NAT Monitor

File Release Notes and Changelog

Release Name: natmonitor-SVN71

Notes:
INTRODUCTION:
This is a very brief introduction to the new version, just to let people start with testing.

This is an alpha release (Release Early, Release Often), the deamon is still flawed, and many functionalities are missing.
However, NATMonitor 3 it is already providing a small set of useful functionalities.
Many of the other planned functionalities are relatively trivial to implement, but unfortunately the time I have for the development is very limited.

Please note that the new version is focussed on solving the major issues with NATMonitor 2.x, namely:
 1) limitation in the number of hosts in the network;
 2) cryptic communication protocol; 
 3) unmanageable code;
 4) lack of multi-platform clients;
 5) lack of compatibility with the new kernel releases.

For information/support please refer to http://sourceforge.net/projects/natmonitor/

KNOWN BUGS/LIMITATIONS:
 1) there is no code to release memory AT ALL (all the samples are kept in memory until shutdown) - natmonitord will slowly (well, it depends on the number of hosts and amount of traffic) eat ALL your system memory;
 Unless:
 2) The daemon hangs/crashes frequently, (solving the memory eating problem).

REQUIREMENTS:
The only requirements to compile the daemon are pcap-devel (to sniff the traffic) and libxerces-c-devel (to parse the configuration and generate the output XML).

Java SDK 1.5 or greater (1.6 strongly suggested) and Apache Ant to compile the applet, any Java enabled browser to see the output.

TO COMPILE THE DAEMON:
make clean
make
make install

TO COMPILE THE CLIENT:
A precompiled version is supplied.
If you want, just run:

ant clean
ant
ant install

DEBUG OPTION:
You can set the DEBUG from 0 to 5 at compile time to have a more verbose output, or unset it to strip all the debug code.

DEBUG=1 and DEBUG=2 are for normal use, more verbose debug level are intended for advanced troubleshooting only 9and WILL have a severe hit on the performances).

INSTALLATION:
"make install" will copy the content of etc/natmonitord/ to /etc/natmonitord/, with the exception of natmonitord.xml. Please edit it to suit your network:

<?xml version="1.0" encoding="ISO-8859-1"?>
<natmonitordprefs>
		<!-- interfaces to bind to -->
		<listen>

				<bind interface="localhost" port="11111" />
				...

		</listen>
		<!-- interfaces to monitor for traffic-->
		<interfaces>

				<!-- interfaces connected to a local network -->
				<local interface="eth0" />
				...
				
				<!-- interfaces connected to an external network (internet) and their speed (in bps,kibps,Mibps)-->
				<external interface="eth1">
						<Mibpsin>4</Mibpsin>
						<kibpsout>768</kibpsout>
				</external>
				...

		</interfaces>
</natmonitordprefs>

Note:
 1) the <listen> node can be empty - natmonitord will just dump the data to a file when receiving a SIGHUP;
 2) the <interface> node can be empty - natmonitord would be able only to browse historical data;
 3) if you do not specify any local interface, natmonitord will just monitor the router traffic

The /etc/natmonitor folder contains, in addition to the settings and a DTD for the XML file (not used ATM), the following files:

- index.htmm       This is the webpage you will see when pointing the browser to NATMonitor. Feel free to modify
- natmonitor.jar   The applet loaded by the web page. It also works as a stanadone application (launch it with "java -jar /etc/natmonitord/natmonitor.jar http://yourhost:yourport/"
- favico.ico       The website icon.

Note than, althoug you can modify these files, they are the ONLY ones natmonitord will serve to the client.
In particular, feel free to modify index.html, but be aware that any image/css etc will have to be served by a separate webserver.

The source for the applet is supplied in NATMonitorJavaClient

USAGE:
The daemon need to be launched as root, and it is still NOT forking/dropping privileges

./natmonitord -h

NATMonitord v 3.0alpha by Piero Filippin (email: thedayofcondor@users.sourceforge.net)

Usage: natmonitord [-h] [-c configfile]
  -h            this help
  -c configdir  overrides config file (default /etc/natmonitord/)
  -l logfile    overrides log file (default /var/lib/natmonitor/natmonitor.xml)

see http://natmonitor.sourceforge.net for info/forum/mailing list/updates

GETTING THE DATA:
The daemon sends the data in XML format, and the output can be parsed and displayed by any Java enabled browser - just point your browser to http://host:port/

For example:
http://127.0.0.1:11111/

You SHOULD see the Java applet displaying a slowly scrolling graph, and a list of detected hosts. 

WARNING:
DO NOT EXPOSE NATMonitor to any external facing network, as:
 1) it is exposing information about the structure of your internal network;
 2) there could be serious vulnerabilities in the code - at least a DOS could be easily obtained.

If you need to access it remotely, set up a tunnel with ssh or use an authenticated proxy (not tested).

THANKS TO:
There is only one person I would like to mention: Kittycat, thank you for having been so close to me in the past months and for being so understanding and supportive... and thank you for the beta testing too!!

Piero Filippin thedayofcondor@users.sourceforge.net


Changes: