280 likes | 413 Views
The Laboratory of Computer Communication and Networking. Network Host Analyzer. (NHA). Project Team. Members: Arie Abramovici sarie@t2 Yonatan Eldar seldary@t2 Gil Nitzan sgilnit@t2 Instructor: Izik Alperon izik@cs Supervisor: Itay Dabran idabran@cs. Project Goal.
E N D
The Laboratory of Computer Communication and Networking Network HostAnalyzer (NHA)
Project Team Members: Arie Abramovici sarie@t2 Yonatan Eldar seldary@t2 Gil Nitzan sgilnit@t2 Instructor: Izik Alperon izik@cs Supervisor: Itay Dabran idabran@cs
Project Goal • Develop an application that will be used in order to monitor a large number of hosts on a network, running different operating systems.
Background • A big part of the job of any network administrator is the actual management and administration of the network. • One of the most valuable assets an administrator can own in order to manage a network, is a detailed report about each device the network contains.
Background (cont.) • The information required for such a report can be gathered by connecting to the network components (e.g. the routers and switches), and the computers which we want to monitor. • However, for large networks, it is hard to manually get such information, as there is too much information in the system. • Therefore, there is a need for a tool that can generate the information automatically, and present it to the administrator in a way that can be easily read.
Background (cont.) • Moreover, sometimes some information about the network is stored out of the network (for example a list of users, or a list of computers which may exist somewhere) • So, in order to properly protect the network for malfunctions and attacks, there is a need for a tool that can gather information from different sources in order to ensure reliability and correctness of the information shown.
Project Description • The NHA project monitors a network, by gathering information from different sources. • These sources are: • The network routers • The network switches • An agent on the hosts • A list of users on the internet
Project Description (cont.) • The application was written in c++ with MFC support for the GUI module. • The agent was written in Java in order to ensure portability between different platforms. • In the different modules you may find code dealing with TCP connections, UDP messages, multiple threads, MFC gui and many more three letter buzzwords.
Application Features • In the main window there are 3 options: • Refresh button: once pressed, the manager module gathers all the information from the network simultaneously, it may take several seconds (approx. 10). • Map button: after the database was first refreshed the map button will open a dialog presenting the map of the network. • Configuration: opens configuration window.
Application Features (cont.) • In addition, in the main window once the database has been refreshed, a list of all hosts will appear, showing all information gathered. • Double clicking a host will open an information dialog containing the information described above. • The user can receive a list of hosts on a certain switch. • The user can also search the list for a certain ip, mac or hostname.
Application Feat. Map dialog • While cruising the map dialog you may click on each device. • Clicking a device icon will pop an information box containing its IP, name and level. • Also, the box will present information about each device port such as speed, bandwidth (half or full), etc.
Application Feat. – configuration • In this screen the user can specify what routers and switches IP’s to use in the search, and what username and password to use. • This information will be saved for the next time the user launches NHA.
Project Description (cont.) • The NHA project, on demand, gathers the information about the network, and then displays it in a graphical interface. • The project consists of two applications, a manager and an agent. • The manager is made of 6 main modules: • NHA Telnet • NHA Database • NHA Parsing • NHA Server • NHA GUI • NHA Internet
NHA Agent Description • The NHA agent is installed on each computer on the network (in the main gui interface the admin can see what computers don’t have agents in order to help this process) • After being installed, the agent waits until it is approached and only then sends back information about the platform and the user which is logged on.
NHA manager- Telnet • The Telnet interface opens a telnet connection to every router and switch. • On this connection the interface asks for the needed tables from each router and switch, and then parses the tables, using the Parsing module. • The tables we use are: • Router & Switch Macs (For each port) • Arp tables (For router) • Switch tables (For analyzing hosts) • Note: for each device there are 2 telnet approaches. One for attaching each port to specific MAC address, only then the second approach may occur to learn from the arp and switch tables.
NHA manager- Database • The Database module holds all the shown information about the hosts in several hash tables, in order to ensure fast searching. • All the information about the routers and switches is stored in the database.
NHA manager- Parsing • The Parsing module gets the tables from the switches and routers and parses the useful information into the database. • The Parsing module also parses the incoming messages from the agents, and the users table from the internet.
NHA manager- Agent Interface • The agent interface is activated after the router and switches interface. • Thus, when we use the agent interface we already know all the hosts on the network, and so we can send them messages directly. • The agent interface sends udp messages to each host. Then, each host replies with information about the users: • Login (retrieved automatically) • The platform used (retrieved automatically) • Hostname (retrieved automatically) • Port (manually entered by user)
NHA manager – Server • The server gets from the agents the port name of the host, and the login name, and extracts from them the level of the host and more. • The following information is sent by the agent, but if the information from the internet can be retrieved (using the login name), the manager takes the information from the internet • Phone • Email • Name • Room • Level
NHA manager- GUI • The graphical user interface shows all the gathered information in a list, ensuring the user fast and easy way to review the network hosts. • Using the information gathered on the routers and switches, a (realtime) map of the network can be shown, enabling fast access to information about a device.
NHA manager- Internet Interface • The internet interface is designed in order to receive a table of users, their room, phone number and email. • Such a table exists for CS network at http://www.cs.technion.ac.il/People/Directory/index.html • The interface downloads this page and parses this information. • Note: the parsing of the file matches specifically the format of CS faculty directory file, However, in case such file doesn't exist the program may still run without it.
And now… Live Demonstration