Archive

Articles taggués ‘monitoring’

Find all active IP addresses in a network

22/09/2022 Aucun commentaire

Today I found myself reconfiguring a wireless access point I hadn’t used in a very long time. I no longer have the manual (so I could reset it to factory defaults) nor do I remember what the obscure IP address I configured it with was. Luckily I do know what network it’s setup for ( 192.168.1.x ) but I don’t want to have to try to connect to all 254 IP addresses (192.168.1.1 through 192.168.1.254) as that would take quite some time.

So what I’m going to do is use Nmap a swiss army knife for network operators and system admins. What we’re going to do is use Nmap to scan the entire network and tell us which IP addresses are active. This will allow us to drastically reduce the number of IP addresses we have to try.

There are Nmap versions for all three major OS’s *nix, OS X and Windows. I’ll be showing you the syntax for the *nix/OS X version.

nmap -sP 192.168.1.0/24

replace 192.168.1.0/24 with whatever network it is you’re trying to scan.
The /24 is the netmask of the network in CDIR notation. If you need a cheat sheet you can find one here

Once you press return (or enter) Nmap will start to work pinging each and every IP address on your network and noting which ones respond and which don’t. (Note that if your device has a firewall that discards ping requests it will appear to be down to this scan)

You’ll quickly get an output similar to the following

Starting Nmap 4.50 ( http://insecure.org ) at 2008-08-19 10:15 PDT
HOST 192.168.1.25 appears to be up.
MAC Address: 0:0F:1F:4C:0B:E6 (WW Pcba Test)
Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.711 seconds

Monitor Network Connections in Mac OS X for Free with Private Eye

15/09/2022 Comments off

Source: OSXdaily

Private Eye is a free real-time network monitor app for Mac OS X that is extremely easy to use. Upon launching the app, you’ll start to see all open network connections by application and process, and you can then filter connections by app, monitor all open connections, or watch only incoming or outgoing transfer.

private-eye-network-connection-monitor-mac

Connections are reported by application, the time of the connection, and arguably the most useful, the IP address that is being connected to by the app, making it easy to see socket and routing data, letting you know exactly what app is communicating with what server or IP address, for both local and broader internet networks. If you have any interest in networking, privacy, security, or you just want to keep an eye on what apps are connecting to the internet and to where, you should download this app, but it’s also an amazingly useful tool for troubleshooting network problems and figuring out what is using the network.

 

Download and install Private Eye by putting it into your /Applications/ folder, then open PrivateEye to get started. The list of open network connections is easy to read, you’ll see a time stamp of the connection, the application name, and where the connection is going to by IP (or coming from, as determined by the arrow pointing left for in, or right for out).

private-eye-connections

Using the left side menu you can quickly break down connections to see them all, only show incoming transfers, outgoing connections, or display connections by specific application only. Apps are easy to identify in this list, as are daemons running in the background (like PubSubAgent), and command line processes belonging to the user are also visible (ssh, for example).

This is a simple yet powerful tool without the complexity or the learning curves related to compiling and using the command line tools lsof, watch, open_ports, or wireshark, and is therefore highly recommended for anyone who is interested in seeing this kind of information, whether it’s out of general curiosity, or to help troubleshoot and diagnose specific network activities.

MOTDStat – Message Of The Day – System Status

10/09/2022 Comments off

MOTDstatVoici un petit outil qui pourrait se révéler bien pratique dans votre vie de SysAdmin GNU/Linuxien icon wink MOTDStat Message Of The Day System Status

Il s’agit de MOTDStat qui via MOTD va vous permettre d’afficher le statut du serveur sur lequel vous vous connectez.

Cela va vous permettre de savoir en un coup d’œil si il y a un problème quelconque sur le serveur.

MOTDStat va générer dynamiquement le fichier /etc/motd avec les informations sur le systèmes et l’utilisation des ressources.

Les informations sont mises à jour via une tâche périodique en crontab. Le message d’origine est stocké dans /etc/motd.orig

Vous pouvez également configurer une adresse de notification, au cas où vous n’auriez pas un service de supervision qui l’aurait déjà fait, selon des limites prédéfinies :

  • Charge CPU
  • Espace disque
  • Si des process spécifiques ne tourne pas
  • Si des services réseaux sont indisponibles
  • Si NTP n’est pas synchronisé avec sa référence
  • Trop de mail en queue

Afin de permettre l’affichage de MOTDStat lorsque vous vous connectez en ssh il faut mettre à jour la configuration du serveur ssh (/etc/ssh/sshd_config) et positionner à « yes » le paramètre PrintMotd, puis redémarrer le service sshd.

PrintMotd yes

Le rapport MoTDStat est organisé en 3 colonnes :

  • 1ère colonne : Informations sur les partitions
  • 2ème colonne : information sur l’utilisation de la mémoire et du swap
  • 3ème colonne : les process et services supervisés

MOTDstat1

Il est possible de configurer via le fichier /etc/motdstat/netservice d’indiquer un nom de service, ce qui rendra l’affichage plus parlant, par exemple :

tcp         127.0.0.1:80        httpd

Pour définir la liste des process à surveiller, il suffit de les préciser dans /etc/motdstat/process

Bref, un petit outils qui peut être sympa lorsque l’on a plusieurs dizaines, centaines, milliers de serveurs icon wink MOTDStat Message Of The Day System Status

 

Liens utiles :

Site Officiel de MOTDStat

Page de MOTDStat sur FreeCode

Categories: Système Tags:

How to set up web-based network traffic monitoring system on Linux

30/07/2022 Comments off

When you are tasked with monitoring network traffic on the local network, you can consider many different options to do it, depending on the scale/traffic of the local network, monitoring platforms/interface, types of backend database, etc.

ntopng is an open-source (GPLv3) network traffic analyzer which provides a web interface for real-time network traffic monitoring. It runs on multiple platforms including Linux and MacOS X. ntopng comes with a simple RMON-like agent with built-in web server capability, and uses Redis-backed key-value server to store time series statistics. You can install ntopng network traffic analyzer on any designated monitoring server connected to your network, and use a web browser to access real-time traffic reports available on the server.

