Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Installing and Configuring Network Monitoring Software

Save for later
  • 9 min read
  • 02 Jun 2015

article-image

This article written by Bill Pretty, Glenn Vander Veer, authors of the book Building Networks and Servers Using BeagleBone will serve as an installation guide for the software that will be used to monitor the traffic on your local network. These utilities can help determine which devices on your network are hogging the bandwidth, which slows down the network for other devices on your network. Here are the topics that we are going to cover:

  • Installing traceroute and My Trace Route (MTR or Matt's Traceroute): These utilities will give you a real-time view of the connection between one node and another
  • Installing Nmap: This utility is a network scanner that can list all the hosts on your network and all the services available on those hosts
  • Installing iptraf-ng: This utility gathers various network traffic information and statistics

(For more resources related to this topic, see here.)


Installing Traceroute


Traceroute is a tool that can show the path from one node on a network to another. This can help determine the ideal placement of a router to maximize wireless bandwidth in order to stream music and videos from the BeagleBone server to remote devices. Traceroute can be installed with the following command:

apt-get install traceroute


 

installing-and-configuring-network-monitoring-software-img-0

Once Traceroute is installed, it can be run to find the path from the BeagleBone to any server anywhere in the world. For example, here's the route from my BeagelBone to the Canadian Google servers:

installing-and-configuring-network-monitoring-software-img-1

Now, it is time to decipher all the information that is presented. This first command line tells traceroute the parameters that it must use:

traceroute to google.ca (74.125.225.23), 30 hops max, 60 byte packets


This gives the hostname, the IP address returned by the DNS server, the maximum number of hops to be taken, and the size of the data packet to be sent. The maximum number of hops can be changed with the –m flag and can be up to 255. In the context of this book, this will not have to be changed.

After the first line, the next few lines show the trip from the BeagleBone, through the intermediate hosts (or hops), to the Google.ca server. Each line follows the following format:

hop_number host_name (host IP_address) packet_round_trip_times


From the command that was run previously (specifically hop number 4):

2 10.149.206.1 (10.149.206.1) 15.335 ms 17.319 ms 17.232 ms


Here's a breakdown of the output:

  • The hop number 2: This is a count of the number of hosts between this host and the originating host. The higher the number, the greater is the number of computers that the traffic has to go through to reach its destination.
  • 10.149.206.1: This denotes the hostname. This is the result of a reverse DNS lookup on the IP address. If no information is returned from the DNS query (as in this case), the IP address of the host is given instead.
  • (10.149.206.1): This is the actual host IP address.
  • Various numbers: This is the round-trip time for a packet to go from the BeagleBone to the server and back again. These numbers will vary depending on network traffic, and lower is better.


Sometimes, the traceroute will return some asterisks (*). This indicates that the packet has not been acknowledged by the host. If there are consecutive asterisks and the final destination is not reached, then there may be a routing problem. In a local network trace, it most likely is a firewall that is blocking the data packet.

Installing My Traceroute


My Traceroute (MTR) is an extension of traceroute, which probes the routers on the path from the packet source and destination, and keeps track of the response times of the hops. It does this repeatedly so that the response times can be averaged.

Now, install mtr with the following command:

sudo apt-get install mtr


After it is run, mtr will provide quite a bit more information to look at, which would look like the following:

installing-and-configuring-network-monitoring-software-img-2

While the output may look similar, the big advantage over traceroute is that the output is constantly updated. This allows you to accumulate trends and averages and also see how network performance varies over time.

When using traceroute, there is a possibility that the packets that were sent to each hop happened to make the trip without incident, even in a situation where the route is suffering from intermittent packet loss. The mtr utility allows you to monitor this by gathering data over a wider range of time.

Here's an mtr trace from my Beaglebone to my Android smartphone:

installing-and-configuring-network-monitoring-software-img-3

Here's another trace, after I changed the orientation of the antennae of my router:

installing-and-configuring-network-monitoring-software-img-4

As you can see, the original orientation was almost 100 milliseconds faster for ping traffic.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at AU $24.99/month. Cancel anytime

Installing Nmap


Nmap is designed to allow the scanning of networks in order to determine which hosts are up and what services are they offering. Nmap supports a large number of scanning options, which are overkill for what will be done in this book.

Nmap is installed with the following command:

sudo apt-get install nmap


Answer Yes to install nmap and its dependent packages.

installing-and-configuring-network-monitoring-software-img-5

Using Nmap


After it is installed, run the following command to see all the hosts that are currently on the network:

nmap –T4 –F <your_local_ip_range>


The option -T4 sets the timing template to be used, and the -F option is for fast scanning. There are other options that can be used and found via the nmap manpage.

Here, your_local_ip_range is within the range of addresses assigned by your router.

Here's a node scan of my local network. If you have a lot of devices on your local network, this command may take a long time to complete.

installing-and-configuring-network-monitoring-software-img-6

Now, I know that I have more nodes on my network, but they don't show up. This is because the command we ran didn't tell nmap to explicitly query each IP address to see whether the host responds but to query common ports that may be open to traffic.

Instead, only use the -Pn option in the command to tell nmap to scan all the ports for every address in the range. This will scan more ports on each address to determine whether the host is active or not.

installing-and-configuring-network-monitoring-software-img-7

Here, we can see that there are definitely more hosts registered in the router device table. This scan will attempt to scan a host IP address even if the device is powered off.

Resetting the router and running the same scan will scan the same address range, but it will not return any device names for devices that are not powered at the time of the scan.

You will notice that after scanning, nmap reports that some IP addresses' ports are closed and some are filtered. Closed ports are usually maintained on the addresses of devices that are locked down by their firewall. Filtered ports are on the addresses that will be handled by the router because there actually isn't a node assigned to these addresses.

Here's a part of the output from an nmap scan of my Windows machine:

installing-and-configuring-network-monitoring-software-img-8

Here's a part of the output of a scan of the BeagleBone:

installing-and-configuring-network-monitoring-software-img-9

Installing iptraf-ng


Iptraf-ng is a utility that monitors traffic on any of the interfaces or IP addresses on your network via custom filters. Because iptraf-ng is based on the ncurses libraries, we will have to install them first before downloading and compiling the actual iptraf-ng package. To install ncurses, run the following command:

sudo apt-get install libncurses5-dev


Here's how you will install ncurses and its dependent packages:

installing-and-configuring-network-monitoring-software-img-10

Once ncurses is installed, download and extract the iptraf-ng tarball so that it can be built.

At the time of writing this book, iptrf-ng's version 1.1.4 was available. This will change over time, and a quick search on Google will give you the latest and greatest version to download. You can download this version with the following command:

wget https://fedorahosted.org/releases/i/p/iptraf-ng/iptraf-ng- 
 <current_version_number>.tar.gz


The following screenshot shows how to download the iptraf-ng tarball:

installing-and-configuring-network-monitoring-software-img-11

After we have completed the downloading, extract the tarball using the following command:

tar –xzf iptraf-ng-<current_version_number>.tar.gz


Navigate to the iptraf-ng directory created by the tar command and issue the following commands:

./configure
make
sudo make install


After these commands are complete, iptraf-ng is ready to run, using the following command:

sudo iptraf-ng


When the program starts, you will be presented with the following screen:

installing-and-configuring-network-monitoring-software-img-12

Configuring iptraf-ng


As an example, we are going to monitor all incoming traffic to the BeagleBone. In order to do this, iptraf-ng should be configured.

Selecting the Configure... menu item will show you the following screen:

installing-and-configuring-network-monitoring-software-img-13

Here, settings can be changed by highlighting an option in the left-hand side window and pressing Enter to select a new value, which will be shown in the Current Settings window. In this case, I have enabled all the options except Logging. Exit the configuration screen and enter the Filter Status screen. This is where we will set up the filter to only monitor traffic coming to the BeagleBone and from it.

Then, the following screen will be presented:

installing-and-configuring-network-monitoring-software-img-14

Selecting IP... will create an IP filter, and the following subscreen will pop up:

installing-and-configuring-network-monitoring-software-img-15

Selecting Define new filter... will allow the creation and saving of a filter that will only display traffic for the IP address and the IP protocols that are selected, as shown in the following screenshot:

installing-and-configuring-network-monitoring-software-img-16

Here, I have put in the BeagleBone's IP address, and to match all IP protocols. Once saved, return to the main menu and select IP traffic monitor. Here, you will be able to select the network interfaces to be monitored. Because my BeagleBone is connected to my wired network, I have selected eth0. The following screenshot should shows us the options:

installing-and-configuring-network-monitoring-software-img-17

If all went well with your filter, you should see traffic to your BeagleBone and from it. Here are the entries for my PuTTy session; 192.168.17.2 is my Windows 8 machine, and 192.168.17.15 is my BeagleBone:

installing-and-configuring-network-monitoring-software-img-18

Here's an image of the traffic generated by browsing the DLNA server from the Windows Explorer:

installing-and-configuring-network-monitoring-software-img-19

Moreover, here's the traffic from my Android smartphone running a DLNA player, browsing the shared directories that were set up:

installing-and-configuring-network-monitoring-software-img-20

Summary


In this article, you saw how to install and configure the software that will be used to monitor the traffic on your local network. With these programs and a bit of experience, you can determine which devices on your network are hogging the bandwidth and find out whether you have any unauthorized users.

Resources for Article:





Further resources on this subject: