OAUNETMON: OAUNETMON: A Network Traffic A Network Traffic Monitoring Monitoring ToolTool

Olatunde AbionaOlatunde Abiona

Lecturer/Computer EngineerLecturer/Computer Engineer

Department of Computer Department of Computer Science & EngineeringScience & Engineering

Obafemi Awolowo Obafemi Awolowo University, Ile-Ife, University, Ile-Ife, NIGERIANIGERIA

World MapWorld Map

©1996 MAGELLAN Geographix Santa ©1996 MAGELLAN Geographix Santa Barbara, CA (800) 929-4MAP Barbara, CA (800) 929-4MAP

AfricaAfrica

NigeriaNigeria

Ile-Ife

Obafemi Awolowo University, Ile-IfeObafemi Awolowo University, Ile-Ife

Oduduwa HallOduduwa Hall

Obafemi Awolowo University, Ile-IfeObafemi Awolowo University, Ile-Ife

College of Health Sciences buildingCollege of Health Sciences building

Obafemi Awolowo University, Ile-IfeObafemi Awolowo University, Ile-IfeComputer Science & Engineering Dept.Computer Science & Engineering Dept.

Outline of the PresentationOutline of the Presentation

• IntroductionIntroduction

• The Obafemi Awolowo University The Obafemi Awolowo University Network (OAUNet).Network (OAUNet).

• Design/Architecture of OAUNETMON.Design/Architecture of OAUNETMON.

• Some screen shots of OAUNETMON.Some screen shots of OAUNETMON.

• ConclusionsConclusions

The Obafemi Awolowo The Obafemi Awolowo University Ile-Ife, NigeriaUniversity Ile-Ife, Nigeria

• 250km North-East of Lagos 250km North-East of Lagos

• 20,000 students, 13 faculties and 2 colleges 20,000 students, 13 faculties and 2 colleges

• Campus network: TCP/IP protocol and LINUX Campus network: TCP/IP protocol and LINUX operating system. operating system.

• Wireless spread spectrum radio technique for Wireless spread spectrum radio technique for linking buildings linking buildings

• Over 600 individual account users, within a year Over 600 individual account users, within a year of operation. of operation.

• Capacity building component provided critical Capacity building component provided critical mass of competent Technical Staffmass of competent Technical Staff

The Obafemi Awolowo The Obafemi Awolowo University. Network (OAUNet).University. Network (OAUNet).

• Was born out of a collaboration between Was born out of a collaboration between International Centre for Theoretical Physics International Centre for Theoretical Physics (ICTP), Trieste Italy and Obafemi Awolowo (ICTP), Trieste Italy and Obafemi Awolowo University (OAU) Ile-Ife Nigeria (1996).University (OAU) Ile-Ife Nigeria (1996).

• Started with 3 subnets now over 14 subnets Started with 3 subnets now over 14 subnets and 9 cyber cafes.and 9 cyber cafes.

• Full Internet connectivity ie 256 Kbps Uplink Full Internet connectivity ie 256 Kbps Uplink and 512 Kbps Downlink bustable to 1Mbps.and 512 Kbps Downlink bustable to 1Mbps.

OAUNET - Main Network OAUNET - Main Network DiagramDiagram

MainHUB

sc tech cs

usb chs agric

NC

FirstGeneration

SecondGeneration

ThirdGeneration

Keysc - sciencestech - Technologycs - Computer Scienceusb - Secretariatchs - Health ScienceAgric- AgricultureNC - NACTEMOA - OAU Teaching hospital

OSFourth Generation

AP2Mbps

VSAT Earth Station

64 Kbps

Dial upMODEM33 Kbps

OS OSOS C

OSOSOS

C

Fifth GenerationOS OS C C C

Main HUB or Main HUB or networknetwork

FirewallProxy

Mail Server

ModemServer

Backup Server

InterSubnetRouter

WLAN Antenna

WEB Server

Terminal Equipment

CISCOrouter

100 base Tx Ethernet Backbone

Pentium IV PCs

Architecture of Most Architecture of Most SubnetsSubnets

Subnet Server(UNIF II)

INTEL Pentium CPU Powered by Linux

Local DHCP Server Local NIS ServerLocal DNS Server

Local Telnet ServerCampus Wide NFS

Static Router Masquerading

and IP forwardingWaveLan cards

SWITCHOne or more client computersRunning Windows or

Linux + KDEProvide Print services,

and telnet clientsAuto- configured through DHCP

Ethernet

AntennaSA 2 Mbps link to

Main network

The original design of the LAN to INTERNET The original design of the LAN to INTERNET

linklink

OAUNETMON SetupOAUNETMON Setup

Features of OAUNETMONFeatures of OAUNETMON

• Non-Intrusive Network Monitoring Non-Intrusive Network Monitoring system.system.