In this tutorial, I will describe how to set up a web-based network traffic monitoring system on Linux by using ntopng.

Features of ntopng

  • Flow-level, protocol-level real-time analysis of local network traffic.
  • Domain, AS (Autonomous System), VLAN level statistics.
  • Geolocation of IP addresses.
  • Deep packet inspection (DPI) based service discovery (e.g., Google, Facebook).
  • Historical traffic analysis (e.g., hourly, daily, weekly, monthly, yearly).
  • Support for sFlow, NetFlow (v5/v9) and IPFIX through nProbe.
  • Network traffic matrix (who’s talking to who?).
  • IPv6 support.

Install ntopng on Linux

The official website offers binary packages for Ubuntu and CentOS. So if you use either platform, you can install these packages.

If you want to build the latest ntopng from its source, follow the instructions below. (Update: these instructions are valid for ntopng 1.0. For ntopng 1.1 and higher, see the updated instructions).

To build ntopng on Debian, Ubuntu or Linux Mint:

$ sudo apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev
$ tar xzf ntopng-1.0.tar.gz -C ~
$ cd ~/ntopng-1.0/
$ ./configure
$ make geoip
$ make

In the above steps, “make geoip” will automatically download a free version of GeoIP databases with wget from maxmind.com. So make sure that your system is connected to the network.

To build ntopng on Fedora:

$ sudo yum install libpcap-devel glib2-devel GeoIP-devel libxml2-devel libxml2-devel redis wget
$ tar xzf ntopng-1.0.tar.gz -C ~
$ cd ~/ntopng-1.0/
$ ./configure
$ make geoip
$ make

To install ntopng on CentOS or RHEL, first set up EPEL repository, and then follow the same instructions as in Fedora above.

Configure ntopng on Linux

After building ntopng, create a configuration directory for ntopng, and prepare default configuration files as follows. I assume that “192.168.1.0/24” is the CIDR address prefix of your local network.

$ sudo mkir /etc/ntopng -p
$ sudo -e /etc/ntopng/ntopng.start
--local-networks "192.168.1.0/24"
--interface 1
$ sudo -e /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid

Lire la suite…

How to monitor a Linux server and desktop remotely from web browser

28/07/2022 Comments off

Monitoring Linux server

When it comes to monitoring a Linux server, there are more than enough options to choose from. While there are many production-quality monitoring solutions (e.g., Nagios, Zabbix, Zenoss), boasting of fancy UI, monitoring scalability, comprehensive reporting capabilities, etc., these solutions are probably an overkill for most of us end users. If all you need is to check the basic status (e.g., CPU load, memory usage, active processes, disk usage) of a remote Linux server or desktop, consider linux-dash.

linux-dash is a web-based lightweight monitoring dashboard for Linux machines, which can display, in real-time, various system properties, such as CPU load, RAM usage, disk usage, Internet speed, network connections, RX/TX bandwidth, logged-in users, running processes etc. linux-dash does not come with any backend database for storing long-term statistics. Simply drop in linux-dash app in an existing web server (e.g., Apache, Nginx), and you are good to go. It is a quick and easy way to set up remote monitoring for personal projects.

In this tutorial, I am going to describe how to set up linux-dash in Nginx web server on Linux. Nginx is preferred over Apache web server due to its lightweight engine.

Set up linux-dash on Debian, Ubuntu or Linux Mint

First, install Nginx web server with php-fpm.

$ sudo apt-get install git nginx php5-json php5-fpm php5-curl

Configure Nginx for linux-dash app by creating /etc/nginx/conf.d/linuxdash.conf as follows. In this example, we are going to use port 8080.

$ sudo vi /etc/nginx/conf.d/linuxdash.conf
server {
 server_name $domain_name;
 listen 8080;
 root /var/www;
 index index.html index.php;
 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;
 
 location ~* .(?:xml|ogg|mp3|mp4|ogv|svg|svgz|eot|otf|woff|ttf|css|js|jpg|jpeg|gif|png|ico)$ {
 try_files $uri =404;
 expires max;
 access_log off;
 add_header Pragma public;
 add_header Cache-Control "public, must-revalidate, proxy-revalidate";
 }
 
 location /linux-dash {
 index index.html index.php;
 }
 
 # PHP-FPM via sockets
 location ~ .php(/|$) {
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_split_path_info ^(. ?.php)(/.*)$;
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 if (!-f $document_root$fastcgi_script_name) {
 return 404;
 }
 try_files $uri $uri/ /index.php?$args;
 include fastcgi_params;
 }
}

Disable the default site configuration.

$ sudo rm /etc/nginx/sites-enabled/default

Configure php-fpm by editing /etc/php5/fpm/pool.d/www.conf. Make sure to edit “user“, “group” and “listen” directives as shown below. You can keep the rest of the configuration unchanged.

$ sudo vi /etc/php5/fpm/pool.d/www.conf

. . .
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
. . .

Proceed to download and install linux-dash.

$ git clone https://github.com/afaqurk/linux-dash.git
$ sudo cp -r linux-dash/ /var/www/
$ sudo chown -R www-data:www-data /var/www

Restart Nginx web server as well as php5-fpm to finalize installation.

$ sudo service php5-fpm restart
$ sudo service nginx restart

Lire la suite…