Network Working Group R. Stine, Editor Request for Comments: 1147 SPARTA, Inc. FYI: 2 April 1990 FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices Status of this Memo The goal of this FYI memo is to provide practical informa- tion to site administrators and network managers. This memo provides information for the Internet community. It does not specify any standard. It is not a statement of IAB pol- icy or recommendations. Comments, critiques, and new or updated tool descriptions are welcome, and should be sent to Robert Stine, at stine@sparta.com, or to the NOCTools work- ing group, at noctools@merit.edu. Distribution of this memo is unlimited. 1. Introduction This catalog contains descriptions of several tools avail- able to assist network managers in debugging and maintaining TCP/IP internets and interconnected communications resources. Entries in the catalog tell what a tool does, how it works, and how it can be obtained. The NOCTools Working Group of the Internet Engineering Task Force (IETF) compiled this catalog in 1989. Future editions will be produced as IETF members become aware of tools that should be included, and of deficiencies or inaccuracies. Developing an edition oriented to the OSI protocol suite is also contemplated. The tools described in this catalog are in no way endorsed by the IETF. For the most part, we have neither evaluated the tools in this catalog, nor validated their descriptions. Most of the descriptions of commercial tools have been pro- vided by vendors. Caveat Emptor. 1.1 Purpose The practice of re-inventing the wheel seems endemic to the field of data communications. The primary goal of this IETF NOCTools Working Group [Page 1] RFC 1147 FYI: Network Management Tool Catalog April 1990 document is to fight that tendency in a small but useful way. By listing the capabilities of some of the available network management tools, we hope to pool and share knowledge and experience. Another goal of this catalog is to show those new in the field what can be done to manage internet sites. A network management tutorial at the end of the document is of further assistance in this area. Finally, by omission, this catalog points out the network management tools that are needed, but do not yet exist. There are other sources of information on available network management tools. Both the DDN Protocol Implementation and Vendors Guide and the DATAPRO series on data communications and LANs are particularly comprehensive and informative. The DDN Protocol Implementation and Vendors Guide addresses a wide range of internet management topics, including evaluations of protocol implementations and network analyzers.* The DATAPRO volumes, though expensive (check your local university or technical libraries!), are good surveys of available commercial products for network manage- ment. DATAPRO also includes tutorials, market analyses, product evaluations, and predictions on technology trends. 1.2 Scope The tools described in this document are used for managing the network resources, LANs, and devices that are commonly interconnected by TCP/IP internets. This document is not, however, a "how to" manual on network management. While it includes a tutorial, the coverage is much too brief and gen- eral to serve as a sole source: a great deal of further study is required of aspiring network managers. Neither is this catalog is an operations manual for particular tools. Each individual tool entry is brief, and emphasizes the uses to which a tool can be put. A tool's documentation, which in some cases runs to hundreds of pages, should be consulted for assistance in its installation and operation. 1.3 Overview Section 1 describes the purpose, scope, and organization of this catalog. Section 2 lists and explains the standard keywords used in _________________________ * Instructions for obtaining the DDN Protocol Guide are given in Section 7 of the appendix. IETF NOCTools Working Group [Page 2] RFC 1147 FYI: Network Management Tool Catalog April 1990 the tool descriptions. The keywords can be used as a sub- ject index into the catalog. Section 3, the main body of the catalog, contains the entries describing network management tools. The tool entries in Section 3 are presented in alphabetical order, by tool name. The tool descriptions all follow a standard for- mat, described in the introduction to Section 3. Following the catalog, there is an appendix that contains a tutorial on the goals and practice of network management. 1.4 Acknowledgements The compilation and editing of this catalog was sponsored by the Defense Communications Engineering Center (DCEC), con- tract DCA100-89-C-0001. The effort grew out of an initial task to survey current internet management tools. The cata- log is largely, however, the result of volunteer labor on the part of the NOCTools Working Group, the User Services Working Group, and many others. Without these volunteer contributions, the catalog would not exist. The support from the Internet community for this endeavor has been extremely gratifying. Several individuals made especially notable contributions. Mike Patton, Paul Holbrook, Mark Fedor and Gary Malkin were particularly helpful in composition and editorial review, while Dave Crocker provided essential guidance and encouragement. Bob Enger was active from the first with the gut work of chairing the Working Group and building the catalog. Phill Gross helped to christen the NOCTools Work- ing Group, to define its scope and goals, and to establish its role in the IETF. Mike Little contributed the formative idea of enhancing and publicizing the management tool survey through IETF participation. Responsibility for any deficiencies and errors remains, of course, with the editor. IETF NOCTools Working Group [Page 3] RFC 1147 FYI: Network Management Tool Catalog April 1990 2. Keywords This catalog uses "keywords" for terse characterizations of the tools. Keywords are abbreviated attributes of a tool or its use. To allow cross-comparison of tools, uniform key- word definitions have been developed, and are given below. Following the definitions, there is an index of catalog entries by keyword. 2.1 Keyword Definitions The keywords are always listed in a prefined order, sorted first by the general category into which they fall, and then alphabetically. The categories that have been defined for management tool keywords are: o+ the general management area to which a tool relates or a tool's functional role; o+ the network resources or components that are managed; o+ the mechanisms or methods a tool uses to perform its functions; o+ the operating system and hardware environment of a tool; and o+ the characteristics of a tool as a hardware pro- duct or software release. The keywords used to describe the general management area or functional role of a tool are: Alarm a reporting/logging tool that can trigger on specific events within a network. Analyzer a traffic monitor that reconstructs and interprets pro- tocol messages that span several packets. Benchmark a tool used to evaluate the performance of network com- ponents. IETF NOCTools Working Group [Page 4] RFC 1147 FYI: Network Management Tool Catalog April 1990 Control a tool that can change the state or status of a remote network resource. Debugger a tool that by generating arbitrary packets and moni- toring traffic, can drive a remote network component to various states and record its responses. Generator a traffic generation tool. Manager a distributed network management system or system com- ponent. Map a tool that can discover and report a system's topology or configuration. Reference a tool for documenting MIB structure or system confi- guration. Routing a packet route discovery tool. Security a tool for analyzing or reducing threats to security. Status a tool that remotely tracks the status of network com- ponents. Traffic a tool that monitors packet flow. The keywords used to identify the network resources or com- ponents that a tool manages are: Bridge a tool for controlling or monitoring LAN bridges. IETF NOCTools Working Group [Page 5] RFC 1147 FYI: Network Management Tool Catalog April 1990 CHAOS a tool for controlling or monitoring implementations of the CHAOS protocol suite or network components that use it. DECnet a tool for controlling or monitoring implementations of the DECnet protocol suite or network components that use it. DNS a Domain Name System debugging tool. Ethernet a tool for controlling or monitoring network components on ethernet LANs. FDDI a tool for controlling or monitoring network components on FDDI LANs or WANs. IP a tool for controlling or monitoring implementations of the TCP/IP protocol suite or network components that use it. OSI a tool for controlling or monitoring implementations of the OSI protocol suite or network components that use it. NFS a Network File System debugging tool. Ring a tool for controlling or monitoring network components on Token Ring LANs. SMTP an SMTP debugging tool. Star a tool for controlling or monitoring network components on StarLANs. The keywords used to describe a tool's mechanism are: IETF NOCTools Working Group [Page 6] RFC 1147 FYI: Network Management Tool Catalog April 1990 Curses a tool that uses the "curses" tty interface package. Eavesdrop a tool that silently monitors communications media (e.g., by putting an ethernet interface into "promiscu- ous" mode). NMS the tool is a component of or queries a Network Manage- ment System. Ping a tool that sends packet probes such as ICMP echo mes- sages; to help distinguish tools, we do not consider NMS queries or protocol spoofing (see below) as probes. Proprietary a distributed tool that uses proprietary communications techniques to link its components. SNMP a network management system or component based on SNMP, the Simple Network Management Protocol. Spoof a tool that tests operation of remote protocol modules by peer-level message exchange. X a tool that uses X-Windows. The keywords used to describe a tool's operating environment are: DOS a tool that runs under MS-DOS. HP a tool that runs on Hewlett-Packard systems. Macintosh a tool that runs on Macintosh personal computers. IETF NOCTools Working Group [Page 7] RFC 1147 FYI: Network Management Tool Catalog April 1990 Standalone an integrated hardware/software tool that requires only a network interface for operation. UNIX a tool that runs under 4.xBSD UNIX or related OS. VMS a tool that runs under DEC's VMS operating system. The keywords used to describe a tool's characteristics as a hardware or software acquisition are: Free a tool is available at no charge, though other restric- tions may apply (tools that are part of an OS distribu- tion but not otherwise available are not listed as "free"). Library a tool packaged with either an Application Programming Interface (API) or object-level subroutines that may be loaded with programs. Sourcelib a collection of source code (subroutines) upon which developers may construct other tools. IETF NOCTools Working Group [Page 8] RFC 1147 FYI: Network Management Tool Catalog April 1990 2.2 Tools Indexed by Keywords Following is an index of catalog entries sorted by keyword. This index can be used to locate the tools with a particular attribute: tools are listed under each keyword that charac- terizes them. The keywords and the subordinate lists of tools under them are in alphabetical order. In the interest of brevity, some liberties have been taken with tool names. Capitalization of the names is as speci- fied by the tool developers or distributers. Note that parenthetical roman numerals following a tool's name are not actually part of the name. The use of roman numerals to differentiate tools with the same name is explained in the introduction of Section 3. alarm bridge CMIP Library ConnectVIEW EtherMeter decaddrs LanProbe NMC LANWatch proxyd NETMON (III) Snmp Libraries osilog snmpd SERAG sma Snmp Libraries CHAOS snmptrapd LANWatch SpiderMonitor map Unisys NCC WIN/MGT Station xnetmon (I) control XNETMON (II) CMIP Library ConnectVIEW NETMON (III) analyzer NMC LANWatch proxyd Sniffer Snmp Libraries SpiderMonitor snmpset TokenVIEW Unisys NCC benchmark WIN/MGT Station hammer XNETMON (II) nhfsstone SPIMS spray TTCP Unisys NCC IETF NOCTools Working Group [Page 9] RFC 1147 FYI: Network Management Tool Catalog April 1990 curses DOS Internet Rover Comp. Security Checklist net_monitor ConnectVIEW nfswatch hammer osimon hopcheck snmpperfmon LAN Patrol LANWatch netmon (I) debugger NETMON (III) SPIMS netwatch OverVIEW ping DECnet Snmp Libraries decaddrs snmpd (II) LANWatch TokenVIEW NETMON (III) XNETMON (II) net_monitor xnetperfmon NMC Sniffer Snmp Libraries eavesdrop SpiderMonitor ENTM XNETMON (II) etherfind xnetperfmon EtherView LAN Patrol LanProbe DNS LANWatch DiG NETMON (II) LANWatch netwatch netmon (I) nfswatch nslookup NNStat OSITRACE Sniffer SpiderMonitor Tcplogger TRPT IETF NOCTools Working Group [Page 10] RFC 1147 FYI: Network Management Tool Catalog April 1990 ethernet free arp arp ConnectVIEW CMIP Library ENTM CMU SNMP etherfind DiG etherhostprobe ENTM EtherMeter etherhostprobe EtherView hammer LAN Patrol hopcheck LanProbe HyperMIB LANWatch Internet Rover map map NETMON (III) netmon (I) netwatch NETMON (II) Network Integrator netstat nfswatch netwatch NMC net_monitor NNStat nfswatch proxyd nhfsstone SERAG NNStat Sniffer NPRV Snmp Libraries nslookup snmpd (II) osilog SpiderMonitor osimic tcpdump osimon Unisys NCC OSITRACE WIN/MGT Station ping XNETMON (II) query xnetperfmon sma SNMP Kit tcpdump FDDI tcplogger Unisys NCC traceroute TRPT TTCP generator hammer nhfsstone ping Sniffer SpiderMonitor spray TTCP Unisys NCC IETF NOCTools Working Group [Page 11] RFC 1147 FYI: Network Management Tool Catalog April 1990 HP IP xup arp CMU SNMP Dual Manager ENTM etherfind etherhostprobe EtherView getone hammer hopcheck Internet Rover LANWatch map Netlabs CMOT Agent Netlabs SNMP Agent netmon (I) NETMON (II) NETMON (III) netstat netwatch net_monitor nfswatch NMC NNStat NPRV OverVIEW ping proxyd query SERAG Sniffer SNMP Kit Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch IETF NOCTools Working Group [Page 12] RFC 1147 FYI: Network Management Tool Catalog April 1990 snmpxbar snmpxconn manager snmpxmon CMIP Library snmpxperf CMU SNMP snmpxperfmon ConnectVIEW snmpxrtmetric decaddrs SpiderMonitor Dual Manager SPIMS getone spray LanProbe Tcpdump map Tcplogger Netlabs CMOT Agent Traceroute Netlabs SNMP Agent TRPT NETMON (III) TTCP NMC Unisys NCC NNStat WIN/MGT Station osilog xnetmon (I) osimic XNETMON (II) osimon xnetperfmon OverVIEW sma SNMP Kit library Snmp Libraries CMIP Library snmpask Dual Manager snmpd (I) LANWatch snmpd (II) proxyd snmplookup WIN/MGT Station snmpperfmon snmppoll snmpquery Macintosh snmproute HyperMIB snmpsrc snmpset snmpstat snmptrapd snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 13] RFC 1147 FYI: Network Management Tool Catalog April 1990 map NMS decaddrs CMU SNMP etherhostprobe ConnectVIEW EtherMeter decaddrs LanProbe Dual Manager map EtherMeter NETMON (III) getone Network Integrator LanProbe NPRV map Snmp Libraries Netlabs CMOT Agent snmpxconn Netlabs SNMP Agent snmpxmon NETMON (III) Unisys NCC NMC xnetmon (I) NNStat XNETMON (II) OverVIEW proxyd SERAG NFS SNMP Kit etherfind Snmp Libraries EtherView snmpask nfswatch snmpd (I) nhfsstone snmpd (II) Sniffer snmplookup tcpdump snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 14] RFC 1147 FYI: Network Management Tool Catalog April 1990 OSI ring CMIP Library ConnectVIEW Dual Manager LANWatch LANWatch map Netlabs CMOT Agent NETMON (III) NETMON (III) netwatch osilog proxyd osimic Sniffer osimon Snmp Libraries OSITRACE snmpd (II) sma TokenVIEW Sniffer XNETMON (II) Snmp Libraries xnetperfmon SpiderMonitor SPIMS XNETMON (II) routing xnetperfmon arp ConnectVIEW decaddrs ping etherhostprobe etherhostprobe getone hopcheck hopcheck Internet Rover NETMON (III) map netstat netmon (I) net_monitor net_monitor NMC NPRV NPRV ping query spray Snmp Libraries traceroute snmproute TTCP snmpsrc Unisys NCC snmpxrtmetric xup traceroute WIN/MGT Station XNETMON (II) proprietary ConnectVIEW EtherMeter security LanProbe Comp. Security Checklist SERAG ConnectVIEW TokenVIEW Dual Manager LAN Patrol SERAG reference XNETMON (II) HyperMIB Unisys NCC IETF NOCTools Working Group [Page 15] RFC 1147 FYI: Network Management Tool Catalog April 1990 SMTP sourcelib Internet Rover CMIP Library LANWatch CMU SNMP mconnect HyperMIB Sniffer Internet Rover LANWatch map SNMP NETMON (III) CMU SNMP net_monitor decaddrs proxyd Dual Manager SNMP Kit getone Snmp Libraries map Snmpd (II) Netlabs SNMP Agent SpiderMonitor NETMON (III) XNETMON (II) NMC xnetperfmon OverVIEW proxyd SNMP Kit spoof Snmp Libraries DiG snmpask Internet Rover snmpd (I) mconnect snmpd (II) nhfsstone snmplookup nslookup snmpperfmon query snmppoll SPIMS snmpquery snmproute snmpset standalone snmpsrc EtherMeter snmpstat Sniffer snmptrapd SpiderMonitor snmpwatch snmpxbar snmpxconn star snmpxmon LAN Patrol snmpxperf LANWatch snmpxperfmon map snmpxrtmetric NETMON (III) Unisys NCC proxyd WIN/MGT Station Sniffer xnetmon (I) Snmp Libraries XNETMON (II) snmpd (II) xnetperfmon XNETMON (II) xnetperfmon IETF NOCTools Working Group [Page 16] RFC 1147 FYI: Network Management Tool Catalog April 1990 status traffic CMIP Library ENTM CMU SNMP etherfind ConnectVIEW EtherMeter DiG EtherView Dual Manager LAN Patrol getone LanProbe Internet Rover LANWatch LanProbe NETMON (II) mconnect netwatch Netlabs CMOT Agent Network Integrator Netlabs SNMP Agent nfswatch netmon (I) NMC net_monitor NNStat NMC osimon NNStat OSITRACE NPRV Sniffer nslookup snmpxperfmon osimic SpiderMonitor osimon tcpdump OverVIEW tcplogger ping TRPT proxyd Unisys NCC sma WIN/MGT Station SNMP Kit Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmpstat snmpwatch snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon TokenVIEW Unisys NCC WIN/MGT Station xnetmon (I) XNETMON (II) xnetperfmon xup IETF NOCTools Working Group [Page 17] RFC 1147 FYI: Network Management Tool Catalog April 1990 snmpxbar UNIX snmpxconn arp snmpxmon CMIP Library snmpxperf