network resources by use of both CMOT and SNMP message exchanges.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Runs on Sun/3 and Sun/4s.


Page 88

          SOFTWARE REQUIRED
               Available on System V or SCO Open Desktop environments.
               Uses X-Windows for the user interface.

AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)


Page 89

          Internet Tool Catalog                     NETLABS_SNMP_AGENT

NAME
Netlabs SNMP Agent.

KEYWORDS
manager, status; IP; NMS, SNMP.

ABSTRACT
Netlabs' SNMP code debuted in Interop 89, where it showed interoperation of the code with several imple- mentations on the show floor. The SNMP code comes with an Extensible MIB, which allows users to add new MIB variables. The code currently supports all the MIB variables in RFC 1066 via the data types in RFC 1065, as well as the emerging MIB-II, which is currently in experimental stage. The SNMP has been benchmarked at 200 Management Operations per Second (MOPS) for a 1- MIPS machine.

MECHANISM
The Netlabs SNMP agent supports the control and moni- toring of network resources by use of SNMP message exchanges.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Portable to most hardware.

SOFTWARE REQUIRED
Portable to most operating systems.

AVAILABILITY
Commercially available from:
Netlabs Inc
11693 Chenault Street Ste 348
Los Angeles CA 90049
(213) 476-4070
lam@netlabs.com (Anne Lam)


Page 90

        Internet Tool Catalog                 NetMetrix-Load-Monitor

NAME
NetMetrix Load Monitor

KEYWORDS
alarm,traffic; Ethernet, FDDI, IP, Ring; Eavesdrop, SNMP, X; UNIX;

ABSTRACT
The NetMetrix Load Monitor is a distributed
client-server monitoring tool for ethernet, token ring, and FDDI networks. A unique "dual" architecture provides compatibility with both RMON and X windows. RMON allows interoperability and an enterprise-wide view, while X windows enables much more powerful, intelligent applications at remote segments and saves network bandwidth.

The Load Monitor provides extensive traffic
statistics. It looks at load by time interval, source node, destination node, application, protocol or packet size. A powerful ZOOM feature allows extensive correlational analysis which is displayed in a wide variety of graphs and tables.

You can answer questions such as: Which sources are generating most of the load on the network when it is most heavily loaded and where is this load going? Which source/destination pairs generate the most traffic over the day? Where should bridges and routers be located to optimally partition the network? How much load do applications, like the X Windows protocol, put on the network and who is generating that load when it is the greatest.

A floating license allows easy access to the software tool anywhere you need it.

MECHANISM
NetMetrix turns the network interface into promiscuous mode to capture packets.

CAVEATS
none.

BUGS
none known.


Page 91

LIMITATIONS
none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                SunOS 4.0 or higher

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com

Government agencies please note that NetMetrix is on the GSA schedule.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com


Page 92

        Internet Tool Catalog                  NetMetrix-NFS-Monitor

NAME
NetMetrix NFS Monitor

KEYWORDS
traffic; Ethernet, FDDI, NFS, Ring; Eavesdrop, SNMP, X; UNIX

ABSTRACT
The NetMetrix NFS Monitor is a distributed network monitoring tool which monitors and graphs NFS load, response time, retransmits, rejects and errors by server, client, NFS procedure, or time
interval. Breakdown server activity by file system and client activity by user.

A powerful ZOOM feature lets you correlate monitoring variables. You can see client/server relationships, compare server performance, evaluate NFS performance enhancement strategies.

A floating license and the X Window protocol allows monitoring of remote ethernet, token ring and FDDI segments from a central enterprise-wide display.

MECHANISM
NetMetrix turns the network interface into promiscuous mode to capture packets.

CAVEATS
none.

BUGS
none known.

LIMITATIONS
none.

HARDWARE REQUIRED
SPARC system

SOFTWARE REQUIRED
SunOS 4.0 or higher


Page 93

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com

Government agencies please note that NetMetrix is on the GSA schedule.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com


Page 94

        Internet Tool Catalog            NetMetrix-Protocol-Analyzer

NAME
NetMetrix Protocol Analyzer

KEYWORDS
alarm, analyzer, traffic; DECnet, DNS, Ethernet, FDDI, IP, OSI, NFS, Ring, SMTP; Eavesdrop, SNMP, X; UNIX; Library

ABSTRACT
The NetMetrix Protocol Analyzer is a distributed client-server monitoring tool for ethernet, token ring, and FDDI networks. A unique "dual" architecture provides compatibility with both RMON and
X windows. RMON allows interoperability, while X windows enables much more powerful, intelligent applications at remote segments and saves network bandwidth.

With the Protocol Analyzer, you can decode and display packets as they are being captured. Extensive filters let you sift through packets either before or after trace capture. The capture filter may be specified by source, destination between hosts, protocol, packet size, pattern match, or by a complete expression using an extensive filter expression language.

Full 7-layer packet decodes are available for all major protocols including DECnet, Appletalk, Novell, XNS, SNA, BANYAN, OSI and TCP/IP. The decodes for the TCP/IP stack have all major protocols including NFS, YP, DNS, SNMP, OSPF, etc.

Request and reply packets are matched. Packets can be displayed in summary, detail or hex, with multiple views to see packet dialogues side by side.

A complete developers' kit is available for custom decodes.

A floating license allows easy acess to the software tool anywhere you need it.

MECHANISM
NetMetrix turns the network interface into promiscuous mode to capture packets.


Page 95

CAVEATS
none.

BUGS
none known.

LIMITATIONS
none.

        HARDWARE REQUIRED
                SPARC system

        SOFTWARE REQUIRED
                 SunOS 4.0 or higher

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com

Government agencies please note that NetMetrix is on the GSA schedule.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com


Page 96

        Internet Tool Catalog            NetMetrix-Traffic-Generator

NAME
NetMetrix Traffic Generator

KEYWORDS
Debugger, Generator, Traffic; Ethernet, FDDI, IP, Ring; Eavesdrop, SNMP, X; UNIX; Library

ABSTRACT
The NetMetrix Traffic Generator is a distributed software tool which allows you to simulate network load or test packet dialogues between nodes on your ethernet, token ring, or FDDI segments. The Traffic Generator can also be used to test and validate management station alarms, routers, bridges, hubs, etc.

An easy-to-use programming interface provides complete flexibility over variables such as bandwidth, packet sequence, and conditional responses.

A floating license and the X Window System protocol allows testing of remote ethernet, token ring and FDDI segments from a central console.

MECHANISM
NetMetrix turns the network interface into promiscuous mode to capture packets.

CAVEATS
none.

BUGS
none known.

LIMITATIONS
none.

HARDWARE REQUIRED
SPARC system

SOFTWARE REQUIRED
SunOS 4.0 or higher


Page 97

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NetMetrix is available from:
Sales Department
Metrix Network Systems, Inc.
One Tara Boulevard
Nashua, New Hampshire 03062
telephone: 603-888-7000
fax: 603-891-2796
email: info@metrix.com

Government agencies please note that NetMetrix is on the GSA schedule.

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Norma Shepperd
Marketing Administrator
603-888-7000
norma@metrix.com


Page 98

          Internet Tool Catalog                           NETMON_MITRE

NAME
NETMON and iptrace

KEYWORDS
traffic; IP; eavesdrop; UNIX; free.

ABSTRACT
NETMON is a facility to enable communication of net- working events from the BSD UNIX operating system to a user-level network monitoring or management program. Iptrace is a program interfacing to NETMON which logs TCP-IP traffic for performance measurement and gateway monitoring. It is easy to build other NETMON-based tools using iptrace as a model.

NETMON resides in the 4.3BSD UNIX kernel. It is independent of hardware-specific code in UNIX. It is transparent to protocol and network type, having no internal assumptions about the network protocols being recorded. It is installed in BSD-like kernels by adding a standard function call (probe) to a few points in the input and output routines of the protocols to be logged.

NETMON is analogous to Sun Microsystems' NIT, but the interface tap function is extended by recording more context information. Aside from the timestamp, the choice of information recorded is up to the installer of the probes. The NETMON probes added to the BSD IP code supplied with the distribution include as context: input and output queue lengths, identification of the network interface, and event codes labeling packet dis- cards. (The NETMON distribution is geared towards measuring the performance of BSD networking protocols in an IP gateway).

NETMON is designed so that it can reside within the monitored system with minimal interference to the net- work processing. The estimated and measured overhead is around five percent of packet processing.

The user-level tool "iptrace" is provided with NETMON. This program logs IP traffic, either at IP-level only, or as it passes through the network interface drivers as well. As a separate function, iptrace produces a host traffic matrix output. Its third type of output


Page 99

is abbreviated sampling, in which only a pre-set number of packets from each new host pair is logged. The three output types are configured dynamically, in any combination.

OSITRACE, another logging tool with a NETMON interface, is available separately (and documented in a separate entry in this catalog).

MECHANISM
Access to the information logged by NETMON is through a UNIX special file, /dev/netmon. User reads are blocked until the buffer reaches a configurable level of full- ness.

Several other parameters of NETMON can be tuned at com- pile time. A diagnostic program, netmonstat, is included in the distribution.

CAVEATS
None.

BUGS
Bug reports and questions should be addressed to: ie-tools@gateway.mitre.org
Requests to join this mailing list:
ie-tools-request@gateway.mitre.org
Questions and suggestions can also be directed to: Allison Mankin (703)883-7907
mankin@gateway.mitre.org

LIMITATIONS
A NETMON interface for tcpdump and other UNIX protocol analyzers is not included, but it is simple to write. NETMON probes for a promiscuous ethernet interface are similarly not included.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX-like network protocols or the ability to install the BSD publicly available network protocols in the system to be monitored.


Page 100

AVAILABILITY
The NETMON distribution is available by anonymous FTP in pub/netmon.tar or pub/netmon.tar.Z from aelred- 3.ie.org. A short user's and installation guide, NETMON.doc, is available in the same location. The NETMON distribution is provided "as is" and requires retention of a copyright text in code derived from it. It is copyrighted by the MITRE-Washington Networking Center.


Page 101

        Internet Tool Catalog           NETMON_WINDOWS_SNMP_RESEARCH

NAME
NETMON for Windows -- an SNMP-based network management tool that runs under Microsoft Windows 3.0 from SNMP Research.

KEYWORDS
alarm, control, manager, map, routing;
DECnet, Ethernet, IP, OSI, ring, star;
NMS, SNMP;
DOS;
sourcelib.

ABSTRACT
The NETMON application implements a powerful network management station based on a low-cost DOS platform. NETMON's network management tools for configuration, performance, security, and fault management have been used successfully with a wide assortment of wide- and local-area-network topologies and medias. Multiprotocol devices are supported including those using TCP/IP, DECnet, and OSI protocols.

Some features of NETMON's network management tools include:

  • Fault management tool displays a map of the network configuration with node and link state indicated in one of several colors to indicate current status;
  • Configuration management tool may be used to edit the network management information base stored in the NMS to reflect changes occurring in the network;
  • Graphs and tabular tools for use in fault and performance management;
  • Mechanisms by which additional variables, such as vendor- specific variables, may be added;
  • Alarms may be enabled to alert the operator of events occurring in the network;
  • Events are logged to disk;
  • Output data may be transferred via flat files for additional report generation by a variety of statistical packages.

The NETMON application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages.


Page 102

MECHANISM
The NETMON for Windows application is based on the Simple Network Management Protocol (SNMP). Polling is performed via the powerful SNMP get-next operator and the SNMP get operator. Trap directed polling is used to regulate the focus and intensity of the polling.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
The minimum system is a IBM 386 computer, or compatible, with hard disk drive.

SOFTWARE REQUIRED
DOS 5.0 or later, Windows 3.0 in 386 mode, and TCP/IP kernel software from FTP Software.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 103

        Internet Tool Catalog                               NETscout

NAME
NETscout(tm)

KEYWORDS
Alarm, Analyzer, Manager, Status, Traffic;
DECnet, Ethernet, IP, OSI, NFS, Ring, Star, Eavesdrop; NMS, SNMP;
UNIX;

ABSTRACT
The NETscout family of distributed LAN Analyzer devices are intended to provide network users with a comprehensive capability to identify and isolate fault conditions in data communications networks.
NETscout has the capability to collect wide ranging statistical data, to display selectively captured and fully decoded network traffic, to set user-defined alarm conditions, and to obtain real-time updates from all segments of a widely dispersed internetwork from a centralized SNMP-compatible network management console.

