Zachary Loeber

The personal website of Zachary Loeber.

Create Your Own Network Assessment Appliance: Additional Tools

Introduction

I previously did a write up on a personal virtual machine I like to keep at hand for performing network analysis and discovery. I’ve since added a few tools to the VM and documented how they were installed so I figured I’d share on how it was done. Even if you don’t setup everything in this post it may be worthwhile to glance through it for some network engineering tools which are free to setup and use but not highly publicized. Anyone who cares to read this post has likely heard of Solarwinds but I highly doubt you have heard of all the tools in this list (let alone how to set them up). Regardless, I’ll start with a tool anyone worth their salt has heard of though, Cacti…

Cacti 0.88

Site: http://www.cacti.net

Purpose

Cacti is a complete rrdtool performance trend analysis tool. I’ve been using it for years and can attest to its robustness. Many of the programs I’m covering have plugin capabilities to integrate Cacti so I decided to set it up first. I also added a ton of third party add-ons and templates to try to cover the gambit of what you may need in an environment. To an extent all the extras make Cacti a fairly capable alerting system as well.

Cacti terms itself as;

…a complete network graphing solution designed to harness the power of RRDTool‘s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Setup

I not only installed Cacti, but I loaded it up with addons.

Install snmpd so we have some test data to graph out to confirm everything is working.

sudo apt-get install snmpd
cd ~/Downloads
wget http://www.cacti.net/downloads/cacti-0.8.8a.tar.gz
tar xzvf ./cacti-0.8.8a.tar.gz
sudo apt-get install libphp-adodb
sudo mv ./cacti-0.8.8a /var/www/cacti
sudo chown -R www-data.www-data /var/www/cacti
mysql -u root -p

CREATE DATABASE cacti;
GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';
QUIT
sudo su -
cd /var/www/cacti
mysql cacti -u root -p < cacti.sql
useradd cactiuser -d /var/www/cacti/ -s /bin/false
chown -R cactiuser.cactiuser rra/ log/
mkdir /var/log/cacti
touch /var/log/cacti/cacti.log
chmod 777 -R ./rra
chmod 777 -R ./log
chmod 777 -R ./pluggins
chown -R www-data.www-data /var/log/cacti
(crontab -l; echo -e '*/5 * * * * php /var/www/cacti/poller.php > /var/www/cacti/log/poller.log 2>&1 ') | crontab
echo -e 'Alias /cacti /var/www/cacti' >> /etc/apache2/conf.d/cacti.conf
echo -e '' >> /etc/apache2/conf.d/cacti.conf
echo -e '<Directory /var/www/cacti>' >> /etc/apache2/conf.d/cacti.conf
echo -e '        Options +FollowSymLinks' >> /etc/apache2/conf.d/cacti.conf
echo -e '        AllowOverride None' >> /etc/apache2/conf.d/cacti.conf
echo -e '        order allow,deny' >> /etc/apache2/conf.d/cacti.conf
echo -e '        allow from all' >> /etc/apache2/conf.d/cacti.conf
echo -e '' >> /etc/apache2/conf.d/cacti.conf
echo -e '        AddType application/x-httpd-php .php' >> /etc/apache2/conf.d/cacti.conf
echo -e '' >> /etc/apache2/conf.d/cacti.conf
echo -e '        <IfModule mod_php5.c>' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_flag magic_quotes_gpc Off' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_flag short_open_tag On' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_flag register_globals Off' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_flag register_argc_argv On' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_flag track_vars On' >> /etc/apache2/conf.d/cacti.conf
echo -e '                # this setting is necessary for some locales' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_value mbstring.func_overload 0' >> /etc/apache2/conf.d/cacti.conf
echo -e '                php_value include_path .' >> /etc/apache2/conf.d/cacti.conf
echo -e '        </IfModule>' >> /etc/apache2/conf.d/cacti.conf
echo -e '' >> /etc/apache2/conf.d/cacti.conf
echo -e '        DirectoryIndex index.php' >> /etc/apache2/conf.d/cacti.conf
echo -e '</Directory>' >> /etc/apache2/conf.d/cacti.conf
service apache2 restart

Go to http:///cacti to complete the rest of the installation.

I had initially installed via apt-get but the repository only has an older version of cacti. After apt-get removing the install, rrdtool was all confused on where the graphs and scripts were supposed to be so I had to rebuild the poller cache. You may not have to do this but if you do then run the following.

sudo php /var/www/cacti/cli/rebuild_poller_cache.php

Then manually kick off the poller:

sudo php /var/www/cacti/poller.php

Cacti Extra Templates

I went ahead and setup a handful of host/graph templates from http://docs.cacti.net/templates. Here is how it was done:

mkdir ~/Downloads/templates && cd ~/Downloads/templates
wget http://docs.cacti.net/_media/usertemplate:host:firewall:cacti087d_chkpt_firewall.tar.gz -O checkpoint-firewall.tar.gz
wget http://docs.cacti.net/_media/usertemplate:host:hp:hp-lefthand-cacti-1.0.zip -O lefthand.zip
wget http://docs.cacti.net/_media/usertemplate:host:cacti_host_template_cisco_asa_-_security_appliance.xml.gz -O asa.xml.gz
wget http://docs.cacti.net/_media/usertemplate:host:juniper:cacti087b_juniper_isg-20091020-yrg.zip -O juniper-isg.zip
wget http://docs.cacti.net/_media/usertemplate:host:juniper:cacti087e_juniper_ive-20100609-yrg.zip-O juniper-ive.zip
wget http://docs.cacti.net/_media/usertemplate:graph:vmware:vmware_esx_cacti_0_1.zip -O esx.zip
wget http://www.eric-a-hall.com/software/cacti-cisco-memory/cacti-cisco-memory.0.3.tar.gz -O cisco-memory.tar.gz
gzip -d ./asa.xml.gz
sudo mv ./asa.xml /var/www/cacti/resource/snmp_queries/
sudo tar -C /var/www/cacti/resource/snmp_queries/ -xzvf ./checkpoint-firewall.tar.gz
unzip ./lefthand.zip
sudo cp ./HP-LeftHand-Cacti-1.0/*.xml /var/www/cacti/resource/snmp_queries/
unzip ./juniper-isg.zip
sudo mv ./cacti_host_template__juniper_isg.xml /var/www/cacti/resource/snmp_queries/
unzip ./juniper-ive.zip
sudo mv ./resource/snmp_queries/*.xml /var/www/cacti/resource/snmp_queries/ ./cacti_host_template__juniper_isg.xml /var/www/cacti/resource/snmp_queries/
unzip ./esx.zip
sudo mv cacti_host_template_vmware_esx_server.xml /var/www/cacti/resource/snmp_queries/
sudo mv ./resource/script_server/*.xml /var/www/cacti/resource/script_server/
sudo mv ./scripts/*.php /var/www/cacti/scripts/
tar -xvzf cacti-cisco-memory.0.3.tar.gz
sudo mv ./cacti-cisco-memory/templates/cisco_memory_data_query.xml /var/www/cacti/resource/snmp_queries/
sudo mv ./cacti-cisco-memory/resource/*.xml /var/www/cacti/resource/snmp_queries/
sudo mv ./cacti_host_template__juniper_ive.xml /var/www/cacti/resource/snmp_queries/
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti087d_host_template_firewall_-_checkpoint.xml  --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti_host_template_hp_lefthand_system.xml  --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti_host_template_hp_lefthand_cluster.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/lefthand-raid.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/lefthand-volumes.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/lefthand-clusters.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/lefthand-temp.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/asa.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti_host_template__juniper_isg.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti_host_template__juniper_ive.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cacti_host_template_vmware_esx_server.xml --with-template-rras
php /var/www/cacti/cli/import_template.php --filename=/var/www/cacti/resource/snmp_queries/cisco_memory_data_query.xml --with-template-rras

Cacti Extra Plugins

Now do the same for plugins to get cool things like weathermap, threshold notifications, switch/router config backups, and network discovery:

sudo apt-get install tftpd flow-tools nfdump
cd ~/Downloads
wget http://docs.cacti.net/_media/plugin:aggregate-070b2.tgz -O aggregate.tgz
wget http://docs.cacti.net/_media/plugin:routerconfigs-v0.3-1.tgz -O routerconfig.tgz
wget http://docs.cacti.net/_media/plugin:realtime-v0.5-2.tgz -O realtime.tgz
wget http://docs.cacti.net/_media/plugin:discovery-v1.5-1.tgz -O discovery.tgz
wget http://docs.cacti.net/_media/plugin:mactrack-v2.9-1.tgz -O mactrack.tgz
wget http://docs.cacti.net/_media/plugin:flowview-v1.1-1.tgz -O flowview.tgz
wget http://docs.cacti.net/_media/plugin:settings-v0.71-1.tgz -O settings.tgz
wget http://docs.cacti.net/_media/plugin:thold-v0.4.9-3.tgz -O thold.tgz
wget http://docs.cacti.net/_media/plugin:superlinks-v1.4-2.tgz -O superlinks.tgz
wget http://redmine.nmid-plugins.de/attachments/download/344/nmidSmokeping_v1.04.zip -O smokeping.zip
wget http://docs.cacti.net/_media/plugin:nmidphpip-latest.tgz -O phpip.tgz
wget http://www.network-weathermap.com/files/php-weathermap-0.97a.zip -O weathermap.zip
wget http://docs.cacti.net/_media/userplugin:manage-0.6.2.zip -O manage.zip
wget http://redmine.nmid-plugins.de/attachments/download/342/nmidWebService_2.07_wZend.tgz -O webservice.zip
sudo tar -C /var/www/cacti/plugins -xzvf ./aggregate.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./routerconfig.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./realtime.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./discovery.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./settings.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./thold.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./superlinks.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./mactrack.tgz
sudo tar -C /var/www/cacti/plugins -xzvf ./flowview.tgz
sudo unzip ./manage.zip -d /var/www/cacti/plugins/
sudo unzip ./weathermap.zip -d /var/www/cacti/plugins/
sudo unzip ./smokeping.zip -d /var/www/cacti/plugins/
Modify /var/www/cacti/plugins/weathermap/editor.php to enable the editor for weathermap.
sudo nano /var/www/cacti/plugins/weathermap/editor.php
$ENABLED=true;
sudo mkdir /var/netflow
sudo mkdir /var/netflow/flows
sudo mkdir /var/netflow/flows/completed
sudo mkdir /var/www/cacti/plugins/routerconfigs/backups
sudo mkdir /var/www/cacti/plugins/cache
sudo chown -R www-data:www-data /var/www/cacti/plugins
sudo chmod -R 777 /var/www/cacti/plugins

Go to http:///cacti/plugins.php and enable your plugins

Go to http:///cacti/settings.php and in the “Misc” tab change your settings for the realtime cache directory to be /var/www/cacti/plugins/cache/ (consequently, this is also where you go to setup the discover plugin subnets)

Go to http:///cacti/user_admin.php, select the admin user, then under realm permissions ensure that the MacTracker items are selected.

When all is said and done you should have a bunch of extra Cacti areas to play around in and mess up (that is up to you to figure out and fix).

360-FAAR

Site: http://www.360analytics.co.uk/360faar/

Purpose

This nifty script is self-described in the following excerpt from its readme.txt file,

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco PIX/ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),

Netscreen ScreenOS (in get config / syslog format),

Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virtualizations at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: ‘print’ mode. One command, and spreadsheet for your audit needs!

I’ll be honest and say I’ve yet had the opportunity to use the script but it sounds pretty cool in what it does. Also, the developers are constantly updating it so if you do use this on a regular basis you may want to follow the project on freecode.com.

Setup

FAAR is just a perl script so there is not much needed besides some perl libraries and a location to put the script. I’ve been putting the single use command line tools in the ~/Applications directory up to this point so that is where FAAR is going to go.

sudo apt-get install libperl4-corelibs-perl
cd ~/Downloads/
wget 'http://downloads.sourceforge.net/project/faar/360AnalyticsLtd-0.2.4.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Ffaar%2F&ts=1337551221&use_mirror=iweb' -O faar.zip
unzip ./faar.zip
mv ./360AnalyticsLtd ~/Applications/faar
rm -rf ./__MACOSX

Gestioip

Site: http://www.gestioip.net/

Purpose

I don’t believe an IP address management application is really related to the discovery type nature of the appliance but I thought I’d include one regardless. This is due to how many people I see still using spreadsheets to manage their network IP addresses.

I was initially going to setup phpip but I tried and tried and, for the life of me, couldn’t get phpip to work. (This is likely due to how massively aged and ignored the project has become.) Thus my switch to Gestioip for IP address management.

After getting everything configured I was pleasantly surprised to find additional IPv6 migration and configuration features I’ve not seen in any other product.  This automatically boosted the awesomeness of this free tool in my head and therefore it gets a spotlight in my toolkit.

GestioIP terms itself as;

GestióIP is an automated, Web based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly. GestióIP also incorporates an automated VLAN management system.

Setup

cd ~/Downloads
sudo apt-get install libapache2-mod-perl2
wget 'http://downloads.sourceforge.net/project/gestioip/gestioip/gestioip_3.0.tar.gz?r=http%3A%2F%2Fwww.gestioip.net%2Fip-address-management-software.html&ts=1337708590&use_mirror=softlayer' -O gestioip.tar.gz
tar -xzvf ./gestioip.tar.gz
mv ./gestioip_3.0/ ./gestioip
sudo su -
cd /home/netcollect/Downloads/gestioip/
./setup_gestioip.sh

Accept all the default prompts and follow the directions for creating the read-only and admin users and everything should “just work” when it completes.

Read-Only: gipoper/admin

Admin User: gipadmin/admin

Now go to http:///gestioip/install/ and run through the database install process. I used the following information to complete the installer:

Although I got all green Oks at this step the next step failed with a database access error. To get around this I manually assigned the rights for the gestioip user on the gestioip database like so:

mysql -u root -p

GRANT ALL PRIVILEGES ON gestioip.* TO 'gestioip'@'localhost' IDENTIFIED BY 'gestioip';
QUIT

I was then able to continue configuration. I used a basic main office site and the pre-defined network categories:

Finally remove the install directory and then go ahead and access for freshly installed, web-based, IP address management solution.

sudo rm -r /var/www/gestioip/install

GestioIP Usage

When first using GestioIP you will probably want to create a root network per physical site which contains a supernet of all of your subnets then add all the routed subnets. If this is not your network you can still use the GestioIP application for some rudimentary discovery.

There are some cool import/export functions you can use as well:

Under the manage -> manage GestioIP at the very bottom of the screen is where you go to reset the database for a new client site.

GestioIP Extra Surprise Feature

One of the coolest features (which I didn’t realize I was getting until I started poking around the app) is an IPv6 Address Planner. The planner takes you from beginning to end in creating a hierarchy for your organization. There are two options when planning. Both options start out with you putting in your IPv6 address block.

The second option helps you come up with a new site plan based on number of sites and category of IP addresses (prod, dev, test, et cetera). This can be quite valuable in helping plan your network and preventing IP subnet fragmentation moving forward. Below is the output for creating a new IPv6 address plan for one site that contains corp, dev, and test categories and planning for 2 sites (each having 4 root networks being reserved).

I wish I could say I used this to plan an IPv6 migration but I’d be lying if I did. But I will say (from staying intellectually current in the industry) that this is a feature which I would use if performing such an upgrade. This is top-notch stuff for a free tool. Definitely worth checking out.

NETDISCO

Site: http://www.netdisco.org

Purpose

Netdisco terms itself as;

… an Open Source web-based network management tool first released publically in 2003. The target users are large corporate and university networks administrators. Data is collected into a Postgres database using SNMP and presented with a clean web interface using Mason.

Configuration information and connection data for network devices are retrieved via SNMP. Data is stored using a SQL database for scalability and speed. Layer-2 topology protocols such as CDP and LLDP provide automatic discovery of the network topology. Here are some of the favorite uses for this tool:

  • Locate a machine on the network by MAC or IP and show the switch port it lives at.
  • Turn Off a switch port while leaving an audit trail. Admins log why a port was shut down.
  • Inventory your network hardware by model, vendor, switch-card, firmware and operating system.
  • Report on IP address and switch port usage: historical and current.
  • Pretty pictures of your network.

Netdisco gets all its data, including topology information, with SNMP polls and DNS queries. It does not use CLI access and has no need for privilege passwords.

Setup

A long time ago I had setup netdisco and recall the install process to be rather painful. Thus I had avoided it for quite a while. Since I’m making a discovery appliance I’d be doing netdisco a great disservice by not including it along for the ride. I chose the cheesy way of doing the install and just used apt at first but it wasn’t up to date so I uninstalled and reinstalled by hand. It was just as painful to get working this time as it was the last *sigh*. I believe I captured the right steps to get netdisco working on my VM but if I missed something please let me know.

I used a good portion of the installer script another person posted online.

cd ~/Downloads
wget 'http://downloads.sourceforge.net/project/netdisco/netdisco/1.1/netdisco-1.1_with_mibs.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnetdisco%2Ffiles%2Fnetdisco%2F1.1%2F&ts=1337715093&use_mirror=softlayer' -O netdisco.tar.gz
tar xzvf netdisco.tar.gz
sudo mkdir -p /usr/local/netdisco
sudo mv netdisco-1.1/* /usr/local/netdisco
sudo useradd -d /usr/local/netdisco netdisco
sudo chown -R netdisco:netdisco /usr/local/netdisco
sudo cp /etc/postgresql/9.1/main/pg_hba.conf /etc/postgresql/9.1/main/pg_hba.conf .orig
sudo su -
echo '' >> /etc/postgresql/9.1/main/pg_hba.conf
echo 'host    netdisco        netdisco        127.0.0.1       255.255.255.255         trust' >> /etc/postgresql/9.1/main/pg_hba.conf
echo 'local   netdisco        netdisco        trust' >> /etc/postgresql/9.1/main/pg_hba.conf
/etc/init.d/postgresql restart
/usr/local/netdisco/sql/pg --init
crontab -u netdisco /usr/local/netdisco/netdisco.crontab
ln -s /usr/local/netdisco/bin/netdisco_daemon /etc/init.d/netdisco
update-rc.d netdisco defaults
echo "Include /usr/local/netdisco/netdisco_apache.conf" > /etc/apache2/conf.d/netdisco.conf
echo "Include /usr/local/netdisco/netdisco_apache_dir.conf" >> /etc/apache2/conf.d/netdisco.conf
perl -pi -e 's/CHANGEME/netdisco/g' /etc/netdisco/netdisco_apache2.conf
apt-get install postgresql apache2 graphviz libnet-snmp-perl libapache2-mod-perl2 libapache-session-wrapper-perl libhtml-mason-perl libdbd-pg-perl libgraphviz-perl libio-zlib-perl libapache2-request-perl libnet-nbname-perl libsnmp-info-perl libapache-dbi-perl libmasonx-request-withapachesession-perl libparallel-forkmanager-perl libgraph-perl
a2enmod apreq
chmod 660 /usr/local/netdisco/*.conf
chgrp netdisco /usr/local/netdisco/*.
service apache2 restart
/usr/local/netdisco/netdisco -u admin
<enter password, I used just admin>
<enter yes for each option>
cd /usr/local/netdisco
make oui
/etc/init.d/netdisco start
exit

Finally, go through and modify the config file for your environment:

nano /usr/local/netdisco/netdisco.conf

Access the netdisco interface at http:///netdisco with admin/admin

Among other excellent features there are some cool reports for discovery:

NTD – Network Topology Diagrammer

Site: http://www.sivann.gr/software.php#ntd

Purpose

I stumbled across this one while I was looking at another software product this kind programmer gives away for free, ITDB. I’m going to wait for the auto-discover feature for that product before installing. But NTD looks worthy to setup and use right now. Here is how it is done.

Setup

cd
cd ./Downloads
wget http://www.sivann.gr/software/ntd-0.4.tar.gz
tar xzvf ./ntd-0.4.tar.gz
sudo mv ./ntd /var/www
sudo chown -R www-data.www-data /var/www/ntd
sudo chmod -R 777 /var/www/ntd/
sudo perl -pi -e 's/public/<your-snmp-string>/g' /var/www/ntd/doc/snmp.txt
sudo perl -pi -e 's/public/<your-snmp-string>/g' /var/www/ntd/ntd.php
sudo perl -pi -e 's/public/<your-snmp-string>/g' /var/www/ntd/ntd.phps

Then access via a browser by going to http:///ntd/ntd.php, put in your default gateway, click run, and wait a bit for your results.

The png output file never seems to generate but it does generate a graphviz file which you can use to create some pretty nice looking diagrams.

SMART – Safe Mapping And Reporting Tool

Site: http://safemap.sourceforge.net/

Purpose

This one flew right under my radar when it was released. To top it off, it was released by Cisco then promptly dumped for whatever reason (looks like the team responsible for it got dissolved internally at Cisco).

SMART is a passive network visualization tool. It is self-proclaimed as:

The Safe Mapping and Reporting Tool (SMART) is a completely passive network flow visualization tool for small to medium sized IP networks featuring device and operating system identification and network service enumeration.

SMART can also process packet capture files from tools like tcpdump or ethereal/wireshark in pcap format, adding network flow visualization to your forensic toolkit.

Setup

cd
cd ./Downloads
wget 'http://downloads.sourceforge.net/project/safemap/safemap/1.0/smart-1.0.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsafemap%2F&ts=1353448527&use_mirror=iweb' -O smart-1.0.tar.gz
tar xzvf ./smart-1.0.tar.gz
sudo mv ./smart-1.0 /var/www/smart/
sudo chown -R www-data.www-data /var/www/smart/
cd /var/www/smart
sudo apt-get install libpcap-dev
sudo perl ./Build.PL

Then to run the packet capture:

On linux systems you will need to be root to run smart.pl in promiscuous mode to capture packets from your LAN (-p option).

As a typical use example, suppose your local network includes the 192.168.x.x and 10.x.x.x netblocks. From a linux host, you would execute smart.pl as follows:

sudo ./smart.pl -N "My Net" -x -p -d -i eth0 -t 20 -L "^192\.168\.|^10\."

– This would label web pages produced by SMART with “My Net” (-N)

– The flowlog would be saved in XML format (-x)

– Packets would be captured in promiscous mode (-p)

– Debug mode would be enabled (-d)

– eth0 would be the packet capture interface (-i)

– The flowlog and the web pages would be updated every 20 secs (-t)

– The 192.168.x.x and 10.x.x.x netblocks would be considered the local “LAN” for the Lan Focus displays in the web interface.

You can also specify -r to just read from a pcap file. The interactive website does require the Adobe SVG Viewer be installed on your computer. Some output just from my home network:

Extras

Here is a list of extras I added into the mix for other network management tasks. Some do monitoring, others are for maintaining documentation. They are not really discovery related but worth having if you are in a more permanent environment.

phpFileManager

Site: http://phpfm.sourceforge.net/

Purpose

I set this up mainly to access the files within the netcollect user home directory. I know there are other flashier web based file managers but this is easy and it works for my purposes. Here is how to set it up.

Setup

cd ~/Downloads
wget 'http://downloads.sourceforge.net/project/phpfm/phpFileManager/version%200.9.5/phpFileManager-0.9.5.zip?r=http%3A%2F%2Fphpfm.sourceforge.net%2F&ts=1352141782&use_mirror=iweb' -O phpFileManager-0.9.5.zip
unzip ./phpFileManager-0.9.5.zip
mv  ./index.php ../
sudo adduser www-data netcollect
sudo nano /etc/apache2/sites-available/phpfilemanager
<VirtualHost *:82>
  DocumentRoot /home/netcollect
  <Directory /home/netcollect/>
        AllowOverride All
        Options FollowSymLinks MultiViews Indexes
        Order allow,deny
        allow from all
  </Directory>
</VirtualHost>

Add the following to  /etc/apache2/ports.conf

Listen 82

sudo a2ensite phpfilemanager
sudo /etc/init.d/apache2 restart

Then access the web file manager by going to http://:82/

Shinkin

Site: http://www.shinken-monitoring.org/

Purpose

Shinken describes itself thusly;

Shinken is an open source Nagios like tool, redesigned and rewritten from scratch. Its main goal is to meet today’s system monitoring requirements while still allowing compatibility to Nagios®

Setup

cd ~/Downloads
wget http://shinken-monitoring.org/pub/shinken-1.0.1.tar.gz -O shinken.tar.gz
tar xzvf ./shinken.tar.gz
cd ./shinken-1.0.1
sudo perl -pi -e 's/1.1.12p6/1.2.0p3/g' ./install.d/shinken.conf
sudo ./install -i && sudo ./install -p nagios-plugins && sudo ./install -p check_mem && sudo ./install -p manubulon && sudo ./install -p multisite && sudo ./install -p pnp4nagios && sudo ./install -p nagvis && sudo ./install –p multisite
sudo /etc/init.d/shinken start

You then can login at http://:7767 with admin/admin

Note that, despite the simple installation, Shinken is a very comprehensive program with logs of options for discovery, monitoring, and integration. You will really want to get more info on configuring this bad boy from their site.

RackTables

Site: http://racktables.org/

Purpose

This is not really a discovery related addition but can be nice to have in your environment for proactive infrastructure documentation. RackTables as defined by its creators:

Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much much more!

Setup

sudo apt-get install php5-cgi php5-curl
cd ~
cd ./Downloads
wget 'http://downloads.sourceforge.net/project/racktables/RackTables-0.20.1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fracktables%2Ffiles%2F&ts=1353701797&use_mirror=iweb' -O RackTables-0.20.1.tar.gz
tar xzvf RackTables-0.20.1.tar.gz
cd  ./RackTables-0.20.1
sudo mv ./RackTables-0.20.1 /var/www/racktables
sudo touch '/var/www/racktables/wwwroot/inc/secret.php'
sudo chmod 666 '/var/www/racktables/wwwroot/inc/secret.php'
sudo chown -R www-data.www-data /var/www/racktables/
mysql -u root -p

CREATE DATABASE racktables;
GRANT ALL PRIVILEGES ON racktables.* TO 'racktablesuser'@'localhost' IDENTIFIED BY 'racktablesuser';
QUIT

Go to the following site to start the installer: http://192.168.1.148/racktables/wwwroot/?module=installer

Follow the install, ignore the warnings and use the database of racktables with the user and password of racktables/racktables. Set whatever admin password you like. I’m super original so I just set it to be racktables. After this is done you can access and setup Racktables.

Netdot

Site: https://osl.uoregon.edu/redmine/projects/netdot

Purpose

Netdot developers say that Netdot is:

Network Documentation Tool project

Netdot is an open source tool designed to help network administrators collect, organize and maintain network documentation.

Setup

I’ve really wanted to try this one out for years now but I’ve never been able to successfully get it running…and I still cannot unfortunately.  Maybe you will have better luck with directions at this post online. I went through the following steps before I got stuck at the final stages of the install 🙁 I’m going to note this to be possibly revisited at a future date as it really does seem to be a cool networking tool.

Conclusion

I hope this article broadens the consciousness of some of the great open source tools at the disposal of today’s network analysts and administrators.

comments powered by Disqus