• Web-based network monitor and Web-based network monitor and analysis systemanalysis system

• Capable of Handling Large log filesCapable of Handling Large log files• Capable of monitoring Fast Ethernet or Capable of monitoring Fast Ethernet or

switched network.switched network.• Capable of analyzing Proxy logs (squid Capable of analyzing Proxy logs (squid

access log flies)access log flies)

Design ConsiderationDesign Consideration

• Powerful user interface – web interfacePowerful user interface – web interface• Guaranteed packet capturing – uses gigabit Guaranteed packet capturing – uses gigabit

interface for data captureinterface for data capture• Classification of all protocol information – Classification of all protocol information –

ability to classify and display all possible ability to classify and display all possible protocol in each layerprotocol in each layer

• Security – Access are restricted only to those Security – Access are restricted only to those with valid username and password.with valid username and password.

• Viewing of real-time and historical data – Viewing of real-time and historical data – shows online real-time status data and shows online real-time status data and accumulated historical status data easilyaccumulated historical status data easily

Equipment required for the Equipment required for the setting up OAUNETMONsetting up OAUNETMON• Pentium iv 2.0Ghz CPUPentium iv 2.0Ghz CPU

• 1.0GB Ram, 80.0GB HDD1.0GB Ram, 80.0GB HDD

• FDD, CD Writer 40XFDD, CD Writer 40X

• 1Gigabit Ethernet Switch (D-link DES-1Gigabit Ethernet Switch (D-link DES-3226L)3226L)

• 1Gigabit Network interface card1Gigabit Network interface card

• 700VA UPS700VA UPS

• Linux Operating System ( Mandrake 10.1)Linux Operating System ( Mandrake 10.1)

Architecture of OAUNETMONArchitecture of OAUNETMON

Perl wrapper script

Routine Run_MRTGRoutine Run_MRTG

Routine Run_WebalizerRoutine Run_Webalizer

Daily GraphDaily Graph

Weekly and Monthly GraphWeekly and Monthly Graph

Hosts ListingHosts Listing

Host Usage GraphHost Usage Graph

Hosts Usage Cont…Hosts Usage Cont…

Protocol ListingProtocol Listing

Protocol Usage GraphProtocol Usage Graph

Protocol Usage Cont…Protocol Usage Cont…

Webalizer Webalizer

WebalizerWebalizer

Daily UsageDaily Usage

Hourly UsageHourly Usage

KB transferred KB transferred

Proxy Log AnalysisProxy Log Analysis

• OAUNETMON also carryout proxy log OAUNETMON also carryout proxy log analysis on squid access loganalysis on squid access log

Some Bandwidth optimization Some Bandwidth optimization TechniqueTechnique• CBQCBQ• HTBHTB• MirroringMirroring• FirewallFirewall

– FilteringFiltering• Deny, Reject, Redirect …based on firewall rulesDeny, Reject, Redirect …based on firewall rules

• SQUIDSQUID– Web cachingWeb caching– Access control listAccess control list– AuthenticationAuthentication– Delay poolsDelay pools

• it is possible to limit internet traffic in a reasonable way depending on so-called 'magic words', existing in any given URL For example, a magic word could be '.mp3', '.exe' or '.avi', etc.

OAUNETMON InstallationOAUNETMON Installation

• Install linuxInstall linux– /tmon/tmon– /logf/logf

• Install MrtgInstall Mrtg• Install WebalizerInstall Webalizer• IptrafIptraf• Install ApacheInstall Apache• Replace your back bone switch with a Gigabit Switch that Replace your back bone switch with a Gigabit Switch that

can support Port mirroring can support Port mirroring • Download all files fromDownload all files from

– http://http://www.ictp.it/~abionao/tundewww.ictp.it/~abionao/tundeTo appropriate directoriesTo appropriate directories

• Restart your computer!Restart your computer!

OAUNETMON DEMOOAUNETMON DEMO

• http://82.206.239.38/oaunetmon/http://82.206.239.38/oaunetmon/

ConclusionConclusion

• Experimental design goals such as Experimental design goals such as extracting highly detailed information extracting highly detailed information without adversely affecting network without adversely affecting network performance (speed) is archived performance (speed) is archived through a process of extracting the through a process of extracting the required information from IP packet required information from IP packet without considering the contents. The without considering the contents. The scripts are available at scripts are available at http://http://www.ictp.it/~abionaowww.ictp.it/~abionao . .

AcknowledgementAcknowledgement

• We wish to acknowledge the support We wish to acknowledge the support of the Abdus Salam International of the Abdus Salam International Centre for Theoretical Physics (ICTP) Centre for Theoretical Physics (ICTP) for the donation of the equipment for the donation of the equipment used for this study.used for this study.

THANK YOUTHANK YOU