The NETscout family is based on standards so that operation may be realized in heterogeneous networks which constitute a multi-protocol, multi-topology, multi-vendor environment. The fundamental standards upon which NETscout is based are the Simple Network Management Protocol (SNMP), which defines the protocol for all inter-communications between NETscout devices, and the Remote Monitoring Management Information Base (RMON-MIB), which defines the type of information which is to be gathered and made available to the user for each network segment.

NETscout clients provide a full array of monitoring and analysis features including intelligent seven level decoding of all majorprotocol stacks:

                DOD including TCP/IP    XNS       Novell
                DECNET including LAT    ISO       APPLETALK
                IBM Token Ring          Vines     NETBIOS/SMB
                SNMP including RMON-MIB SUN-NFS   SMT

NETscout agents support all nine groups of the RMON-MIB standard. NETscout agents can work with any SNMP-based network management system and currently


Page 104

support Ethernet and Token Ring.

MECHANISM
The operation of the NETscout family is divided into two distinct subcategories. The first is the "Client" which is the user console from which operational commands are issued and where all results and diagnostic information are displayed. In a NETscout topology it is feasible to have multiple clients active simultaneously within a single network. The second category is the "Agent", a hardware/software device which is attached to a specific network segment and which gathers statistical information for that segment as well as providing a window into that segment where network traffic may be observed and gathered for more detailed user analysis. A typical network will have multiple segments and multiple agents up to the point of having one agent for each logical network segment.

NETscout Model 9210 is a software package which, when combined in a Sun SPARCstation in conjunction with SunNet Manager running under Open Windows, implements the NETscout client function. SunNet Manager provides the background operational tools for client operation while the NETscout software provides
application-specific functions related to RMON-MIB support as well as all software necessary to perform the protocol decode function.
SunNet Manager also implements a network map file which includes a topographical display of the entire network and is the mechanism for selecting
network elements to perform operations.

NETscout Model 9215 is a software package that operates in conjunction with SunNet Manager and implements the statistics monitoring function only. That is, it does not include the protocol
decode function or the mechanism to retrieve actual data from a remote agent. It does, however, include complete statistics gathering and event and alarm generation.

Frontier NETscout Models 9510 and 9515, and Model 9610 and 9615 are agent software packages that implement selected network diagnostic functions when loaded into a Sun SPARCstation (9510, 9515) or a SynOptics LattisNet Hub (9610, 9615) respectively which is


Page 105

connected to an Ethernet network segment
using conventional network interface hardware. Models 9510 and 9610 support all nine RMON-MIB groups including "filters" and "packet capture" and thus provide for complete protocol monitoring and decode when used with a client
equipped with protocol decode software. Models 9515 an 9615 include support for seven RMON-MIB groups which excludes "filters" and "data capture" and therefore perform network monitoring only through collection and presentation of network statistics, events, and alarms. All models also support the MIB2 system and interface groups.

Frontier NETscout Models 9520 and 9525, and Model 9620 and 9625 are agent software packages that are identical in function to their respective models described above except that they are for use on Token Ring segments.

CAVEATS
The RMON-MIB standard for Token Ring applications has not yet beenformally released and is not approved. NETscout products correspond to the latest draft for Token Ring functions and will be updated as
required to conform to the standard as it is approved.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Sun SPARCstation or LattisNet Hub depending upon Model number.

SOFTWARE REQUIRED
Sun OS 4.1.1 for client and agent, SunNet Manager for client.


Page 106

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL NETscout products are available commercially. For information regarding your local representative, contact: Frontier Software Development, Inc.
1501 Main Street
Tewksbury, MA 01876
Phone: 508-851-8872
Fax: 508-851-6956

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Marketing
Frontier Software


Page 107

          Internet Tool Catalog                                NETSTAT

NAME
netstat

KEYWORDS
routing; IP; UNIX, VMS; free.

ABSTRACT
Netstat is a program that accesses network related data structures within the kernel, then provides an ASCII format at the terminal. Netstat can provide reports on the routing table, TCP connections, TCP and UDP "listens", and protocol memory management.

MECHANISM
Netstat accesses operating system memory to read the kernel routing tables.

CAVEATS
Kernel data structures can change while netstat is run- ning.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.

AVAILABILITY
Available via anonymous FTP from uunet.uu.net, in directory bsd-sources/src/ucb. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP.


Page 108

          Internet Tool Catalog                     NETWORK_INTEGRATOR

NAME
Network Integrator I

KEYWORDS
map, traffic; ethernet; UNIX.

ABSTRACT
This tool monitors traffic on network segments. All information is dumped to either a log file or, for real-time viewing, to a command tool window. Data is time-stamped according to date and time. Logging can continue for up to 24 hours.

The tool is flexible in data collection and presenta- tion. Traffic filters can be specified according to header values of numerous protocols, including those used by Apple, DEC, Sun, HP, and Apollo. Bandwidth utilization can be monitored, as well as actual load and peak throughput. Additionally, the Network Integrator can analyze a network's topology, and record the location of all operational nodes on a network.

Data can be displayed in six separate formats of bar graphs. In addition, there are several routines for producing statistical summaries of the data collected.

MECHANISM
The tools work through RPC and XDR calls.

CAVEATS
Although the tool adds only little traffic to a net- work, generation of statistics from captured files requires a significant portion of a workstation's CPU.

BUGS
None known.

LIMITATIONS
Must be root to run monitor. There does not seem to be a limit to the number of nodes, since it monitors by segments. The only major limitation is the amount of disk space that a user can commit to the log files. The size of the log files, however, can be controlled through the tool's parameters.


Page 109

          HARDWARE REQUIRED
               Sun3 or Sun4.

          SOFTWARE REQUIRED
               4.0BSD UNIX or greater, or related OS.

AVAILABILITY
Copyrighted, commercially available from
Network Integrators,
(408) 927-0412.


Page 110

        Internet Tool Catalog                               NFSwatch

NAME
nfswatch

KEYWORDS
Traffic; Ethernet, IP, NFS; Curses, Eavesdrop; UNIX; Free

ABSTRACT
Nfswatch monitors all incoming ethernet traffic to an NFS file server and divides it into several
categories. The number and percentage of packets received in each category is displayed on
the screen in a continuously updated display.

By default, nfswatch monitors all packets destined for the local host over a single network interface. Options are provided to specify the specific interface to be monitored, or all interfaces at once. NFS traffic to the local host, to a remote host, from a specific host, between two hosts, or all NFS traffic on the network may be monitored.

Categories of packets monitored and counted include: ND Read, ND Write, NFS Read, NFS Write, NFS Mount, Yellow Pages (NIS), RPC Authorization, Other RPC, TCP, UDP, ICMP, RIP, ARP, RARP, Ethernet Broadcast, and Other.

Packets are also tallied either by file system or file (specific files may be watched as an option), NFS procedure name (RPC call), or NFS client hostname.

Facilities for taking "snapshots" of the screen, as well as saving data to a log file for later analysis (the analysis tool is included) are also available.

MECHANISM
Nfswatch uses the Network Interface Tap, nit(4) under SunOS 4.x, and the Packet Filter, packetfilter(4), under Ultrix 4.x, to place the ethernet interface into promiscuous mode. It filters out NFS packets, and decodes the file handles in order to determine how to count the packet.


Page 111

CAVEATS
Because the NFS file handle is a non-standard (server private) piece of data, nfswatch must be modified to understand file handles used by various
implementations. It currently knows
about the SunOS 4.x and Ultrix file handle formats.

BUGS
Does not monitor FDDI interfaces. (It should be a simple change, but neither author has access to a system with FDDI interfaces for testing.)

LIMITATIONS
Up to 256 exported file systems and 256 individual files can be monitored at any time.

Only NFS requests are counted; the NFS traffic generated by a server in response to those packets is not counted.

HARDWARE REQUIRED
Any Ultrix system (VAX or DEC RISC hardware)

SOFTWARE REQUIRED
Ultrix release 4.0 or later. For Ultrix 4.1, may require the patched "if_ln.o" kernel module, available from Digital's Customer Support Center.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Copyrighted, but freely distributable. Available via anonymous FTP from harbor.ecn.purdue.edu,
ftp.erg.sri.com, and gatekeeper.dec.com, as well as numerous other sites around the Internet. The current version is Version 3.0 from January 1991.

Contact points:

        Dave Curry                              Jeff Mogul
        Purdue University                       Digital Equipment Corp.
        Engineering Computer Network            Western Research Laboratory
        1285 Electrical Engineering Bldg.       100 Hamilton Avenue
        West Lafayette, IN 47907-1285           Palo Alto, CA 94301
        davy@ecn.purdue.edu                     mogul@decwrl.dec.com

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Dave Curry (see address above).


Page 112

          Internet Tool Catalog                              NHFSSTONE

NAME
nhfsstone

KEYWORDS
benchmark, generator; NFS; spoof; UNIX; free.

ABSTRACT
Nhfsstone (pronounced n-f-s-stone, the "h" is silent) is an NFS benchmarking program. It is used on an NFS client to generate an artificial load with a particular mix of NFS operations. It reports the average response time of the server in milliseconds per call and the load in calls per second. The nhfsstone distribution includes a script, "nhfsnums" that converts test results into plot(5) format so that they can be graphed using graph(1) and other tools.

MECHANISM
Nhfsstone is an NFS traffic generator. It adjusts its calling patterns based on the client's kernel NFS statistics and the elapsed time. Load can be generated over a given time or number of NFS calls.

CAVEATS
Nhfsstone will compete for system resources with other applications.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED

4.xBSD-based UNIX


Page 113

AVAILABILITY
Available via anonymous FTP from bugs.cs.wisc.edu. Alternatively, Legato Systems will provide the program free of charge, if certain conditions are met. Send name and both email and U.S. mail addresses to: Legato Systems, Inc.
Nhfsstone
260 Sheridan Avenue
Palo Alto, California 94306

A mailing list is maintained for regular information and bug fixes: nhfsstone@legato.com or
uunet!legato.com!nhfsstone. To join the list: nhfsstone-request@legato.com or
uunet!legato.com!nhfsstone-request.


Page 114

          Internet Tool Catalog                                 NNSTAT

NAME
NNStat

KEYWORDS
manager, status, traffic; ethernet, IP; eavesdrop, NMS; UNIX; free.

ABSTRACT
NNStat is a collection of programs that provides an internet statistic collecting capability. The NNStat strategy for statistic collection is to collect traffic statistics via a promiscuous ethernet tap on the local networks, versus instrumenting the gateways. If all traffic entering or leaving a network or set of net- works traverses a local ethernet, then by stationing a statistic gathering agent on each local network a pro- file of network traffic can be gathered. Statistical data is retrieved from the local agents by a global manager.

A program called "statspy" performs the data gathering function. Essentially, statspy reads all packets on an ethernet interface and records all information of interest. Information of interest is gathered by exa- mining each packet and determining if the source or destination IP address is one that is being monitored, typically a gateway address. If so then the contents of the packet are examined to see if they match further criteria.

A program called "collect" performs global data collec- tion. It periodically polls various statspy processes in the domain of interest to retrieve locally logged statistical data.

The NNSTAT distribution comes with several sample awk programs which process the logged output of the collect program.

MECHANISM
Local agents (statspy processes) collect raw traffic data via a promiscuous ethernet tap. Statistical, fil- tered or otherwise reduced data is retrieved from the local agents by a global manager (the "collect" pro- cess).


Page 115

CAVEATS
None.

BUGS
Bug fixes, extensions, and other pointers are discussed in the electronic mail forum, bytecounters. To join, send a request to bytecounters-request@venera.isi.edu. Forum exchanges are archived in the file
bytecounters/bytecounters.mail, available via anonymous FTP from venera.isi.edu.

LIMITATIONS
NNStat presumes a topology of one or more long haul networks gatewayed to local ethernets.

A kernel mod required to run with SunOS4. These mods are described in the bytecounters archive.

HARDWARE REQUIRED
Ethernet interface. Sun 3, Sun 4 (SPARC), or PC RT workstation.

SOFTWARE REQUIRED
Distribution is for BSD UNIX, could easily be adapted to any UNIX with promiscuous ethernet support.

AVAILABILITY
Distribution is available via anonymous FTP from venera.isi.edu, in file pub/NNStat.tar.Z. Documenta- tion is in pub/NNStat.userdoc.ms.Z.


Page 116

          Internet Tool Catalog                               NOCOL(8)

NAME
nocol - network monitoring tools for an IP network

SYNOPSIS
This is an overview of the NOCOL software.

DESCRIPTION
NOCOL (Network Operations Center On-Line) is a collection of network monitoring programs that run on Unix systems. The software consists of a number of monitoring agents that poll various parameters from any system and put it in a format suitable for
post-processing. The post-processors can be a display agent, an automated troubleshooting program, an event logging program, etc. Presently, monitors for tracking reachability, SNMP traps, data throughput rate, and nameservers have been developed and are in use. Addition of more monitoring agents is easy and they will be added as necessary. A display agent- nocol(1) using curses has already been developed. Work on an "intelligent" module is currently in progress for event logging and some automatic troubleshooting.

All data collected by the monitoring agents follows a fixed (non-readable) format. Each data entry is termed an event in NOCOL, and each event has certain flags and severity associated with it. The display agent nocol(1), displays the output of these monitoring agents depending on the severity of the event. There can be multiple displays running simultanously and all process the same set of monitored data.

There are four levels of severity associated with an event- CRITICAL, ERROR, WARNING and INFO. The severity level is controlled independently by the monitoring agents, and the decision to raise or set an event's severity to any level depends on the logic imbedded in the monitoring agent.

As an example, for the pingmon(8) monitor, if a site is unreachable via ping, it would be assigned a severity of WARNING by pingmon, which would then elevate to CRITICAL if the site is still unreachable after some time. In the case of trapmon(8), an SNMP trap message of EGP neighbor lost would be directly assigned a severity level of CRITICAL, while an Warm Start trap is


Page 117

assigned a severity of WARNING.

The display agent (and other data post-processors) would use this event severity to decide whether to display it (or troubleshoot/log it) depending on the user selected display severity level.

The software is very flexible and allows enhancements and development with a minimum amount of effort. The display module processes all the files present in the data directory, and displays them sequentially. This allows new monitoring programs to simply start generating data in the data directory and the display module will automatically start displaying the new data. The monitoring tools can be changed, and the only element that has to remain common between all the modules is the EVENT data structure.

CURRENT MODULES
NOCOL presently consists of the following modules:

nocol
which simply displays the data collected by the monitoring agents. It uses the curses screen management system to support a wide variety of terminal types. The criterion for displaying an event is:

1. Severity level of the event is higher than the
severity level set in the display.

2. The display filter (if set) matches some string in
the event line.

The display can be in regular 80 column mode or in extended 132 column mode. Critical events are displayed in reverse video (if the terminal type supports it). Additional features like displaying informational messages in a part of the window, automatic resizing window sizes, operator
acknowledgement via a bell when a new event goes critical are also available.

ippingmon
which monitors the reachability of a site via "ICMP" ping packets (ICMP was preferred over SNMP for many obvious reasons). This program can use the default out- put from the system's ping program, but an accompanying program ( multiping) can ping multiple IP sites at the


Page 118

same time and is preferable for monitoring a large list of sites. A site is marked unreachable if a certain number of packets is lost, and the severity level is increased each time that the site tests unreachable.

osipingmon
which is similar to the ippingmon module but uses the OSI ping program instead. No multiple ping program for OSI sites has been developed at this time. The only requirement is that the system's ping program output match the typical BSD IP ping program's output.

nsmon
which monitors the nameservers (named) on the list of specified hosts. It periodically sends an SOA query for the default domain and if the queried nameservers cannot resolve the query, then the site is elevated to CRITICAL status.

tpmon
For monitoring the throughput (kbits per second) to a list of hosts. The program connects to the discard socket on the remote machine (using a STREAM socket) and sends large packets for a small amount of time to evaluate the effective throughput. It elevates a site to WARNING level if the throughput drops below a certain threshold (set in the configuration file).

trapmon
Converts all SNMP traps into a format suitable for displaying using NOCOL. The severity of the various traps is preset (and can be changed during compilation time).

PLATFORM
Any Unix system with the curses screen management library and IP (Internet Protocol) programming facility. It has been tested on Sun Sparc 4.1.1, Ultrix, and NeXT systems. Porting to other platforms might require minor adjustments depending on the vagaries of the different vendors (mostly in the include files).

AVAILABILITY
NOCOL was developed at JvNCnet and has been in use for monitoring the JvNCnet wide area network since 1989. It is available via anonymous FTP from ftp.jvnc.net under pub/jvncnet-packages/nocol.tar.Z. The system running at


Page 119

JvNCet can be viewed by logging into the host nocol.jvnc.net with username nocol (an rlogin instead of telnet will handle your X window terminal types better).
To be added to the NOCOL mailing list (for future updates and bug fixes), send a message to nocol-users-
request@jvnc.net with your email address.

FUTURE DEVELOPMENTS

Possible future enhancements are:

1. Event logging.

2. Addition of an automated troubleshooting mechanism
when a site severity level reaches a particular level.

3. SNMP monitors to watch the state of certain vari-
ables (interface errors, packet rate, route state changes).

AUTHOR
The software was developed at JvNCnet over a period of time. The overall design and initial development was done by Vikas Aggarwal and Sze-Ying Wuu. Additional development is being done and coordinated by Vikas Aggarwal (vikas@jvnc.net). Copyright 1992 JvNCnet. (See the file COPYRIGHT for full details)

SEE ALSO
nocol(1) nocol(3) tpmon(8) tsmon(8) nsmon(8)


Page 120

          Internet Tool Catalog                                   NPRV

NAME
NPRV -- IP Node/Protocol Reachability Verifier

KEYWORDS
map, routing, status; IP; ping; VMS; free.

ABSTRACT
NPRV is a full-screen, keypad-oriented utility that runs under VAX/VMS. It allows the user to quickly scan through a user-defined list of IP addresses (or domain names) and verify a node's reachability. The node's reachability is determined by performing an ICMP echo, UDP echo and a TCP echo at alternating three second intervals. The total number of packets sent and received are displayed, as well as the minimum, average and maximum round-trip times (in milliseconds) for each type of echo. Additionally, a "trace route" function is performed to determine the path from the local sys- tem to the remote host. Once all of the trace route information has filled the screen, a "snapshot" of the screen can be written to a text file. Upon exiting the utility, these text files can be used to generate a logical network map showing host and gateway intercon- nectivity.

MECHANISM
The ICMP echo is performed by sending ICMP ECHO REQUEST packets. The UDP and TCP echoes are performed by con- necting to the UDP/TCP echo ports (port number 7). The trace route information is compiled by sending alter- nating ICMP ECHO REQUEST packets and UDP packets with very large destination UDP port numbers (in two passes). Each packet is initially sent with a TTL (time to live) of 1. This should cause an ICMP TIME EXCEEDED error to be generated by the first routing gateway. Then each packet is sent with a TTL of 2. This should cause an ICMP TIME EXCEEDED error to be generated by the second routing gateway. Then each packet is sent with a TTL of 3, and so on. This pro- cess continues until an ICMP ECHO REPLY or UDP PORT UNREACHABLE is received. This indicates that the remote host has been reached and that the trace route information is complete.


Page 121

CAVEATS
This utility sends one echo packet per second (ICMP, UDP or TCP), as well as sending out one trace route packet per second. If a transmitted trace route packet is returned in less than one second, another trace route packet is sent in 100 milliseconds. This could cause a significant amount of contention on the local network.

BUGS
None known. Please report any discovered bugs to the author at:
Allen Sturtevant
National Magnetic Fusion Energy Computer Center Lawrence Livermore National Laboratory

P.O. Box 808; L-561
Livermore, CA 94550
Phone : (415) 422-8266
E-Mail: sturtevant@ccc.nmfecc.gov

LIMITATIONS
The user is required to have SYSPRV privilege to per- form the ICMP Echo and trace route functions. The utility will still run with this privilege disabled, but only the UDP Echo and TCP Echo information will be displayed. This utility is written in C, but unfor- tunately it cannot be easily ported over to UNIX since many VMS system calls are used and all screen I/O is done using the VMS Screen Management Routines.

HARDWARE REQUIRED
Any network interface supported by TGV Incorporated's MultiNet software.

SOFTWARE REQUIRED
VAX/VMS V5.1+ and TGV Incorporated's MultiNet version 2.0.

AVAILABILITY
For executables only, FTP to the ANONYMOUS account (password GUEST) on CCC.NMFECC.GOV (128.55.128.30) and GET the following files:

               [ANONYMOUS.PROGRAMS.NPRV]NPRV.DOC     (ASCII text)
               [ANONYMOUS.PROGRAMS.NPRV]NPRV.EXE     (binary)
               [ANONYMOUS.PROGRAMS.NPRV]SAMPLE.IPA   (ASCII text)


Page 122

        Internet Tool Catalog                               NSLOOKUP

NAME
nslookup

KEYWORDS
status; DNS, BIND; UNIX, VMS; free.

ABSTRACT
Nslookup is an interactive program for querying Internet Domain Name System (DNS) servers. It is essentially a user-friendly front end to
the BIND "resolver" library routines.

This program is useful for converting a hostname into an IP address (and vice versa), determining the name servers for a domain , listing
the contents of a domain, displaying any type of DNS record, such as MX, CNAME, SOA, etc.,
diagnosing name server problems.

By default, nslookup will query
the default name server but you can specify a different server on the command line or from a configuration file. You can also specify
different values for the options that control the resolver routines.

MECHANISM
The program formats, sends and receives DNS
(RFC 1034) queries.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None known.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.


Page 123

AVAILABILITY
NSLookup is included in the BIND distribution.

Available via anonymous FTP from uunet.uu.net, in directory /networking/ip/dns/bind. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP.


Page 124

          Internet Tool Catalog                               OSITRACE

NAME
OSITRACE

KEYWORDS
traffic; OSI; eavesdrop; UNIX; free.

ABSTRACT
OSITRACE is a network performance tool that displays information about ISO TP4 connections. One line of output is displayed for each packet indicating the time, source, destination, length, packet type, sequence number, credit, and any optional parameters contained in the packet. Numerous options are avail- able to control the output of OSITRACE.

To obtain packets to analyze, OSITRACE uses Sun Microsystems' Network Interface Tap (NIT) in SunOS 3.4, 3.5, and 4.0.X. OSITRACE may also obtain data from the NETMON utility which is described as another tool entry.

In Sun systems, OSITRACE may be easily installed: OSI kernel support is not needed, nor is any other form of OSI software support.

MECHANISM
This tool has been designed in such a way that code to process different protocol suites may be easily added. As such, OSITRACE also has the ability to trace the DOD TCP protocols.

CAVEATS
None.

BUGS
Bug reports and questions should be addressed to: ie- tools@gateway.mitre.org

Requests to join this mailing list: ie-tools- request@gateway.mitre.org

Questions and suggestions can also be directed to: Greg Hollingsworth, gregh@gateway.mitre.org

LIMITATIONS
None reported.


Page 125

          HARDWARE REQUIRED
               No restriction.

          SOFTWARE REQUIRED
               SunOS 3.4, 3.5, or 4.0.X, or BSD UNIX-like network pro-
               tocols with NETMON installed.

AVAILABILITY
OSITRACE is copyrighted by the MITRE-Washington Net- working Center, but freely distributed "as is." It re- quires retention of a copyright text in code derived from it. The distribution is available by anonymous FTP in pub/pdutrace.tar or pub/pdutrace.tar.Z from aelred-3.ie.org.


Page 126

          Internet Tool Catalog                               OVERVIEW

NAME
OverVIEW

KEYWORDS
manager, status; IP; NMS, SNMP; DOS.

ABSTRACT
Network and internet monitor; Performance monitor; Fully Graphic user interface; Event logging; TFTP boot server

MECHANISM
OverVIEW uses SNMP to query routers, gateways and hosts. Also supports SGMP, PING and is committed to CMIP/CMOT. The SNMP queries allow dynamic determina- tion of configuration and state. Sets of related queries allows monitoring of congestion and faults. The hardware and software are sold as an integrated package.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
256 nodes, 256 nets

HARDWARE REQUIRED
80286, 640K, EGA, mouse.

SOFTWARE REQUIRED
MS-DOS, OverVIEW, Network kernel, Mouse driver, SNMP agents for monitored devices.

AVAILABILITY
Fully supported product of Proteon, Inc. For more information, contact:

                   Proteon, Inc.             Phone: (508) 898-2800
                   2 Technology Drive        Fax:   (508) 366-8901
                   Westborough, MA  01581    Telex: 928124


Page 127

          Internet Tool Catalog                                   PING

NAME
ping

KEYWORDS
generator, status; IP; ping; DOS, UNIX, VMS; free.

ABSTRACT
Ping is perhaps the most basic tool for internet management. It verifies that a remote IP implementa- tion and the intervening networks and interfaces are functional. It can be used to measure round trip delay. Numerous versions of the ping program exist.

MECHANISM
Ping is based on the ICMP ECHO_REQUEST message.

CAVEATS
If run repeatedly, ping could generate high system loads.

BUGS
None known.

LIMITATIONS
PC/TCP's ping is the only implementation known support both loose and strict source routing. Though some ping implementations support the ICMP "record route" feature, the usefulness of this option for debugging routes is limited by the fact that many gateways do not correctly implement it.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
None.

AVAILABILITY
Ping is widely included in TCP/IP distributions. Pub- lic domain versions of ping are available via anonymous FTP from uunet.uu.net, in directory bsd-
sources/src/etc, and from venera.isi.edu, in directory pub.


Page 128

        Internet Tool Catalog                     PROCESS-TCPWARE-SNMP

NAME
SNMP agent

KEYWORDS
alarm, manager, status, traffic; IP; SNMP; VMS;.

ABSTRACT
The SNMP agent listens for and responds to network management requests sent from SNMP-conforming network management stations. The SNMP agent also sends SNMP traps, under specific conditions, to identified trap receivers. SNMP communities and generation of traps are fully configurable. The SNMP agent supports all MIB-II variables except the EGP group.

MECHANISM
Network management variables are made available for inspection and/or alteration by means of the Simple Network Management Protocol (SNMP).

CAVEATS
None.

BUGS
No known bugs.

LIMITATIONS
Does not yet provide the ability for sites to add extra MIB definitions.

HARDWARE REQUIRED
Supported VAX processors.

SOFTWARE REQUIRED
VMS V4 or later

AVAILABILITY
The SNMP agent is included in TCPware for VMS, a commercial product available under license from: Process Software Corporation
959 Concord Street
Framingham, MA 01701

                        +1 800 722 7770, +1 508 879 6994 (voice)
                        +1 508 879-0042 (FAX)   TELEX 517891
                        sales@process.com


Page 129

        Internet Tool Catalog                                 PROXYD

NAME
proxyd -- SNMP proxy agent daemons from SNMP Research.

KEYWORDS
control, management, status;
bridge, Ethernet, IP, OSI, ring, star;
NMS, SNMP;
UNIX;
library, sourcelib.

ABSTRACT
SNMP proxy agents may be used to permit the monitoring and controlling of network elements which are otherwise not addressable using the SNMP management protocol (e.g., a network bridge that implements a proprietary management protocol). Similarly, SNMP proxy agents may be used to protect SNMP agents from redundant network management agents through the use of caches. Finally, SNMP proxy agents may be used to implement elaborate MIB access policies.

The proxy agent daemon:

                - listens for SNMP queries and commands from logically
                  remote network management stations,
                - translates and retransmits those as appropriate
                  network management queries or cache lookups,
                - listens for and parses the responses,
                - translates the responses into SNMP responses, and
                - returns those responses as SNMP messages to the
                  network management station that originated the
                  transaction.

The proxy agent daemon also emits SNMP traps to identified trap receivers. The proxy agent daemon is designed to make the addition of additional vendor- specific variables a straight-forward task. The proxy application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages and a set of command line utilities.

MECHANISM
Network management variables are made available for inspection and/or alteration by means of the Simple Network Management Protocol (SNMP).


Page 130

CAVEATS
None.

BUGS
None known.

LIMITATIONS
This application is a template for proxy application writers.

Only a few of the many LanBridge 100 variables are supported.

HARDWARE REQUIRED
System from Sun Microsystems, Incorporated.

SOFTWARE REQUIRED
Sun OS 3.5 or 4.x.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 131

        Internet Tool Catalog                   PROXYD_SNMP_RESEARCH

NAME
proxyd -- SNMP proxy agent daemons from SNMP Research.

KEYWORDS
control, management, status;
bridge, Ethernet, IP, OSI, ring, star;
NMS, SNMP;
UNIX;
library, sourcelib.

ABSTRACT
SNMP proxy agents may be used to permit the monitoring and controlling of network elements which are otherwise not addressable using the SNMP management protocol (e.g., a network bridge that implements a proprietary management protocol). Similarly, SNMP proxy agents may be used to protect SNMP agents from redundant network management agents through the use of caches. Finally, SNMP proxy agents may be used to implement elaborate MIB access policies.

The proxy agent daemon:

                - listens for SNMP queries and commands from logically
                  remote network management stations,
                - translates and retransmits those as appropriate
                  network management queries or cache lookups,
                - listens for and parses the responses,
                - translates the responses into SNMP responses, and
                - returns those responses as SNMP messages to the
                  network management station that originated the
                  transaction.

The proxy agent daemon also emits SNMP traps to identified trap receivers. The proxy agent daemon is designed to make the addition of additional vendor- specific variables a straight-forward task. The proxy application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages and a set of command line utilities.

MECHANISM
Network management variables are made available for inspection and/or alteration by means of the Simple Network Management Protocol (SNMP).


Page 132

CAVEATS
None.

BUGS
None known.

LIMITATIONS
This application is a template for proxy application writers.

Only a few of the many LanBridge 100 variables are supported.

HARDWARE REQUIRED
System from Sun Microsystems, Incorporated.

SOFTWARE REQUIRED
Sun OS 3.5 or 4.x.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing
(615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 133

          Internet Tool Catalog                                  QUERY

NAME
query, ripquery

KEYWORDS
routing; IP; spoof; UNIX; free.

ABSTRACT
Query allows remote viewing of a gateway's routing tables.

MECHANISM
Query formats and sends a RIP request or POLL command to a destination gateway.

CAVEATS
Query is intended to be used a a tool for debugging gateways, not for network management. SNMP is the pre- ferred protocol for network management.

BUGS
None known.

LIMITATIONS
The polled gateway must run RIP.

HARDWARE REQUIRED
No restriction.

SOFTWARE REQUIRED

4.3BSD UNIX or related OS.

AVAILABILITY
Available with routed and gated distributions.

Routed may be obtained via anonymous FTP from uunet.uu.net, in file bsd-
sources/src/network/routed.tar.Z.

Gated may be obtained via anonymous FTP from
devvax.tn.cornell.edu. Distribution files are in directory pub/gated.


Page 134

        Internet Tool Catalog                                SAS-CPE

NAME
SAS/CPE(tm) for Open Systems Software

KEYWORDS
manager, status;
bridge, ethernet, FDDI, IP, OSI, NFS;
X;
DOS, HP, UNIX;
library.

ABSTRACT
SAS/CPE(tm) for Open Systems software is an integrated system designed to facilitate the analysis and presentation of computer performance and resource utilization data. SAS/CPE software features include:

. Processing of raw computer and network performance data into detail-level SAS data sets.
. Conversion and validation of logged data values to forms more useful for display and analysis (e.g., I/O counts are converted to I/O rates per second).
. Numerous sample reports on performance data processed by SAS/CPE software.
. Reduction of logged performance data into daily, weekly, monthly or yearly summarized values.
. Menu-driven interface to the creation and management of multiple performance data bases.
. Menu-driven report designing interface that allows users with no programming knowledge to create and manage custom reports from their performance data base. No SAS coding is needed for this interface.

MECHANISM
SAS/CPE for Open Systems processes and reports data from SNMP and other proprietary monitoring protocols, as well as du and accounting.

CAVEATS
The product is currently in alpha testing.

BUGS
None known.

LIMITATIONS
None reported.


Page 135

        HARDWARE REQUIRED
                HP, SUN or IBM Workstation

SOFTWARE REQUIRED
The SAS(r) System Base Software, SAS/GRAPH Software and SAS/CPE for Open System Software

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL SAS/CPE for Open Systems Software is available from: SAS Institute Inc.
SAS Campus Drive
Cary, NC 27513
Phone 919-677-8000
FAX 919-677-8123

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Send email to snodjs@mvs.sas.com.


Page 136

          Internet Tool Catalog                                SNIFFER

NAME
Sniffer

KEYWORDS
analyzer, generator, traffic; DECnet, ethernet, IP, NFS, OSI, ring, SMTP, star; eavesdrop; standalone.

ABSTRACT
The Network General Sniffer is a protocol analyzer for performing LAN diagnostics, monitoring, traffic genera- tion, and troubleshooting. The Sniffer protocol analyzer has the capability of capturing every packet on a network and of decoding all seven layers of the OSI protocol model. Capture frame selection is based on several different filters: protocol content at lower levels; node addresses; pattern matching (up to 8 logically-related patterns of 32 bytes each); and des- tination class. Users may extend the protocol interpretation capability of the Sniffer by writing their own customized protocol interpreters and linking them to the Sniffer software.

The Sniffer displays network traffic information and performance statistics in real time, in user-selectable formats. Numeric station addresses are translated to symbolic names or manufacturer ID names. Network activities measured include frames accepted, Kbytes accepted, and buffer use. Each network version has additional counters for activities specific to that network. Network activity is expressed as
frames/second, Kbytes/second, or per cent of network bandwidth utilization.

Data collection by the Sniffer may be output to printer or stored to disk in either print-file or spread-sheet format.

Protocol suites understood by the Sniffer include: Banyan Vines, IBM Token-Ring, Novell Netware, XNS/MS- Net (3Com 3+), DECnet, TCP/IP (including SNMP and applications-layer protocols such as FTP, SMTP, and TELNET), X Windows (for X version 11), NFS, and several SUN proprietary protocols (including mount, pmap, RPC, and YP). Supported LANs include: ethernet, Token-ring (4Mb and 16Mb versions), ARCNET, StarLAN, IBM PC Net- work (Broadband), and Apple Localtalk Network.


Page 137

MECHANISM
The Sniffer is a self-contained, portable protocol analyzer that require only AC line power and connection to a network to operate. Normally passive (except when in Traffic Generator mode), it captures images of all or of selected frames in a working buffer, ready for immediate analysis and display.

The Sniffer is a standalone device. Two platforms are available: one for use with single network topologies, the other for use with multi-network topologies. Both include Sniffer core software, a modified network interface card (or multiple cards), and optional proto- col interpreter suites.

All Sniffer functions may be remotely controlled from a modem-connected PC. Output from the Sniffer can be imported to database or spreadsheet packages.

CAVEATS
In normal use, the Sniffer is a passive device, and so will not adversely effect network performance. Perfor- mance degradation will be observed, of course, if the Sniffer is set to Traffic Generator mode and connected to an active network.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
None. The Sniffer is a self-contained unit, and includes its own interface card. It installs into a network as would any normal workstation.

SOFTWARE REQUIRED
None.


Page 138

AVAILABILITY
The Sniffer is available commercially. For information on your local representative, call or write:
Network General Corporation
4200 Bohannon Drive
Menlo Park, CA 94025
Phone: 415-688-2700
Fax: 415-321-0855

For acquisition by government agencies, the Sniffer is included on the GSA schedule.


Page 139

          Internet Tool Catalog                   SNMP_DEVELOPMENT_KIT

NAME
The SNMP Development Kit

KEYWORDS
manager, status; IP; NMS, SNMP; UNIX; free, sourcelib.

ABSTRACT
The SNMP Development Kit comprises C Language source code for a programming library that facilitates access to the management services of the SNMP (RFC 1098). Sources are also included for a few simple client applications whose main purpose is to illustrate the use of the library. Example client applications query remote SNMP agents in a variety of modes, and generate or collect SNMP traps. Code for an example SNMP agent that supports a subset of the Internet MIB (RFC 1066) is also included.

MECHANISM
The Development Kit facilitates development of SNMP- based management applications -- both clients and agents. Example applications execute SNMP management operations according to the values of command line arguments.

CAVEATS
None.

BUGS
Fixed in the next release.

LIMITATIONS
None reported.

HARDWARE REQUIRED
The SNMP library source code is highly portable and runs on a wide range of platforms.

SOFTWARE REQUIRED
The SNMP library source code has almost no operating system dependencies and runs in a wide range of environments. Certain portions of the example SNMP agent code are specific to the 4.3BSD implementation of the UNIX system for the DEC MicroVAX.


Page 140

AVAILABILITY
The Development Kit is available via anonymous FTP from host allspice.lcs.mit.edu. The copyright for the Development Kit is held by the Massachusetts Institute of Technology, and the Kit is distributed without charge according to the terms set forth in its code and documentation. The distribution takes the form of a UNIX tar file.

Bug reports, questions, suggestions, or complaints may be mailed electronically to snmp-dk@ptt.lcs.mit.edu, although no response in any form is guaranteed. Dis- tribution via UUCP mail may be arranged by contacting the same address. Requests for hard-copy documentation or copies of the distribution on magnetic media are never honored.


Page 141

        Internet Tool Catalog           SNMP_Libraries_SNMP_RESEARCH

NAME
SNMP Libraries and Utilities from SNMP Research.

KEYWORDS
alarm, control, manager, map, security, status; bridge, DECnet, Ethernet, FDDI, IP, OSI, ring, star; NMS, SNMP;
DOS, UNIX, VMS;
sourcelib.

ABSTRACT
The SNMP Libraries and Utilities serve two purposes:

                1)   to act as building blocks for the construction of
                     SNMP-based agent and manager applications; and

                2)   to act as network management tools for network
                     fire fighting and report generation.

The libraries perform ASN.1 parsing and generation tasks for both network management station applications and network management agent applications. These libraries hide the details of ASN.1 parsing and generation from application writers and make it unnecessary for them to be expert in these areas. The libraries are very robust with considerable error checking designed in. The several command line utilities include applications for retrieving one or many variables, retrieving tables, or effecting commands via the setting of remote network management variables.

MECHANISM
The parsing is performed via recursive descent methods. Messages are passed via the Simple Network Management Protocol (SNMP).

CAVEATS
None.

BUGS
None known.

LIMITATIONS
The monitored and managed nodes must implement the SNMP over UDP per RFC 1157 or must be reachable via a proxy agent.


Page 142

        HARDWARE REQUIRED
                This software has been ported to numerous platforms
                including workstations, general-purpose timesharing
                systems, and embedded hardware in intelligent network
                devices such as repeaters, bridges, and routers.

SOFTWARE REQUIRED
C compiler, TCP/IP library.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 143

        Internet Tool Catalog      SNMP_PACKAGED_AGENT_SNMP_RESEARCH

NAME
SNMP Packaged Agent System -- an SNMP host/gateway agent daemon including a complete protocol stack and runtime environment required to support an SNMP Agent from SNMP Research.

KEYWORDS
control, manager, status;
bridge, Ethernet, FDDI, IP, OSI, ring, star; NMS, SNMP;
DOS, standalone, UNIX;
sourcelib.

ABSTRACT
The snmpd agent daemon listens for and responds to network management queries and commands from logically remote network management stations. The agent daemon also emits SNMP traps to identified trap receivers. The agent daemon is designed to make the addition of additional vendor-specific variables a
straight-forward task. The snmpd application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages and a set of command line utilities.

The Packaged Agent System is designed to aid the hardware manufacturer who is not experienced with the TCP/IP protocol suite. A lightweight, non-preemptive scheduler/tasking system for faster execution and less impact on slow CPUs is included in the package. Development environment is either MS DOS or UNIX.

MECHANISM
Network management variables are made available for inspection and/or alteration by means of the Simple Network Management Protocol (SNMP).

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.


Page 144

        HARDWARE REQUIRED
                The Motorola 68XXX and the Intel 8088 and X86
                platforms are fully supported.  Other platforms can be
                supported.  Contact SNMP Research for details.

This software has been ported to numerous platforms including workstations, general-purpose timesharing systems, and embedded hardware in intelligent network devices such as repeaters, bridges, and routers.

SOFTWARE REQUIRED
C compiler.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 145

        Internet Tool Catalog                    SNMPD_SNMP_RESEARCH

NAME
snmpd -- an SNMP host/gateway agent daemon from SNMP Research.

KEYWORDS
control, mananger, status;
bridge, Ethernet, FDDI, IP, OSI, ring, star; NMS, SNMP;
DOS, UNIX;
sourcelib.

ABSTRACT
The snmpd agent daemon listens for and responds to network management queries and commands from logically remote network management stations. The agent daemon also emits SNMP traps to identified trap receivers. The agent daemon is architected to make the addition of additional vendor-specific variables a straight-forward task. The snmpd application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages and a set of command line utilities.

MECHANISM
Network management variables are made available for inspection and/or alteration by means of the Simple Network Management Protocol (SNMP).

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Only operating system variables available without source code modifications to the operating system and device device drivers are supported.

HARDWARE REQUIRED
This software has been ported to numerous platforms including workstations, general-purpose timesharing systems, and embedded hardware in intelligent network devices such as repeaters, bridges, and routers.


Page 146

        SOFTWARE REQUIRED
                C compiler.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 147

          Internet Tool Catalog                          SPIDERMONITOR

NAME
SpiderMonitor P220, K220 and
SpiderAnalyzer P320, K320

KEYWORDS
alarm, analyzer, generator, traffic; DECnet, ethernet, IP, OSI; eavesdrop; standalone; sourcelib.

ABSTRACT
The SpiderMonitor and SpiderAnalyzer are protocol analyzers for performing ethernet LAN diagnostics, mon- itoring, traffic generation, and troubleshooting. The SpiderMonitor has the capability of capturing every packet on a network and of decoding the first four layers of the OSI protocol model. The SpiderAnalyzer has additional software for decoding higher protocol layers. Protocol suites understood: TCP/IP (including SNMP and applications-layer protocols), OSI, XNS, DEC- net and IPX. User-definable decodes can be written in 'C' with the Microsoft version 5.0 'C' compiler. A decode guide is provided.

The SpiderAnalyzer supports multiple simultaneous filters for capturing packets using predefined patterns and error states. Filter patterns can also trigger on NOT matching 1 or more filters, an alarm, or a speci- fied time.

The SpiderAnalyzer can also employ TDR (Time Domain Reflectometry) to find media faults, open or short cir- cuits, or transceiver faults. It can transmit OSI, XNS, and Xerox link-level echo packets to user- specified stations, performs loop round tests.

In traffic generation mode, the SpiderAnalyzer has the ability to generate packets at random intervals of ran- dom lengths or any combination of random or fixed interval or length, generation of packets with CRC errors, or packets that are too short, or packets that are too long.

Output from the SpiderMonitor/Analyzer can be imported to database or spreadsheet packages.


Page 148

MECHANISM
The SpiderMonitor and Spider Analyzer are available as stand-alone, IBM PC compatible packages based upon a Compaq III portable system, or as a plug-in boards for any IBM XT/AT compatible machine. The model 220 (Spi- derMonitor) systems provide a functional base suited for most network management needs. The model 320 (Spi- derAnalyzer) systems provide extended functionality in the development mode and traffic generation mode as well more filtering capabilities than the 220 models.

CAVEATS
Traffic generation will congest an operational ether- net.

BUGS
None known.

LIMITATIONS
Monitoring of up to 1024 stations and buffering of up to 1500 packets. The model 220 provides for 3 filters with a filter depth of 46 bytes. The model 320 pro- vides for 4 filters and a second level of filtering with a filter depth of 64 bytes.

HARDWARE REQUIRED
PX20s are self contained, the KX20s require an IBM PC/XT-AT compatible machine with 5 megabytes of hard disk storage and the spare slot into which the board kit is plugged.

SOFTWARE REQUIRED
None. The SpiderAnalyzer requires the Microsoft 'C' Compiler, Version 5.0 for writing user defined decodes.

AVAILABILITY
The SpiderMonitor/Analyzer is available commercially. For information on your local representative, call or write:
Spider Systems, Inc.
12 New England Executive Park
Burlington, MA 01803
Telephone: 617-270-3510

                    FAX:        617-270-9818


Page 149

        Internet Tool Catalog                                  SPIMS

NAME
SPIMS -- the Swedish Institute of Computer Science (SICS) Protocol Implementation Measurement System tool.

KEYWORDS
benchmark, debugger; IP, OSI; spoof; UNIX.

ABSTRACT
SPIMS is used to measure the performance of protocol and "protocol-like" services including response time (two-way delay), throughput and the time to open and close connections. It has been used to:

  • benchmark alternative protocol implementations,

  • observe how performance varies when parameters in specific implementations have been varied (i.e., to tune parameters).

SPIMS currently has interfaces to the DoD Internet Pro- tocols: UDP, TCP, FTP, SunRPC, the OSI protocols from the ISODE 4.0 distribution package: FTAM, ROSE, ISO TP0 and to Sunlink 5.2 ISO TP4 as well as Stanford's VMTP. Also available are a rudimentary set of benchmarks, stubs for new protocol interfaces and a user manual.

For an example of the use of SPIMS to tune protocols, see:
Nordmark & Cheriton, "Experiences from VMTP: How to achieve low response time," IFIP WG6.1/6.4: Protocols for High-Speed Networks, May 1989, Zurich. To be published.

For an example of how SPIMS can be used to benchmark protocols, see:

Gunningberg, Bjorkman, Nordmark, Sjodin, Pink & Stromqvist "Application Protocols and Performance Benchmarks", IEEE Communications Magazine, June 1989, Vol. 27, No.6, pp 30-36.

Sjodin, Gunningberg, Nordmark, & Pink, "Towards Protocol Benchmarks', IFIP WG6.1/6.4 Protocols for High-Speed Networks, May 1989, Zurich, pp 57-67


Page 150

MECHANISM
SPIMS runs as user processes and uses a TCP connection for measurement set-up. Measurements take place between processes over the measured protocol. SPIMS generates messages and transfers them via the measured protocol service according to a user-supplied specifi- cation. SPIMS has a unique measurement specification language that is used to specify a measurement session. In the language there are constructs for different application types (e.g., bulk data transfer), for specifying frequency and sequence of messages, for dis- tribution over message sizes and for combining basic specifications. These specifications are independent of both protocols and protocol implementations and can be used for benchmarking. For more details on the internals of SPIMS, see:

Nordmark & Gunningberg, "SPIMS: A Tool for Protocol Implementation Performance Measurements" Proc. of 13:th Conf. on Local Computer Networks, Minneapolis 1989, pp 222-229.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
SPIMS is implemented on UNIX, including SunOS 4., 4.3BSD UNIX, DN (UNIX System V, with extensions) and Ultrix 2.0/3.0. It requires a TCP connection for meas- urement set-up. No kernel modifications or any modifi- cations to measured protocols are required.


Page 151

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL SPIMS is not in the public domain and the software is covered by licenses. Use of the SPIMS software represents acceptance of the terms and conditions of the licenses.
The licenses are enclosed in the distribution package. Licenses and SPIMS cover letter can also be obtained via an Internet FTP connection without getting the whole software. The retrieval procedure is identical to the below university distribution via FTP. The file to retrieve is pub/spims-dist/licenses.tar.Z

There are two different distribution classes depending on requesting organization:

1. Universities and non-profit organizations.

To these organizations, SPIMS source code is distributed free of charge. There are two ways to get the software:

1. FTP.
If you have an Internet FTP connection, you can use anonymous FTP to sics.se
[192.16.123.90], and retrieve the file pub/spims-dist/dist910304.tar.Z
(this is a .6MB compressed tar image) in BINARY mode. Log in as user anonymous and at the password prompt, use your complete electronic mail address.

2. On a Sun 1/4-inch cartridge tape.
For mailing, a handling fee of US$150.00 will be charged. Submit a bank check with the request. Do not send tapes or envelopes.

2. Commercial organizations.

These organizations can chose between a license for commercial use, or a license for internal research only and no commercial use whatsoever.

For internal research use only:

The SPIMS source code is distributed for a one time fee of US$500.00. Organizations interested in the research prototype need to contact us via e-mail and briefly motivate why they qualify (non-commercial use) for the


Page 152

research prototype.
They will thereafter get a permission to obtain a copy from the same distribution source as for universities.

Commercial use:

A commercial version of SPIMS will eventually be distributed and supported by a commercial partner. nIn the meantime we will distribute the research prototype (source code) to interested organizations without any guaranty or support. Contact SICS for further information.

For more information about the research prototype distribution and about a commercial license, contact:

Swedish Institute of Computer Science Att: Birgitta Klingenberg

P.O. Box 1263
S-164 28 Kista
SWEDEN

e-address: spims@sics.se
Phone: +46-8-7521500, Fax: +46-8-7517230

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Bengt Ahlgren
Swedish Institute of Computer Science
Box 1263
S-164 28 KISTA, SWEDEN

Email: bengta@sics.se

                Tel:    +46 8 752 1562 (direct)
                  or    +46 8 752 1500
                Fax:    +46 8 751 7230


Page 153

          Internet Tool Catalog                              SPRAY_SUN

NAME
spray

KEYWORDS
benchmark, generator; IP; ping; UNIX.

ABSTRACT
Spray is a traffic generation tool that generates RPC or UDP packets, or ICMP Echo Requests. The packets are sent to a remote procedure call application at the des- tination host. The count of received packets is retrieved from the remote application after a certain number of packets have been transmitted. The differ- ence in packets received versus packets sent represents (on a LAN) the packets that the destination host had to drop due to increasing queue length. A measure of throughput relative to system speed and network load can thus be obtained.

MECHANISM
See above.

CAVEATS
Spray can congest a network.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
SunOS

AVAILABILITY
Supplied with SunOS.


Page 154

          Internet Tool Catalog                                TCPDUMP

NAME
tcpdump

KEYWORDS
traffic; ethernet, IP, NFS; UNIX, VMS; free.

ABSTRACT
Tcpdump can interpret and print headers for the follow- ing protocols: ethernet, IP, ICMP, TCP, UDP, NFS, ND, ARP/RARP, AppleTalk. Tcpdump has proven useful for examining and evaluating the retransmission and window management operations of TCP implementations.

MECHANISM
Much like etherfind, tcpdump writes a log file of the frames traversing an ethernet interface. Each output line includes the time a packet is received, the type of packet, and various values from its header.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Public domain version requires a kernel patch for SunOS. TCPware for VMS - currently interprets headers for IP, TCP, UDP, and ICMP only.

HARDWARE REQUIRED
Any Ultrix system (VAX or DEC RISC hardware)

SOFTWARE REQUIRED
Ultrix release 4.0 or later. For Ultrix 4.1, may require the patched "if_ln.o" kernel module, available from Digital's Customer Support Center.


Page 155

AVAILABILITY
Available, though subject to copyright restrictions, via anonymous FTP from ftp.ee.lbl.gov. The source and documentation for the tool is in compressed tar format, in file tcpdump.tar.Z. Also available from
spam.itstd.sri.com, in directory pub. For VMS hosts with DEC ethernet controllers, available as part of TGV MultiNet IP software package and TCPware for VMS from Process Software Corporation.


Page 156

          Internet Tool Catalog                              TCPLOGGER

NAME
tcplogger

KEYWORDS
traffic; IP; eavesdrop; UNIX; free.

ABSTRACT
Tcplogger consists of modifications to the 4.3BSD UNIX source code, and a large library of post-processing software. Tcplogger records timestamped information from TCP and IP packets that are sent and received on a specified connection. For each TCP packet, information such as sequence number, acknowledgement sequence number, packet size, and header flags is recorded. For an IP packet, header length, packet length and TTL values are recorded. Customized use of the TCP option field allows the detection of lost or duplicate pack- ets.

MECHANISM
Routines of 4.3BSD UNIX in the netinet directory have been modified to append information to a log in memory. The log is read continuously by a user process and written to a file. A TCP option has been added to start the logging of a connection. Lots of post- processing software has been written to analyze the data.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
To get a log at both ends of the connection, the modi- fied kernel should be run at both the hosts.

All connections are logged in a single file, but software is provided to filter out the record of a sin- gle connection.

HARDWARE REQUIRED
No restrictions.


Page 157

          SOFTWARE REQUIRED
               4.3BSD UNIX (as modified for this tool).

AVAILABILITY
Free, although a 4.3BSD license is required. Contact Olafur Gudmundsson (ogud@cs.umd.edu).


Page 158

          Internet Tool Catalog                      TOKENVIEW_PROTEON

NAME
TokenVIEW

KEYWORDS
control, manager, status; ring; NMS, proprietary; DOS.

ABSTRACT
Network Management tool for 4/16 Mbit IEEE 802.5 Token Ring Networks. Monitors active nodes and ring errors. Maintains database of nodes, wire centers and their connections. Separate network management ring allows remote configuration of wire centers.

MECHANISM
A separate network management ring used with Proteon Intelligent Wire Centers allows wire center configura- tion information to be read and modified from a single remote workstation. A log of network events used with a database contain nodes, wire centers and their con- nections, facilitates tracking and correction of net- work errors. Requires an "E" series PROM, sold with package.

CAVEATS
Currently, only ISA bus cards support the required E series PROM.

BUGS
None known.

LIMITATIONS
256 nodes, 1 net.

HARDWARE REQUIRED
512K RAM, CGA or better, hard disk, mouse supported.

SOFTWARE REQUIRED
MS-DOS, optional mouse driver

AVAILABILITY
Fully supported product of Proteon, Inc. Previously sold as Advanced Network Manager (ANM). For more in- formation, contact:

                   Proteon, Inc.             Phone: (508) 898-2800
                   2 Technology Drive        Fax:   (508) 366-8901
                   Westborough, MA  01581    Telex: 928124


Page 159

          Internet Tool Catalog                             TRACEROUTE

NAME
traceroute

KEYWORDS
routing; IP; ping; UNIX, VMS; free.

ABSTRACT
Traceroute is a tool that allows the route taken by packets from source to destination to be discovered. It can be used for situations where the IP record route option would fail, such as intermediate gateways dis- carding packets, routes that exceed the capacity of an datagram, or intermediate IP implementations that don't support record route. Round trip delays between the source and intermediate gateways are also reported allowing the determination of individual gateways con- tribution to end-to-end delay.

Enhanced versions of traceroute have been developed that allow specification of loose source routes for datagrams. This allows one to investigate the return path from remote machines back to the local host.

MECHANISM
Traceroute relies on the ICMP TIME_EXCEEDED error reporting mechanism. When an IP packet is received by an gateway with a time-to-live value of 0, an ICMP packet is sent to the host which generated the packet. By sending packets to a destination with a TTL of 0, the next hop can be identified as the source of the ICMP TIME EXCEEDED message. By incrementing the TTL field the subsequent hops can be identified. Each packet sent out is also time stamped. The time stamp is returned as part of the ICMP packet so a round trip delay can be calculated.

CAVEATS
Some IP implementations forward packets with a TTL of 0, thus escaping identification. Others use the TTL field in the arriving packet as the TTL for the ICMP error reply, which delays identification.

Sending datagrams with the source route option will cause some gateways to crash. It is considered poor form to repeat this behavior.


Page 160

BUGS
None known.

LIMITATIONS
Most versions of UNIX have errors in the raw IP code that require kernel mods for the standard version of traceroute to work. A version of traceroute exists that runs without kernel mods under SunOS 3.5 (see below), but it only operates over an ethernet inter- face.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.

AVAILABILITY
Available by anonymous FTP from ftp.ee.lbl.gov, in file traceroute.tar.Z. It is also available from
uc.msc.umn.edu.

A version of traceroute that supports Loose Source Record Route, along with the source code of the required kernel modifications and a Makefile for installing them, is available via anonymous FTP from zerkalo.harvard.edu, in directory pub, file
traceroute_pkg.tar.Z.

A version of traceroute that runs under SunOS 3.5 and does NOT require kernel mods is available via anonymous FTP from dopey.cs.unc.edu, in file
~ftp/pub/traceroute.tar.Z.

For VMS, traceroute is available as part of TGV Mul- tiNet IP software package.


Page 161

          Internet Tool Catalog                                   TRPT

NAME
TRPT -- transliterate protocol trace

KEYWORDS
traffic; IP; eavesdrop; UNIX; free.

ABSTRACT
TRPT displays a trace of a TCP socket events. When no options are supplied, TRPT prints all the trace records found in a system, grouped according to TCP connection protocol control block (PCB).

An example of TRPT output is:

38241 ESTABLISHED:input
[e0531003..e0531203)@6cc5b402(win=4000)<ACK> -> ESTA- BLISHED
38241 ESTABLISHED:user RCVD -> ESTABLISHED
38266 ESTABLISHED:output
6cc5b402@e0531203(win=4000)<ACK> -> ESTABLISHED 38331 ESTABLISHED:input
[e0531203..e0531403)@6cc5b402(win=4000)<ACK,FIN,PUSH>

               -> CLOSE_WAIT
               38331 CLOSE_WAIT:output
               6cc5b402@e0531404(win=3dff)<ACK> -> CLOSE_WAIT
               38331 CLOSE_WAIT:user RCVD -> CLOSE_WAIT
               38343 LAST_ACK:output
               6cc5b402@e0531404(win=4000)<ACK,FIN> -> LAST_ACK
               38343 CLOSE_WAIT:user DISCONNECT -> LAST_ACK
               38343 LAST_ACK:user DETACH -> LAST_ACK

MECHANISM
TRPT interrogates the buffer of TCP trace records that is created when a TCP socket is marked for debugging.

CAVEATS
Prior to using TRPT, an analyst should take steps to isolate the problem connection and find the address of its protocol control blocks.

BUGS
None reported.


Page 162

LIMITATIONS
A socket must have the debugging option set for TRPT to operate. Another problem is that the output format of TRPT is difficult.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS.

AVAILABILITY
Included with BSD and SunOS distributions. Available via anonymous FTP from uunet.uu.net, in file bsd- sources/src/etc/trpt.tar.Z.


Page 163

          Internet Tool Catalog                                   TTCP

NAME
TTCP

KEYWORDS
benchmark, generator; IP; ping; UNIX, VMS; free.

ABSTRACT
TTCP is a traffic generator that can be used for test- ing end-to-end throughput. It is good for evaluating TCP/IP implementations.

MECHANISM
Cooperating processes are started on two hosts. The open a TCP connection and transfer a high volume of data. Delay and throughput are calculated.

CAVEATS
Will greatly increase system load.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
No restrictions.

SOFTWARE REQUIRED
BSD UNIX or related OS, or VMS.

AVAILABILITY
Source for BSD UNIX is available via anonymous FTP from vgr.brl.mil, in file ftp/pub/ttcp.c, and from sgi.com, in file sgi/src/ttcp.c. A version of TTCP has also been submitted to the USENET news group
comp.sources.unix. For VMS, ttcp.c is included in the MultiNet Programmer's Kit, a standard feature of TGV MultiNet IP software package.


Page 164

          Internet Tool Catalog                         UNISYS-PARAMAX

NAME
Paramax Network Security Server

KEYWORDS
alarm, control, manager, security, status;
ethernet, FDDI, IP; X; UNIX.

ABSTRACT
The Paramax Network Security Server (NSS) is a security officer's tool for centralized security management of TCP/IP-based networks. The NSS provides capability for collection, on-line storage,
maintenance, and correlation of audit data from hosts, workstations, servers, and network devices. Through the X window based user interface, a security officer can review and analyze this audit data at the NSS, select and request filtered portions of host audit data, and receive and analyze security alerts from across the network. The NSS supports centralized access control of network resources through its capability to create and update user and host access permissions data. The user access permissions data identifies network addresses that each user is permitted to access. The host access permissions data identifies network addresses between which
communication is permitted. The NSS supports centralized management of user authentication data (user IDs and passwords) and other user data for use by hosts, workstations, and servers in the network. It generates pseudo-random pronounceable passwords for selection and assignment to users by the security officer.

The NSS deadman timer locks the NSS screen or logs the security officer off the NSS after periods of inactivity. A biometric authentication device is optional for rigorous fingerprint authentication of users at the NSS, and logins to the NSS itself are permitted only at the console. The NSS currently provides centralized security management for a System High Network. It is being upgraded for a Compartmented Mode environment.


Page 165

MECHANISM
The NSS uses the Audit Information Transfer Protocol (AITP) for the transfer of security alerts and audit data. AITP is NOT proprietary, and the specification is available from the address listed below. Access to the NSS audit database is provided via the Structured Query Language (SQL).

CAVEATS
None.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Hardware required is a Sun 4 (SPARCStation) with a color monitor, at least 600 MB disk, and 150 MB 1/4" cartridge tape drive.

SOFTWARE REQUIRED
SunOS Version 4.1.1 running the Sun OpenWindows X windowing environment and the SYBASE Relational Data Base Management System.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL Commercially available from:
Paramax Systems Corporation
5151 Camino Ruiz
Camarillo, California 93011-6004
805-987-6811
Peter Vazzana

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
Paramax Systems Corporation
5151 Camino Ruiz
Camarillo, California 93011-6004
805-987-6811
Nina Lewis <nina@cam.paramax.com>


Page 166

        Internet Tool Catalog                     WOLLONGONG-MANAGER

NAME
Management Station, Release 3.0

KEYWORDS
manager; ; snmp, x; sun, dec, dos;.

ABSTRACT
Management Station is a network management software product that supports SNMP. Release 3.0 implements a distributed network management architecture that helps solve the scalability and reliability limitations of using a single cpu for all SNMP management tasks. Additionally, there are many applications provided that are all user-configurable. The following applications and their functionality is listed below:

General Info:

X Windows, 11.4 based implemented with OSF/Motif 1.1.1 toolkit. X Windows interface for all configuration files. Most applications have "verbose" mode for display of SNMP PDU traffic. On-line help and Reference manual pages. ANSI C compliant.

Network Management Daemon:

Responsible for device discovery, trap/alarm management and fault monitoring for the network map. Connection with other distributed daemons and any connected stations is accomplished with SNMP/TCP. Configured via Manager MIB; also incorporates SMUX MIB (RFC 1227). Sends any information to INGRES, Oracle or Sybase via an ESQL interface. User-defined actions include: send alarm to map; send info to flat file; execute ESQL command; call any UNIX system command; forward traps and filter user-defined alarms. User-defined alarms can use any boolean expression and MIB variable expressions can be combined with AND/OR statements.

MIB Compiler

ASN.1 MIB compiler with X Windows interface. Accepts RFC 1155 and 1212 format. Most vendor-specific MIBs and proposed Internet standard MIBs already included.


Page 167

Network Map

Comprehensive network monitoring map with click and drag interface, hiearchical and virtual views. Toolkit and preferences applications, device discovery. Uses /etc/hosts file, NIS or DNS for device resolution. Background pixmapping capability, user-definable menu bar, network manager and console operator modes via UNIX group permissions. Multiple map use without limitation.

MIB Form and MIB Form Editor

User-designed, X-based SNMP applications. Alias for MIB variables and interprets returned values. GET NEXT and SET capability. User-defined polling and multi-device [agent] capability. Configured via X interface.

MIB Chart and MIB Chart Editor

Choice of strip chart, packed strip chart or bar graphs. User-specified polling interval, MIB variable(s) or MIB expressions using arithmetic operands. Plot actual value, delta or delta/interval. Plot multiple MIB expressions from multiple agents simultaneously. X Windows interface. Pause polling and grid options.

MIB Tool

X Windows application for the general viewing and 'walking' of MIB trees. GET NEXT and SET options. Window for viewing RFC 1212 MIB definitions. Command line interface option.

Application Programming Interface

Complete set of APIs for developers to write SNMP applications in character mode or X Windows.

MECHANISM
Management Station uses SNMP and ICMP Echo Request to monitor and control SNMP Agents. Network management daemon implements Wollongong's Manager MIB, SNMP over TCP and the SMUX protocol.


Page 168

CAVEATS
none.

BUGS
See Product Release Notice.

LIMITATIONS
Limitations on number of management agents and network management daemons not known at this time.

HARDWARE REQUIRED
Sun SPARC workstations and servers
DEC DECstations and DECsystems
Motorola MPC (Delta 8000 series)
3/486 PC and PC-compatible

16 MB RAM
n20 MB free disk space for installation
Color monitor strongly recommended

SOFTWARE REQUIRED
SunOS 4.1-1 or greater & OpenWindows 2.0 or greater (SUN) X Windows, 11.4 or greater
RISC ULTRIX 4.1 or greater (DEC)
R32V2 (Motorola)
Open Desktop 1.1 or greater (3/486)

Provided on 1/4" cartridge, TK-50 or 3 1/2" diskettes, as appropriate, in cpio format.

AVAILABILITY
A commercial product of:

The Wollongong Group, Inc.
1129 San Antonio Rd
Palo Alto, CA. 94303

                ph.:    (800) 962 - 8649 (in California)
                        (800) 872 - 8649 (outside California)
                fax:    (415) 962 - 0286


Page 169

        Internet Tool Catalog                                 XNETDB

NAME
Xnetdb

KEYWORDS
database, manager, map, monitoring, status; IP; Ping, SNMP, Unix, X; free.

ABSTRACT
Xnetdb is a network monitoring tool based on X Windows and SNMP which also has integrated database and statistic viewing capabilities. Xnetdb will determine and display the status of routers and circuits it has been told to monitor by querying the designated sites and displaying the result. It can also query the status of certain designated SNMP variables, such as a default route for an important router. Additionally, it also has integrated database functionality in that it can display additional information about a site or circuit such as the equipment at the site, the contact person(s) for the site, and other useful information. Finally it can gather designated statistical information about a circuit and display it on demand.

MECHANISM
Xnetdb uses SNMP or ping to monitor things which its configured to monitor. It dynamically builds a network map on its display by querying entities and obtaining IP addresses and subnet masks. A
configuration file tells xnetdb which IP hosts you want to monitor.

CAVEATS
While "ping" can be used to monitor hosts, more useful results are obtained using SNMP.

BUGS
Bugs and other assorted topics are discussed on the xnetdb mailing list. To join, send a note to "xnetdb-request@oar.net".

LIMITATIONS
None.

HARDWARE REQUIRED
No restrictions.


Page 170

        SOFTWARE REQUIRED
                Most any variety of UNIX plus X-Windows and/or
                OpenWindows.

AVAILABILITY
Available via anonymous ftp from ftp.oar.net (currently 131.187.1.102) in the directory /pub/src. Special arrangements can be made for sites without direct IP access by sending a note to
"xnetdb-request@oar.net". There are minimal licensing restrictions - these are detailed within the package.


Page 171

        Internet Tool Catalog                  XNETMON_SNMP_RESEARCH

NAME
XNETMON -- an X windows based SNMP network management station from SNMP Research.

KEYWORDS
alarm, benchmark, control, debugger, manager, map, reference, security, status, traffic;
bridge, DECnet, Ethernet, FDDI, IP, OSI, ring, star; NMS, Ping, SNMP, X;
UNIX;
Sourcelib.

ABSTRACT
The XNETMON application implements a powerful network management station based on the X window system. XNETMON's network management tools for configuration, performance, security, and fault management have been used successfully with a wide assortment of wide- and local-area-network topologies and medias.
Multiprotocol devices are supported
including those using TCP/IP, DECnet, and OSI protocols.

Some features of XNETMON's network management tools include:

  • Fault management tool displays a map of the network configuration with node and link state indicated in one of several colors to indicate current status;
  • Configuration management tool may be used to edit the network management information base stored in the NMS to reflect changes occurring in the network;
  • Graphs and tabular tools for use in fault and performance management (e.g. XNETPERFMON);
  • Mechanisms by which additional variables, such as vendor- specific variables, may be added;
  • Alarms may be enabled to alert the operator of events occurring in the network;
  • Events are logged to disk;
  • Output data may be transferred via flat files for additional report generation by a variety of statistical packages.

The XNETMON application comes complete with source code including a powerful set of portable libraries for generating and parsing SNMP messages.


Page 172

MECHANISM
XNETMON is based on the Simple Network Management Protocol (SNMP). Polling is performed via the powerful SNMP get-next operator and the SNMP get operator. Trap-directed polling is used to regulate focus and intensity of the polling.

CAVEATS
None.

BUGS
None known.

LIMITATIONS
Monitored and managed nodes must implement the SNMP over UDP per RFC 1157 or must be reachable via a proxy agent.

HARDWARE REQUIRED
X windows workstation with UDP socket library. Monochrome is acceptable, but color is far superior.

SOFTWARE REQUIRED
X windows version 11 release 4 or later or MOTIF.

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:
SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing (615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 173

          Internet Tool Catalog                      XNETMON_WELLFLEET

NAME
xnetmon, xpmon

KEYWORDS
alarm, manager, map, status; IP; NMS, SNMP; UNIX.

ABSTRACT
Xnetmon and xpmon provide graphical representation of performance and status of SNMP-capable network ele- ments. Xnetmon presents a schematic network map representing the up/down status of network elements; xpmon draws a pen plot style graph of the change over time of any arbitrary MIB object (RFC1066). Both xnet- mon and xpmon use the SNMP (RFC1098) for retrieving status and performance data.

MECHANISM
Xnetmon polls network elements for the status of their interfaces on a controllable polling interval. Pop-up windows displaying the values of any MIB variable are supported by separate polls. When SNMP traps are received from a network element, that element and all adjacent elements are immediately re-polled to update their status. The layout of the network map is stati- cally configured. Xpmon repeatedly polls (using SNMP) the designated network element for the value of the designated MIB variable on the user-specified interval. The change in the variable is then plotted on the strip chart. The strip chart regularly adjusts its scale to the current maximum value on the graph.

CAVEATS
Polling intervals should be chosen with care so as not to affect system performance adversely.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Distributed and supported for Sun-3 systems.

SOFTWARE REQUIRED
SunOS 3.5 or 4.x; X11, release 2 or 3.


Page 174

AVAILABILITY
Commercial product of:
Wellfleet Communications, Inc.
12 DeAngelo Drive
Bedford, MA 01730-2204
(617) 275-2400


Page 175

        Internet Tool Catalog              XNETPERFMON_SNMP_RESEARCH

NAME
xnetperfmon -- a graphical network performance and fault management tool from SNMP Research.

KEYWORDS
manager, security, status;
DECnet, Ethernet, IP, OSI, ring, star;
NMS, SNMP, X;
DOS, UNIX, VMS;
sourcelib.

ABSTRACT
Xnetperfmon is a XNETMON tool used to produce plots of SNMP variables in graphical displays. The manager may easily customize the labels, step size, update interval, and variables to be plotted to produce graphs for fault and performance management. Scales automatically adjust whenever a point to be plotted would go off scale.

MECHANISM
The xnetperfmon application communicates with remote agents or proxy agents via the Simple Network Management Protocol (SNMP).

CAVEATS
All plots for a single invocation of xnetperfmon must be for variables provided by a single network management agent. However, multiple invocations of xnetperfmon may be active on a single display simultaneously or proxy agents may be used to summarize information at a common point.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Systems supporting X windows.

SOFTWARE REQUIRED
XNETMON from SNMP Research and X Version 11 release 4 or later (option MOTIF)


Page 176

AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL This is a commercial product available under license from:

SNMP Research
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
Attn: John Southwood, Sales and Marketing
(615) 573-1434 (Voice) (615) 573-9197 (FAX)

CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
users@seymour1.cs.utk.edu


Page 177

          Internet Tool Catalog                                 XUP_HP

NAME
xup

KEYWORDS
status; ping, X; HP.

ABSTRACT
Xup uses the X-Windows to display the status of an "interesting" set of hosts.

MECHANISM
Xup uses ping to determine host status.

CAVEATS
Polling for status increases network load.

BUGS
None known.

LIMITATIONS
None reported.

HARDWARE REQUIRED
Runs only on HP series 300 and 800 workstations.

SOFTWARE REQUIRED
Version 10 of X-Windows.

AVAILABILITY
A standard command for the HP 300 & 800 Workstations.


Page 178

Appendix: "No-Writeups"

This section contains references to tools which are known to exist, but which have not been fully cataloged. If anyone wishes to author an entry for one of these tools please contact: noctools- request@merit.edu.

Each mention is separated by a <form-feed> for improved readability. If you intend to actually print-out this section of the catalog, then you should probably strip-out the <ff>.

tuecho.c

/*
 * Send / receive TCP or UDP echos in any of a number of bizzare ways.
 *
 *   Joel P. Bion, March 1990
 *   Copyright (c) 1990 cisco Systems. All rights reserved.
 *
 * This "tuecho" program is distributed in the hope that it will be
 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * Prompts as:
 *   Host: -- host to send echos to -- can be name or a.b.c.d --
 *   Enter protocol (0 = UDP, 1 = TCP) [0]: -- UDP or TCP
 * Size of data portion (bytes) [100]: -- bytes in data, excluding
 * headers -- Number of bursts [5]: -- number of bursts of packets to
 * send -- Packets per burst [1]: -- packets per burst, all sent AT
 * ONCE -- Timeout (seconds) [2]: -- how long to wait for data
 * Pause interval (seconds) [0]: -- Pause interval between bursts of
 * frames
 *   Type of pattern (specify = 0, increment = 1) [1]:
 *          -- if 0 specified, allow you to specify a 16bit pattern
            -- as four hex digits (see below). If 1, will create a
            -- "incrementing", cycling pattern from 0x0000 -> 0xffff
            -- ->.
 *   Enter pattern (hex value) [abcd]:  -- if "0" specified above
 */

Availability:
ftp.uu.net:/networking/cisco/tuecho.c
ftp.cisco.com:tuecho.c


Page 179

SPY An NFS monitoring/tracing tool

Availability:
A postscript file describing SPY is located on
ftp.uu.net:/networking/ip/nfs/spy.ps.Z


Page 180

NFSTRACE

This is the rpcspy/nfstrace package.

It is described in detail in the paper "NFS Tracing by Passive Network Monitoring", which appeared in the January, 1992 USENIX conference.

You'll need either a DEC machine running ULTRIX (with the packetfilter installed in the kernel) or a Sun running SunOS 4.x (with NIT). Or you'll need to do a bit of hacking.

The package differs slightly from the version in the paper:

   - The handle->name translation facility has been removed.  It's
     just too fragile to include in the general release.  If you need it,
     contact me directly and I'll be happy to mail you the code.

   - The output format is a wee-bit different.