CMU SNMP snmpxperfmon decaddrs snmpxrtmetric DiG SPIMS Dual Manager spray etherfind tcpdump etherhostprobe tcplogger EtherView traceroute getone TRPT Internet Rover TTCP map Unisys NCC mconnect WIN/MGT Station NETMON (II) xnetmon (I) netstat XNETMON (II) Network Integrator xnetperfmon net_monitor nfswatch nhfsstone VMS NMC arp NNStat ENTM nslookup netstat osilog net_monitor osimic NPRV osimon nslookup OSITRACE ping ping Snmp Libraries proxyd tcpdump query traceroute SERAG TTCP sma XNETMON (II) SNMP Kit xnetperfmon Snmp Libraries snmpask snmpd (I) snmpd (II) snmplookup snmpperfmon snmppoll snmpquery snmproute snmpset snmpsrc snmpstat snmptrapd snmpwatch IETF NOCTools Working Group [Page 18] RFC 1147 FYI: Network Management Tool Catalog April 1990 X Dual Manager map snmpxbar snmpxconn snmpxmon snmpxperf snmpxperfmon snmpxrtmetric WIN/MGT Station XNETMON (II) xnetperfmon xup IETF NOCTools Working Group [Page 19] RFC 1147 FYI: Network Management Tool Catalog April 1990 3. Tool Descriptions This section is a collection of brief descriptions of tools for managing TCP/IP internets. These entries are in alpha- betical order, by tool name. The entries all follow a standard format. Immediately after the NAME of a tool are its associated KEYWORDS. Keywords are terse descriptions of the purposes or attributes of a tool. A more detailed description of a tool's purpose and characteristics is given in the ABSTRACT section. The MECHANISM section describes how a tool works. In CAVEATS, warnings about tool use are given. In BUGS, known bugs or bug-report procedures are given. LIMITATIONS describes the boundaries of a tool's capabilities. HARDWARE REQUIRED and SOFTWARE REQUIRED relate the operational environment a tool needs. Finally, in AVAILABILITY, pointers to vendors, online repositories, or other sources for a tool are given. We deal with the problem of tool-name clashes -- different tools that have the same name -- by appending parenthetical roman numerals to the names. For example, BYU, MITRE, and SNMP Research each submitted a description of a tool called "NETMON." These tools were independently developed, are functionally different, run in different environments, and are no more related than Richard Burton the 19th century explorer and Richard Burton the 20th century actor. BYU's tool "NETMON" is listed as "NETMON (I)," MITRE's as "NETMON (II)," and the tool from SNMP Research as "NETMON (III)." The parenthetical roman numerals reveal only the order in which the catalog editor received the tool descriptions. They should not be construed to indicate any sort of prefer- ence, priority, or rights to a tool name. IETF NOCTools Working Group [Page 20] Internet Tool Catalog ARP NAME arp KEYWORDS routing; ethernet, IP; UNIX, VMS; free. ABSTRACT Arp displays and can modify the internet-to-ethernet address translations tables used by ARP, the address resolution protocol. MECHANISM The arp program accesses operating system memory to read the ARP data structures. CAVEATS None. BUGS None known. LIMITATIONS Only the super user can modify ARP entries. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX or related OS, or VMS. AVAILABILITY Available via anonymous FTP from uunet.uu.net, in directory bsd-sources/src/etc. Available with 4.xBSD UNIX and related operating systems. For VMS, available as part of TGV MultiNet IP software package, as well as Wollongong's WIN/TCP. IETF NOCTools Working Group [Page 21] Internet Tool Catalog CMIP LIBRARY NAME CMIP Library KEYWORDS alarm, control, manager, status; OSI; UNIX; free, library, sourcelib. ABSTRACT The CMIP Library implements the functionality of the Common Management Information Service/Protocol as in the documents ISO DP 9595-2/9596-2 of March 1988. It can act as a building block for the construction of CMIP-based agent and manager applications. MECHANISM The CMIP library uses ISO ROS, ACSE and ASN.1 presenta- tion, as implemented in ISODE, to provide its service. CAVEATS None. BUGS None known. LIMITATIONS The M-CREATE, M-DELETE and M-ACTION protocol primitives are not implemented in this version. HARDWARE REQUIRED Developed on Sun3, tested on Sun3 and VAXStation. SOFTWARE REQUIRED The ISODE protocol suite, BSD UNIX. AVAILABILITY The CMIP library and related management tools built upon it, known as OSIMIS (OSI Management Information Service), are publicly available from University Col- lege London, England via FTP and FTAM. To obtain information regarding a copy send email to gknight@ac.ucl.cs.uk or call +44 1 380 7366. IETF NOCTools Working Group [Page 22] Internet Tool Catalog CMU SNMP NAME The CMU SNMP Distribution KEYWORDS manager, status; IP; NMS, SNMP; UNIX; free, sourcelib. ABSTRACT The CMU SNMP Distribution includes source code for an SNMP agent, several SNMP client applications, an ASN.1 library, and supporting documentation. The agent compiles into about 10 KB of 68000 code. The distribution includes a full agent that runs on a Kinetics FastPath2/3/4, and is built into the KIP appletalk/ethernet gateway. The machine independent portions of this agent also run on CMU's IBM PC/AT based router. The applications are designed to be useful in the real world. Information is collected and presented in a useful format and is suitable for everyday status moni- toring. Input and output are interpreted symbolically. The tools can be used without referencing the RFCs. MECHANISM SNMP. CAVEATS None. BUGS None reported. Send bug reports to sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you zero ell.") LIMITATIONS None reported. HARDWARE REQUIRED The KIP gateway agent runs on a Kinetics FastPath2/3/4. Otherwise, no restrictions. SOFTWARE REQUIRED The code was written with efficiency and portability in mind. The applications compile and run on the follow- ing systems: IBM PC/RT running ACIS Release 3, Sun3/50 running SUNOS 3.5, and the DEC microVax running Ultrix 2.2. They are expected to run on any system with a IETF NOCTools Working Group [Page 23] Internet Tool Catalog CMU SNMP Berkeley socket interface. AVAILABILITY This distribution is copyrighted by CMU, but may be used and sold without permission. Consult the copy- right notices for further information. The distribu- tion is available by anonymous FTP from the host lancaster.andrew.cmu.edu (128.2.13.21) as the files pub/cmu-snmp.9.tar, and pub/kip-snmp.9.tar. The former includes the libraries and the applications, and the latter is the KIP SNMP agent. Please direct questions, comments, and bug reports to sw0l+snmp@andrew.cmu.edu. ("sw0l" is "ess double-you zero ell.") If you pick up this package, please send a note to the above address, so that you may be notified of future enhancements/changes and additions to the set of applications (several are planned). IETF NOCTools Working Group [Page 24] Internet Tool Catalog COMPUTER SECURITY CHECKLIST NAME Computer Security Checklist KEYWORDS security; DOS. ABSTRACT This program consists of 858 computer security ques- tions divided up in thirteen sections. The program presents the questions to the user and records their responses. After answering the questions in one of the thirteen sections, the user can generate a report from the questions and the user's answers. The thirteen sections are: telecommunications security, physical access security, personnel security, systems develop- ment security, security awareness and training prac- tices, organizational and management security, data and program security, processing and operations security, ergonomics and error prevention, environmental secu- rity, and backup and recovery security. The questions are weighted as to their importance, and the report generator can sort the questions by weight. This way the most important issues can be tackled first. MECHANISM The questions are displayed on the screen and the user is prompted for a single keystroke reply. When the end of one of the thirteen sections is reached, the answers are written to a disk file. The question file and the answer file are merged to create the report file. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED DOS operating system. IETF NOCTools Working Group [Page 25] Internet Tool Catalog COMPUTER SECURITY CHECKLIST AVAILABILITY A commercial product available from: C.D., Ltd. P.O. Box 58363 Seattle, WA 98138 (206) 243-8700 IETF NOCTools Working Group [Page 26] Internet Tool Catalog CONNECTVIEW NAME ConnectVIEW KEYWORDS control, manager, routing, security, status; bridge, ethernet, ring; NMS, proprietary; DOS. ABSTRACT The ConnectVIEW Network Management System consists of various software managers that control and manage Hal- ley System's internets made of of ConnectLAN 100 ether- net and ConnectLAN 200 Token Ring Brouters. The management software provides an icon-based graphical network display with real-time monitoring and report- ing, along with configuration, fault, performance and security management functions for managing ConnectLAN brouters. A Planning function is also provided that allows users to draw their networks. MECHANISM Proprietary. CAVEATS The ConnectVIEW software must be running under Micro- soft Windows, preferably on a dedicated management sta- tion. There is, however, no degradation of LAN throughput. BUGS None known. LIMITATIONS Currently works only with Halley System's products. HARDWARE REQUIRED Requires a PC/AT compatible, with 640KB RAM, EGA adapter and monitor, keyboard, mouse, and ethernet adapter. SOFTWARE REQUIRED MSDOS 3.3 or higher. Microsoft Windows/286 version 2.1. AVAILABILITY Commercially available from: Halley Systems, Inc. 2730 Orchard Parkway San Jose, CA 95134 IETF NOCTools Working Group [Page 27] Internet Tool Catalog CONNECTVIEW NAME decaddrs, decaroute, decnroute, xnsroutes, bridgetab KEYWORDS manager, map, routing; bridge, DECnet; NMS, SNMP; UNIX. ABSTRACT These commands display private MIB information from Wellfleet systems. They retrieve and format for display values of one or several MIB variables from the Wellfleet Communications private enterprise MIB, using the SNMP (RFC1098). In particular these tools are used to examine the non-IP modules (DECnet, XNS, and Bridg- ing) of a Wellfleet system. Decaddrs displays the DECnet configuration of a Wellfleet system acting as a DECnet router, showing the static parameters associated with each DECnet inter- face. Decaroute and decnroute display the DECnet inter-area and intra-area routing tables (that is area routes and node routes). Xnsroutes displays routes known to a Wellfleet system acting as an XNS router. Bridgetab displays the bridge forwarding table with the disposition of traffic arriving from or directed to each station known to the Wellfleet bridge module. All these commands take an IP address as the argument and can specify an SNMP community for the retrieval. One SNMP query is performed for each row of the table. Note that the Wellfleet system must be operating as an IP router for the SNMP to be accessible. MECHANISM Management information is exchanged by use of SNMP. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Distributed and supported for Sun 3 systems. SOFTWARE REQUIRED Distributed and supported for SunOS 3.5 and 4.x. IETF NOCTools Working Group [Page 28] Internet Tool Catalog DECADDRS, DECAROUTE, et al. AVAILABILITY Commercial product of: Wellfleet Communications, Inc. 12 DeAngelo Drive Bedford, MA 01730-2204 (617) 275-2400 IETF NOCTools Working Group [Page 29] Internet Tool Catalog DIG NAME DiG KEYWORDS status; DNS; spoof; UNIX; free. ABSTRACT DiG (domain information groper), is a command line tool which queries DNS servers in either an interactive or a batch mode. It was developed to be more convenient/flexible than nslookup for gathering perfor- mance data and testing DNS servers. MECHANISM Dig is built on a slightly modified version of the bind resolver (release 4.8). CAVEATS none. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX. AVAILABILITY DiG is available via anonymous FTP from venera.isi.edu in pub/dig.1.0.tar.Z. IETF NOCTools Working Group [Page 30] Internet Tool Catalog DUAL MANAGER NAME Dual Manager KEYWORDS alarm, control, manager, map, security, status; IP, OSI; NMS, SNMP, X; UNIX; library. ABSTRACT Netlabs' Dual Manager provides management of TCP/IP networks using both SNMP and CMOT protocols. Such management can be initiated either through the X- Windows user interface (both Motif and Openlook), or through OSI Network Management (CMIP) commands. The Dual Manager provides for configuration, fault, secu- rity and performance management. It provides extensive map management features, including scanned maps in the background. It provides simple mechanisms to extend the MIB and assign specific lists of objects to specific network elements, thereby providing for the management of all vendors' specific MIB extensions. It provides an optional relational DBMS for storing and retrieving MIB and alarm information. Finally, the Dual Manager is an open platform, in that it provides several Application Programming Interfaces (APIs) for users to extend the functionality of the Dual Manager. The Dual Manager is expected to work as a TCP/IP "branch manager" under DEC's EMA, AT&T's UNMA and other OSI-conformant enterprise management architectures. MECHANISM The Netlabs Dual Manager supports the control and moni- toring of network resources by use of both CMOT and SNMP message exchanges. CAVEATS None. BUGS None known. LIMITATIONS None reported. HARDWARE REQUIRED Runs on Sun/3 and Sun/4s. IETF NOCTools Working Group [Page 31] Internet Tool Catalog DUAL MANAGER SOFTWARE REQUIRED Available on System V or SCO Open Desktop environments. Uses X-Windows for the user interface. AVAILABILITY Commercially available from: Netlabs Inc 11693 Chenault Street Ste 348 Los Angeles CA 90049 (213) 476-4070 lam@netlabs.com (Anne Lam) IETF NOCTools Working Group [Page 32] Internet Tool Catalog ENTM NAME ENTM -- Ethernet Traffic Monitor KEYWORDS traffic; ethernet, IP; eavesdrop; VMS; free. ABSTRACT ENTM is a screen-oriented utility that runs under VAX/VMS. It monitors local ethernet traffic and displays either a real time or cumulative, histogram showing a percent breakdown of traffic by ethernet pro- tocol type. The information in the display can be reported based on packet count or byte count. The per- cent of broadcast, multicast and approximate lost pack- ets is reported as well. The screen display is updated every three seconds. Additionally, a real time, slid- ing history window may be displayed showing ethernet traffic patterns for the last five minutes. ENTM can also report IP traffic statistics by packet count or byte count. The IP histograms reflect infor- mation collected at the TCP and UDP port level, includ- ing ICMP type/code combinations. Both the ethernet and IP histograms may be sorted by ASCII protocol/port name or by percent-value. All screen displays can be saved in a file for printing later. MECHANISM This utility simply places the ethernet controller in promiscuous mode and monitors the local area network traffic. It preallocates 10 receive buffers and attempts to keep 22 reads pending on the ethernet dev- ice. CAVEATS Placing the ethernet controller in promiscuous mode may severly slow down a VAX system. Depending on the speed of the VAX system and the amount of traffic on the lo- cal ethernet, a large amount of CPU time may be spent on the Interrupt Stack. Running this code on any pro- duction system during operational hours is discouraged. IETF NOCTools Working Group [Page 33] Internet Tool Catalog ENTM BUGS Due to a bug in the VAX/VMS ethernet/802 device driver, IEEE 802 format packets may not always be detected. A simple test is performed to "guess" which packets are in IEEE 802 format (DSAP equal to SSAP). Thus, some DSAP/SSAP pairs may be reported as an ethernet type, while valid ethernet types may be reported as IEEE 802 packets. In some hardware configurations, placing an ethernet controller in promiscuous mode with automatic-restart enabled will hang the controller. Our VAX 8650 hangs running this code, while our uVAX IIs and uVAX IIIs do not. Please report any additional bugs to the author at: Allen Sturtevant National Magnetic Fusion Energy Computer Center Lawrence Livermore National Laboratory P.O. Box 808; L-561 Livermore, CA 94550 Phone : (415) 422-8266 E-Mail: sturtevant@ccc.nmfecc.gov LIMITATIONS The user is required to have PHY_IO, TMPMBX and NETMBX privileges. When activated, the program first checks that the user process as enough quotas remaining (BYTLM, BIOLM, ASTLM and PAGFLQUO) to successfully run the program without entering into an involuntary wait state. Some quotas require a fairly generous setting. The contents of IEEE 802 packets are not examined. Only the presence of IEEE 802 packets on the wire is reported. The count of lost packets is approximated. If, after each read completes on the ethernet device, the utility detects that it has no reads pending on that device, the lost packet counter is incremented by one. When the total number of bytes processed exceeds 7fffffff hex, all counters are automatically reset to zero. HARDWARE REQUIRED A DEC ethernet controller. IETF NOCTools Working Group [Page 34] Internet Tool Catalog ENTM SOFTWARE REQUIRED VAX/VMS version V5.1+. AVAILABILITY For executables only, FTP to the ANONYMOUS account (password GUEST) on CCC.NMFECC.GOV and GET the follow- ing files: [ANONYMOUS.PROGRAMS.ENTM]ENTM.DOC (ASCII text) [ANONYMOUS.PROGRAMS.ENTM]ENTM.EXE (binary) [ANONYMOUS.PROGRAMS.ENTM]EN_TYPES.DAT (ASCII text) [ANONYMOUS.PROGRAMS.ENTM]IP_TYPES.DAT (ASCII text) IETF NOCTools Working Group [Page 35] Internet Tool Catalog ETHERFIND NAME etherfind KEYWORDS traffic; ethernet, IP, NFS; eavesdrop; UNIX. ABSTRACT Etherfind examines the packets that traverse a network interface, and outputs a text file describing the traffic. In the file, a single line of text describes a single packet: it contains values such as protocol type, length, source, and destination. Etherfind can print out all packet traffic on the ethernet, or traffic for the local host. Further packet filtering can be done on the basis of protocol: