Dec 082017
 
The Beholder is a software-only product that implements an ethernet network monitor on standard PC hardware.
File BEHOLD.ZIP from The Programmer’s Corner in
Category Network Files
The Beholder is a software-only product that implements an ethernet network monitor on standard PC hardware.
File Name File Size Zip Size Zip Type
BEHOLDER.BAT 88 53 deflated
BEHOLDER.EXE 179933 78411 deflated
BEHOLDER.INI 2094 884 deflated
BEHOLDER.MIB 12589 2082 deflated
BEHOLDER.NEW 203 146 deflated
BEHOLDER.XMP 2422 989 deflated
USERMAN.ASC 19735 6775 deflated
USERMAN.DOC 30468 10228 deflated
USERMAN.PS 96601 18912 deflated

Download File BEHOLD.ZIP Here

Contents of the USERMAN.DOC file


! NwMZrrrrrrrrnsnsnsnss"sLnsssN@uLuuuuuuuuuuRvpvBvRpvrpvpvpv(-The Beholder





The SNMP-able Ethernet Monitor

By the DNPAP development group
[email protected]
date5/7/91
AUTONUMLGLThe Beholder
The Beholder is a software-only product that implements a ethernet network monitor on standard PC hardware. The data collected can be obtained in three different ways, by looking at the PC screen, by requesting the data as SNMP variables, and by using TFTP to collect files with data. A standard ethernet Local Area Network (LAN) can contain several Beholder monitoring stations, each containing several network interfaces. Normal use will be to collect the data of all present Beholder stations to the network management node via SNMP. This data can then be processed to obtain problem reports, growth figures and performance measurements.
The Beholder was developed by the Data Network Performance Analysis Group (DNPAP) of the Delft University of Technology. It is used as an important data collector in the "Intelligent Network Management (INEMA)" project. This project seeks to apply automated reasoning techniques to network managements.
Main design goals of The Beholder were:

Minimum loss of packets
Continues operation
Appliance to Standards wherever possible.
Ease of Use
The result of the developments is a PC based software package, capable of monitoring all traffic on one or more ethernet segments. The Beholder can be easily integrated in a SNMP based network management environment like Sun Net Manager.

AUTONUMLGLHardware and Software
The Beholder software runs on a standard 8086 based Personal Computer, containing a network interface for which a "packet driver" network device driver is available. The Beholder was developed in ANSI C using the Microsoft C 6.0 compiler and two very small assembler files. For busy ethernet network, the PC should be at least a 80286 at 10 Mhz, but a 80386 at 20 Mhz to be save.
The WD 8003 family of ethernet cards is the preferred choice for ethernet network interface, but the 3COM line and the Novell NI1000/2000 will work fine.
If the Beholder is used as monitoring station in combination with a network management station that collects the measurement data, no keyboard, mouse or display are needed as far as The Beholder is concerned. If The Beholder is used stand-alone, a standard PC display (colour is nice), keyboard and mouse can be used to view the results of the monitoring PC. The Beholder uses no graphics.
AUTONUMLGLInstallation
AUTONUMLGLHardware
For installation of the hardware needed, the PC and the ethernet board, see the documentation that came with those products. The most common parameters that have to be set are:
I/O address:(like:0x280)
RAM address:(like:0xd000)
IRQ:(like:0x03)

These parameters have to be chosen for the ethernet board so that there is no conflict with other hardware in the PC like the disk controller, the VGA video adapter or other build-in hardware. The best way to check the validity of a set of values is to start a well known network product, to use the test software that comes with the "packet-driver" set, to use the diagnostics tools that comes with the ethernet card, or to just start The Beholder and see what happens. Remember, an ethernet is never silent for more then a few seconds in other then test environments.

AUTONUMLGLSoftware
The installation of the software consists of several steps:

copy beholder software to the desired directory on hard-disk or floppy-disk.
configure the beholder by editing BEHOLDER.INI
edit BEHOLDER.BAT to start the correct packet driver
start The Beholder

Note that no other network software must use the same ethernet card as The Beholder is using.

AUTONUMLGLBeholder.ini
Beholder.ini is the configuration file of The Beholder. It is somewhat like the Microsoft .INI files found in Windows, OS/2 and other software packages.
The file is split in several sections, each section headed by a line:

[section-name]

Each section contains text lines with configuration information. The format depends on the section in which the line is in. Comments can be inserted by preceding the comment by the '#' or the ';' character.
See appendix A for a detailed description of the parameters in Beholder.ini. For a quick start, follow the following guidelines.
You should edit Beholder.ini using a standard asci editor. Change only the following parameters:

Section [BUFFER]
numberbuffers = 5 # lower this to 4 if your PC doesn't have enough
# memory
buffersize = 65500
Section [IPDOS]
nd0address =

Section [ROUTES]
hoststatdefault
hoststat 127.0.0.1127.0.0.1
hoststat 127.0.0.1
netstat

Section [SYSTEM]
Description =
Contact = < Name-and-telephone-of-contact-person >
Name = < Name-of-monitoring-pc >
Location = < description-of-location-of-monitoring-pc >

Section [AUTHENTICATION]
Community public
AddAddress
{ AddAddress< your-ip-address > }
Community trap
AddAddress
{ AddAddress< your-ip-address > }

Section [AGENT]
TrapAddress =

You can look at the file Beholder.xmp for the values the DNPAP group uses.
Notice that The Beholder needs its own IP-address. The Beholder will use the first ethernet-card it finds as its output port for UDP/IP traffic.You will also have to determine which community you want to use, and which IP hosts are allowed to collect the measurement data.



AUTONUMLGLBeholder.bat

The Beholder.bat file loads the packet driver(s) and starts The Beholder. After The Beholder is finished, the packet drivers(s) is removed.
You should adjust the Beholder.bat file to fit your ethernet card and packet driver. The packet driver should be from the 8.x distribution. Older version will probably work, but the 8.x version and later are the only ones tested.
Look at the Beholder.bat in the distribution for an example of a Western Digital WD8003 driver loaded on IRQ 0x3, IO/address 0x280 and RAM address 0xd000.
The beholder will find all the packet drivers that are activated in the system and use them for monitoring purposes.
AUTONUMLGLThe Beholder Output
The Beholder has three main method of presenting the measurement results, the screen, SNMP variables and TFTP-able files. The last two methods require you to have a network management workstation with a TCP/IP stack and SNMP capabilities. By use of the screen, the monitoring PC can be used as a stand-alone tool. This is not the standard mode of operation, but if it is all you have, use it.
AUTONUMLGLScreen Output
When you start The Beholder, the screen is filled with a window-based representation of the activity on your network. There are four major windows, the network load, the ethernet-type distribution, the packet-length distribution and a status window. By using the key, you can position and arrange the windows. By using the key, you can start, stop and reset applications. During normal operation, you won't need this keys. If you have more then one ethernet card in you monitoring station, you can switch between these cards pressing <0>, <1> ....
AUTONUMLGLSNMP Output
The Beholder has a full featured SNMP interface. It can report all its findings using an extension to the standard MIB2 database. The variables are defined in the file "Beholder.snm". The SNMP interface present the data as variables named by a ASN.1 number. These variables can be requested through the UDP/IP network protocol. These requests are normally generated by a network management station.
AUTONUMLGLTFTP-able File Output
The current version of The Beholder has a limited capability of dumping data to files. The only files that can be retrieved in this version are the debug- and the error files. In future versions of The Beholder, a source/destination matrix and packet-trace files can be generated and collected. TFTP is a file transfer protocol of the TCP/IP suite and is implemented by every TCP/IP implementation known to us.
The Beholder has one extension to the standard TFTP file system. A normal TFTP file request has the following layout:

get /directory1/directory2/filename

With The Beholder, it is possible to refer to a disk by using the following filename:

get //disk/directory1/directory2/filename

for example:

get //c/beholder/error.out
AUTONUMLGLNetwork Management

When using The Beholder to really manage your ethernet network, you should have a beholder tentacle in each of the segments that make up your ethernet. The data should be collected in a central network management station on a regular bases. Reports can then be generated of the load and traffic characteristics of any period of time.
AUTONUMLGLDevelopments

There are a number of development under way which concern the Beholder.
The first is a developers toolkit. The structure of the Beholder is such that independent applications can be linked to the kernel of The Beholder. Each application present in the runtime version of The Beholder can be activated at any time. An application gets a message in cases such as the arrival of a packet, the elapse of a second, or if there is freetime to be burned.
The seconf development is of a packet-tracing application that can be activated through SNMP variables. The resulting trace-file can then be collected using the TFTP file transfer protocol.
The third development is on the network management side of the medal. A SAS database is being build and SAS procedures to interpret the result and generate report. The data is currently being collected by the SUN NetManagement software. We are also looking in to the possibility to connect the G2 real-time expert system environment to the Sun software to make a real-time analysis of traps and other network events.
AUTONUMLGLCredit and Disclaimer

The Beholder is the result of a lot of work by a number of people:

Jan van OorschotProject "leader" and Sage
Ling ThioFirst version and user interface
Wim van CampenUDP/IP and applications
Dirk WisseSNMP ,kernel adjustments and SD matrix
Alfred KayserDebugging ,assembler and DSCHEME
Kees and WilFirst version of the Source/Destination matrix
Bert MeijsTechnical support

We don't want money for our work. As we work on a University, we would like invitations to publish and present our papers concerning The Beholder and the INEMA project. If you really have use of our products, you could even pay for the trip! (Hotelroom with shower would be nice). We have papers on the kernel of The Beholder, the UDP/IP stack, ethernet performance measurements, bridge positioning and a lot more. A few of them have been published, but repetition is the essence of learning !
The very least one could is to send us a note with bugs, comments, compliments and The Answer To The Final Question.
Greetings and be careful out there
Jan
[email protected]
Appendix A: Beholder.ini parameters

The file Beholder.ini contains all configuration parameters for The Beholder system. The file is partitioned in serveral sections. Each section contains configuration onformation about a part of The Beholder. This appendix describes the configuration parameters according to the section in which they appear.
section in Beholder.ini is identified by a line with the following contents

[section-name]

AUTONUMLGLBuffer
This section configures the memory allocation of The Beholder. This section only contains parameters.

numbuffers
Name
numbuffers

Description
number of buffers to be allocated

Values
3 4 5 ....

Example
5


buffersize
Name
buffersize

Description
size of one buffer

Values
65500

Example
65500

Note
no other value then 65500 is accepted



AUTONUMLGLDISPATCHER
This section configures the ring buffers of The Beholder. These buffers are used to store network packets that can't be handled imidiatedly by The Beholder.
SizeSmall
Name
SizeSmall

Description
Maximum size of a small packet

Values
64...1514

Example
192

Note
192 is probably the best value

CountSmall
Name
CountSmall

Description
number of buffers for small packets

Values
1...

Example
75

Note
increasing this value will let The Beholder lose less packets, but eats memory.

SizeLarge
Name
SizeLarge

Description
Maximum size of a large packet

Values
64...1514

Example
1514

Note
1514 is probably the best value

CountLarge
Name
CountLarge

Description
Number of Buffers for large packets

Values
1 ...

Example
100

Note
increasing this one will cost you ...

AUTONUMLGLIPDOS
This section configures the IP stack in The Beholder. Each Beholder is a full functional IP node, and should have all information needed by an IP node. The routing information is stored in the section [ROUTES].

Forwarding
Name
Forwarding

Description
Indicates if The Beholder should forward IP packets not mend for the IP address of the Beholder. Setting this parameter to 'no' will disable The Beholder to function as IP router.

Values
yes/no

Example
yes

Note


AUTONUMLGLROUTES
This section is not formatted like the other sections. Each line contains information for the IP routing done by The Beholder. Each line has the following format:



The following operations are possible:

hostmodify:add a dynamic route to a host , this can be changed by redirect messages.
hoststat:add a static route to a host .
netmodify:add a dynamic route to a net.
netstat:add a static route to a net.

If The Beholder receives an IP message, and tries to find the correct routing entry, it takes the destination IP address, "AND"'s it with the , and does a byte-compare with the of each entry in the routing table.
If is "default", it will be used for all messages that don't match an other entry in the routing table.

The routing Section should always contain:

- definition of the default IP gateway on your own net
- definition of the loopback interface 127.0.0.1
- route to your own IP address through 127.0.0.1
- route to your own network

AUTONUMLGLSYSTEM
This section contains system information that is replied when SNMP requests are send to this Beholder.

Description
Name
Description

Description
String describing this beholder

Values
any-string

Example
"The Beholder, version 1bA"

Note


Contact
Name
Contact

Description
Name of contact person for this Beholder

Values
any-string

Example
jan van Oorschot (6179)




Name
Name
Name

Description
Name of for this Beholder

Values
any-string

Example
Beholder1

Location
Name
Location

Description
Location of the Beholder

Values
any-string

Example
Room 9.03


AUTONUMLGLAUTHENTICATION
The Authentication section configures the communities for the SNMP variables. It determines which users get access to which SNMP variables. The layout of this section is again not conform the normal variable/value standard.
This section contains subsection, each subsection of the form:

Community
AddAddress
AddAddress

There is a subsection for each community you there is in The Beholder. At the moment, all variables are in the "public" community.
AUTONUMLGLAGENT
The AGENT section describes the SNMP agent as it is implemented in The Beholder. The section section used to configure the SNMP agent is the AUTHENTICATION section.

ObjectID
Name
ObjectID

Description
ASN1 object ID of Beholder variable-tree

Values
ASN1-variable

Example
1.3.6.1.4.1.99

Port
Name
Port

Description
UDP port used by SNMP agent

Values
161

Example
161

Trap
Name
Trap

Description
Enable/disable SNMP trap generation

Values
enable/disable

Example
enable

TrapPort
Name
TrapPort

Description
UDP port used to send traps to

Values
162

Example
162

Trapaddress
Name
TrapAddress

Description
IP address of network managent station handling SNMP traps

Values
IP address

Example
130.161.144.171

TrapCommunity
Name
TrapCommunity

Description
Community used when sending traps

Values
any-string

Example
trap


AUTONUMLGLMATRIX0

This section configures the source destination matrix for interface 0.

HostTableLength
Name
HostTableLength

Description
Maximum number of hosts that can be kept by the SD matrix

Values
integer

Example
1500


ConnectioTableLength
Name
ConnectionTableLength

Description
Maximum number of connections that can be kept by the SD matrix.

Values
integer

Example
3000


HashTableLength
Name
HashTableLength

Description
Number of entries in the hosts hash table. Should be bigger then HostTableLength

Values
integer

Example
2000


AUTONUMLGLERRORS

ErrorFile
Name
ErrorFile

Description
name of file to which error messages will be send

Values
file-name

Example
error.out

DebugFile
Name
DebugFile

Description
name of file to which debug messages will be send.

Values
file-name

Example
debug.out

DebugLevel
Name
DebugLevel

Description
Level of debugging. 0 is no debugging, 6 is highest level of debugging

Values
integer 0<= int <= 6

Example
0


AUTONUMLGLGENERIC
AUTONUMLGLMATRIX
AUTONUMLGLDISPLAY
etc

Every application in The Beholder has its own section. The name of the section is the name of the application. Type ESC in a running Beholder to see the applications. If you are not sure how to set these variables, leave them out, the defaults are OK.
In each application section the following variables can be defined:

EventMask
Name
EventMask

Description
bitmask describing which events to send to the application during Beholder run-time

Values
#define DPE_SHOW 0x0001 /* Dispatcher Events */
#define DPE_START 0x0002
#define DPE_STOP 0x0004
#define DPE_HIDE 0x0008
#define DPE_RESET 0x0010
#define DPE_KEYPRESSED 0x0020
#define DPE_INIT 0x0040
#define DPE_END 0x0080
#define DPE_RECEIVEPKT 0x0100
#define DPE_FREETIME 0x0200
#define DPE_EVERYSECOND 0x0400
#define DPE_TIMER 0x0800

Example
0xffff

StartMask
Name
EventMask

Description
bitmask describing which events should be generated during startup of the application. These can be used to initialise the application.

Values
#define DPE_SHOW 0x0001 /* Dispatcher Events */
#define DPE_START 0x0002
#define DPE_STOP 0x0004
#define DPE_HIDE 0x0008
#define DPE_RESET 0x0010
#define DPE_KEYPRESSED 0x0020
#define DPE_INIT 0x0040
#define DPE_END 0x0080
#define DPE_RECEIVEPKT 0x0100
#define DPE_FREETIME 0x0200
#define DPE_EVERYSECOND 0x0400
#define DPE_TIMER 0x0800

Example
0x0003

TimerValue
Name
TimerValue

Description
time-interval in seconds in which the application runs. After an interval, the application is reset, and starts again.

Values
integer

Example
500




titleBeholder User Manual
PAGE3



DATE5/7/91
TIME11:58 AM






efpq,-78GHRSPQ78BC7C2AYdgv*Em.FIQfuy67AB ""C#@`C#h#####%%%%N)O)Y)Z)R.Z...d/p/u/v////000F0L0]0d0z0~000000000
1111111122%2,252;2i2m2~2222222263:3J3U3z33333333334%41484A4G4p4q4{4|4g5k5|55B6H6U6\6e6k6ck6o6p6z6{6::::8;<;N;Y;~;;;;;;;;;;=H=I=o?p?z?{?5@9@H@S@@@@@@@@@@@AAA!A,A7A`AfA{AAAAAAAAAABBB(BhBnBBBBBBBBBCCdCCC)C*CCCCCCCDD2D6DRD]DDDDDDDDEVE\EjEqE}E~EEEEEEEEEFF,F0F@FKFFFFFFFFF'G-GHGOGXGYGcGdGnGoGyGzGGGGGHHIIgImI(K/KFKJKZKeKKKMMMMMMoNuNNNNNNNNNNNdNNNNNNNNNNNNNNNNNNNNN!4brbe
,G^0PgiP57R35FFFFFF%FFFFFFFFFFF25FH_u$Ny{1qs
T/246QSe D"""""<#>#j#l#z#FFFFFFFF%FFFFFFF@z#|####%&%(%q%&'N)r)t))))*?*t***++,l------/`/b/s/u/////000!0D0ld@@@@@$@$F@FFFFFFFFFFF,D0F0O0[0]0f0j0l0n0z00000000000000111
1#1111111
222#2%2.23252;2[2]2i2p2|2~2222222222FFld@@@@F@ld@@@@@$@$ld@@@@@@922)3+363=3H3J3W3x3z33333333333333344(4/414:4?4A4G4n4p44Y5[5g5n5z5|55@6B6K6S6U6^6}@$FFld@@@@@@ld@@@@@$F@ld@@@@@$@$1^6c6e6k6m6o66(7+7Q7S7|7~77808X8Z8G99999&:Y:::::);+;8;?;L;N;[;|;~;;;;;;;;;;;;;;;<<$<0{>}>>>>>o??)@+@5@<@F@H@U@@@@@@@@@@@@@ld@@@@@ld@@@@@$ld@@@@@@?@@@@AAAAAAA$A*A,A9A^A`AiAyA{AAAAAAAAAAAAAAAAABBBB*BfBhBqB}BBBBBBBBBBBBBCCCCCC4Cld@@@@@ld@@@@ld@@@@@@@$?4C6C~CCCCCCCCCCDDDDDD2D9DPDRD_DDDDDDDDDDDDDDETEVE_EhEjEsEyE{E}EEEEEEEEEEEFFFF!F,F3F>Fld@@@@ld@@@@@@ld@@@@@$@?>F@FMFFFFFFFFFFFFFF%G'G0GFGHGQGTGVGXGnGGGGGHHHHHIIIeIgIpIIIJ"JBJbJJJJJK&K(K1K9K;KFKMKXKZK@ld@@@@ld@@@@@@@$ld@@@@@$@$B@$ld@@@@@ld@@@@ld@@@@@@@$'NNNNNNNNNNBl7@@@$8+$qM
N
N["#'2,J29?DIqM
"!
$
%

q


2X^C#k6CNN()*+,5z#D02^60<@4C>FZKNN-./012345678v{&
1
[fZe"$"##''-.//2244,979;;==AACDEEEEFFqM55555555555555555555555555
"')27>AFO^! PostScript PrinterOUTPUT.PRNPSCRIPTPostScript Printer0@X
od,i:\etstjan\tmp\word.psp/
"
AQ-hT%;E:E 'IRBeholder User ManualThe BeholderBeholderJan van OorschotJan van Oorschot


 December 8, 2017  Add comments

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)