   - The IBM-RT Enet filter version is also not included, since I seem to
     be the only person in the world running it.  RTs are really too slow
     for this anyway.

To configure the package, edit the makefile in the obvious (to me at least) way.

Note that the not all versions of SunOS NIT have working versions of the packet timestamp mechanism. Try to set the -DSTAMPS option in the makefile, and if that doesn't work, take it out.

If you are actually going to use this to gather traces, I'd like to hear from you! Please send email, and share your results/traces if your organization will allow it. I maintain a mailing list of users for updates, etc. Send me mail to be added to it.

Happy tracing.
Matt Blaze
Department of Computer Science
Princeton University
35 Olden Street
Princeton, NJ 08544
mab@cs.princeton.edu
609-258-3946

Availability:
ftp.uu.net:/networking/ip/nfs/nfstrace.shar (or check archie)


Page 181

LAMER

# Lame delegation notifier
# Author: Bryan Beecher

   #  Last Modified:   6/25/92
   #
   #  To make use of this software, you need to be running the
   #  University of Michigan release of BIND 4.8.3, or any version
   #  of named that supports the LAME_DELEGATION patches posted to
   #  USENET.  The U-M release is available via anonymous ftp from
   #  terminator.cc.umich.edu:/unix/dns/bind4.8.3.tar.Z.
   #
   #  You must also have a copy of query(1) and host(1).  These
   #  are also available via anonymous ftp in the aforementioned
   #  place.
   # -------------------------------------------------------------

# ------------------------------------------------------------- # handle arguments
# -------------------------------------------------------------

   #       -d <day>
   #       This flag is used to append a dot-day suffix to the LOGFILE.
   #       Handy where log files are kept around for the last week
   #       and contain a day suffix.
   #
   #       -f <logfile>
   #       Change the LOGFILE value altogether.
   #
   #       -w
   #       Count up all of the DNS statistics for the whole week.
   #
   #       -v
   #       Be verbose.
   #
   #       -t
   #       Test mode.  Do not send mail to the lame delegation
   #       hostmasters.

Availability:
ftp.uu.net:/networking/ip/dns/lamer.tar.Z (or check archie)


Page 182

HOST

host - look up host names using domain server

SYNOPSIS
host [-v] [-a] [-t querytype] [options] name [server] host [-v] [-a] [-t querytype] [options] -l domain [server] host [-v] [options] -H [-D] [-E] [-G] domain
host [-v] [options] -C domain
host [-v] [options] -A host

DESCRIPTION
host looks for information about Internet hosts or domains. It gets this information from a set of interconnected
servers that are spread across the world. By default, it simply converts between host names and Internet addresses. However, with the -t, -a and -v options, it can be used to find all of the information about hosts or domains that is maintained by the domain nameserver.

/*
 * Extensively modified by E. Wassenaar, Nikhef-H, <e07@nikhef.nl>
 *
 * The officially maintained source of this program is available
 * via anonymous ftp from machine 'ftp.nikhef.nl' [192.16.199.1]
 * in the directory '/pub/network' as 'host.tar.Z'
 *
 * Also available in this directory are patched versions of the
 * BIND 4.8.3 nameserver and resolver library which you may need
 * to fully exploit the features of this program, although they
 * are not mandatory. See the file 'README_FIRST' for details.
 *
 * You are kindly requested to report bugs and make suggestions
 * for improvements to the author at the given email address,
 * and to not re-distribute your own modifications to others.
 */
/*
 *                      New features
 *
 * - Major overhaul of the whole code.
 * - Very rigid error checking, with more verbose error messages.
 * - Zone listing section completely rewritten.
 * - It is now possible to do recursive listings into subdomains.
 * - Maintain resource record statistics during zone listings.
 * - Maintain count of hosts during zone listings.
 * - Exploit multiple server addresses if available.
 * - Option to exploit only primary server for zone transfers.
 * - Option to exclude info from names that do not reside in a domain.


Page 183

 * - Implement timeout handling during connect and read.
 * - Write resource record output to optional logfile.
 * - Special MB tracing by recursively expanding MR and MG records.
 * - Special mode to check SOA records at each nameserver for domain.
 * - Special mode to check inverse mappings of host addresses.
 * - Code is extensively documented.
 */


Page 184

PINGs

Many many versions of the PING program exist.
Each implementation has its own set of additional features.
Here are a few more PINGs that are worth taking a look at.

Version on ftp.cc.berkeley.edu:pub/ping:
This version has duplicate packet detection, Record Route, ability to specify data pattern for packets, flood pinging, an interval option, Multicast support, etc.

Version on nikhefh.nikhef.nl:/pub/network/rping.tar.Z:
'rping' is just like 'ping', but only a single probe packet is sent to test the reachability of a destination.
As an option, the loose source routing facility is used to show the roundtrip route the packet has taken.
Multiple addresses of remote hosts are tried until one responds. As an option, each of multiple addresses can be probed unconditionally.
Contains a patch for making loose source routing work in case you have a SUN with an OMNINET ethernet controller.


Page 185

VRFY

vrfy.tar.Z (Version 921021)
'vrfy' is a tool to verify email addresses and mailing lists. In its simplest form it takes an address "user@domain", figures out the MX hosts for "domain", and issues the SMTP command VRFY at the primary MX host (optionally all), or at "domain" itself if no MX hosts exist. Without "domain" it goes to "localhost". More complex capabilities are: recursively expanding forward files or mailing lists, and detecting mail forwarding loops. Full-blown RFC822 address specifications are understood. Syntax checking can be carried out either locally or remotely. Various options are provided to exploit alternative protocol suites if necessary, and to print many forms of verbose output. Obvious limitations exist, but on average it works pretty well. Needless to say you need internet (nameserver and SMTP) access. See the man page and the extensive documentation in the source for further details.

Please send comments and suggestions to Eric Wassenaar <e07@nikhef.nl>

If you want to receive notification of updates, please send an email
with the keyword "subscribe" in the subject or the body to the address
<net-dist-request@nikhef.nl>

available as: nikhefh.nikhef.nl:/pub/network/vrfy.tar.Z


Page 186

XNETLOAD

NAME
xnetload - ethernet load average display for X

SYNOPSIS
xnetload[-toolkitoption ...] [-scale integer]
[-update seconds] [-hl color] [-highlight color]
[-jumpscroll pixels] [-label string] [-nolabel] host

DESCRIPTION
The xnetload program displays a periodically updating histo- gram of the ethernet load average for the specified host. The resulting graph is scaled as 0% to 100%, where 0% corresponds to 0mbs and 100% corresponds to 10mbs. NOTE: The specified host must be running rpc.etherd.

This program has been run using X11R4 and X11R5, under the following
operating systems:

SUNOS 4.1.0
SUNOS 4.1.1
ULTRIX V4.2
IRIX 3.3.2

Assuming the Imake templates and Rules are in order and in the proper
place on your system, these programs should compile and link
straightforward by running the following sequence:

xmkmf
make

Then, as root, issue the following:

make install
make install.man

Then, on your host system, (or on any other system you can rlogin or rsh
into) start the etherd daemon with the following (must be root):

        /usr/etc/rpc.etherd le0 &

where le0 is the mnemonic for the primary ethernet interface.

To start the xnetload program, the following command line is suggested:

./xnetload -hl red host &


Page 187

where "host" is the name of any reachable network node (including
LOCALHOST) that is running the etherd daemon. A small xload window
should appear on your local display with nine horizontal lines. The
label:
"Ethernet Load %"
should appear in the upper left hand corner, just below any additional
title bars or other decorations provided by your window manager. If the
program comes up without the nine lines, or without the "Ethernet Load"
label, then either your resource file is not properly installed in the
appropriate app-defaults directory, or you may have picked up the wrong
xnetload image. Try re-running "make install" as root, or be sure to
include the "./" in front of the command name.

Good Luck!

The following changes have been made to this directory since R3:

  • Now use Athena StripChart widget.

  • Understands WM_DELETE_WINDOW.

  • 3-26-92 Modified from xload to xnetload by Roger Smith, Sterling Software at NASA-Ames Research Center,
    Mountain View, Calif. rsmith@proteus.arc.nasa.gov

Availability:
ftp proteus.arc.nasa.gov:pub/XEnetload.tar.Z (or check archie)


Page 188

NETTEST

nettest, nettestd - Performs client and server functions for timing data throughput

The nettest and nettestd commands invoke client and server programs that are used for timing data throughput of various methods of interprocess communication. For TCP and OSI con- nections, the nettest program establishes a connection with the nettestd program, and then it does count writes of size bytes, followed by count reads of size bytes. For UDP, the nettest program performs only writes; reads are not per- formed. The nettestd program, if used with UDP connections, reads the data packets and prints a message for each data packet it receives. The number and size of the reads and writes may not correlate with the number and size of the actual data packets that are transferred; it depends on the protocol that is chosen. If you append an optional k (or K) to the size, count, or bufsize value, the number specified is multiplied by 1024.

This source for nettest and nettestd are provided on an "as is" basis. Cray Research does not provide any support for this code (unless you are a customer who has purchased the UNICOS operating system).

We will gladly take bug reports for nettest/nettestd. Suggested fixes are prefered to just bug reports. Changes to allow nettest/nettestd to run on other architectures are also welcomed. We will try to incorporate bugfixes and update the publicly available code, but we can make no guarantees.

For copyright information, see the notice in each source file.

Send bug-reports/fixes to:

        E-mail:         dab@cray.com
        U.S. Mail:      David Borman
                        Cray Research, Inc.
                        655F Lone Oak Drive
                        Eagan, MN 55121
   Notes:

1) The -b option to nettestd has not been tested...
2) The ISO code should work on a 4.4BSD system, but the
gethostinfo() routine is specific to UNICOS...

Availability:
ftp sgi.com:/sgi/src/nettest


Page 189

ETHERCK

etherck is a simple program that displays Sun ethernet statistics. If you have a high percents of input errors that are due to "out of buffers", then you can run the "iepatch" script to patch a kernel that uses the Intel ethernet chip ("ie"). A back of the envelope calculation shows that a .25% input error rate gives about a 10% degradation of NFS performance if 8k packets are being used.

In our environment at Legato, patching the ie buffer allocation made the input error rate drop more than 2 orders of magnitude. This was after we had applied other networking fixes (e.g., using Prestoserve, going from thin wire to twisted pair) and pushed a higher load on the server.

Note that both etherck and iepatch must be run by root (or you can make etherck setgid kmem).

Availability:

           send EMAIL to:          request@legato.com
           with a Subject line:    send unsupported etherck

The following is part of the 'help' file from the Legato Email Server:

This message comes to you from the request server at Legato.COM, request@Legato.COM. It received a message from you asking for help.

The request server is a mail-response program. That means that you mail it a request, and it mails back the response.

The request server is a very dumb program. It does not have much error checking. If you don't send it the commands that it understands, it will just answer "I don't understand you".

The request server has 4 commands. Each command must be the first word on a line. The request server reads your entire message before it does anything, so you can have several different commands in a single message. The request server treats the "Subject:" header line just like any other line of the message. You can use any combination of upper and lower case letters in the commands.

The request server's files are organized into a series of directories and subdirectories. Each directory has an index, and each subdirectory has an index. The top-level index gives you an overview of what is in the subdirectories, and the index for each subdirectory tells you what is in it.


Page 190

The server has 4 commands:

"help" command: The command "help" or "send help" causes the server to send you the help file. You already know this, of course, because you are reading the help file. No other commands are honored in a message that asks for help (the server figures that you had better read the help message before you do anything else).

SEND a request to Legato to get the rest of the help file!


Page 191

NETCK

netck is a shar file that contains the sources to build "netck", a network checker that uses the rstat(3R) protocol to gather and print statistics from machines on the network. netck is useful to help understand what part of what machines are potential NFS bottlenecks. To get this file, send email to the request server with the command "send unsupported netck".

Availability:
same as ETHERCK (send email To: request@legato.com; subject: HELP)


Page 192

References

[1] Stine, R., Editor, "FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices", FYI 2, RFC 1147, Sparta, Inc., April 1990.

Security Considerations

Security issues are not discussed in this memo.

Authors' Addresses

Robert M. Enger
Advanced Network and Services
1875 Campus Commons Drive, Suite 220
Reston, VA. 22091-1552

Phone: 703-758-7722
EMail: enger@reston.ans.net

Joyce K. Reynolds
Information Sciences Institute
University of Southern California
4676 Admiralty Way
Marina del Rey, CA 90292

Phone: (310) 822-1511
Email: JKREY@ISI.EDU