dbap network tools â„¢

DBAP Network Tools ™

Release 1.5

DBAP Software Houston, TX

www.dbapsoftware.com

© 1997 – 2004 DBAP Software Company. All rights reserved.

http://www.dbapsoftware.com/

DBAP Network Tools Handbook 1.5

Table of Contents

Chapter 1: Introduction

Using DBAP Network Tools . . . . . . . 3 System Requirements . . . . . . . . 4 Installation . . . . . . . . . 4

Chapter 2: The Tools

Network Discovery . . . . . . . . 7 Interface Utilization Monitor . . . . . . . 12 Router CPU Monitor . . . . . . . . 17 Router Configuration Editor . . . . . . . 21 Router Configuration Upload . . . . . . . 28 Router Configuration Download . . . . . . 29 Router Password Decryption . . . . . . . 30 Router Security Scanner . . . . . . . 32 Router Proxy Ping . . . . . . . . 33 Router Configuration Register Calculator . . . . . 34 Get Local MAC Address’s . . . . . . . 35 Ping Subnet . . . . . . . . . 39 Trace Route . . . . . . . . . 43 Subnet Calculator . . . . . . . . 44 Bandwidth Calculator . . . . . . . . 45 WAN Traffic Generator . . . . . . . 46 TFTP Server . . . . . . . . . 48 Ping Path . . . . . . . . . 50 Ping Monitor . . . . . . . . . 51 SNMP System Information Update . . . . . . 55 Whois . . . . . . . . . . 56 Discovery File Viewer . . . . . . . . 57

All trademarks or service marks are the property of their respective owners. 2


Chapter 1: Introduction



Using DBAP Network Tools Welcome to the 1.5 Release of DBAP Network Tools. DBAP Network Tools is a collection of tools for network administrators, engineers and consultants to use in design, implementation and support of networks. They encompass a suite of applications that can be used to determine network trouble points, map networks, create reports on usage information, and help secure your network.



System Requirements The DBAP Network Tools were designed, written and tested on all varieties of Windows 2000 and XP systems. Although some of the utilities will work on previous platforms, some will not and some will work with a loss of functionality. It is highly recommended to use only these systems. To use DBAP Network Tools, you will need the following hardware and software: 1. Windows 2000 Professional, 2000 Server, 2000 Advanced Server, 2003 Server, XP Home or Professional version. 2. Hard disk with 35MB of free space is strongly recommended. To install all DBAP Network Tools files requires about 20MB of disk space. 3. Computer with Network or Internet Access Installation Install the DBAP Network Tools running the Setup executable located either on the DBAP Tools CD or as downloaded from the Internet at www.dbapsoftware.com. Run Setup and follow the instructions.


http://www.dbapsoftware.com/


Chapter 2: The Tools



Network Discovery This utility maps out network address space by using ICMP, DNS and SNMP to determine if an address is in use, and if so what is using it. It then can generate reports in text, Rich Text, or export to CSV for Excel.

Use Network Simply put an IP Address in that you want to scan. This can be the host or an IP Address on the subnet. Subnet Mask Use Single Host or the subnet mask for the scan. SNMP Community If you are using SNMP, you will need to include a community string to use. The default is public. Discovery Methods



DNS A reverse lookup on the IP address is performed with an attempt to map it back to a hostname. This is one indication of if an address is in use. ICMP An ICMP ping is sent to the IP address. A reply being seen is the definitive indication of if an address is in use. SNMP Several SNMP queries will be directed to the IP Address’s to scan for system identification information, if found, additional scans will try to determine system information. Options

SNMP Timeout The timeout value for SNMP queries, this value might need to be changed if you are scanning a network over a slow connection. For example, if you were connected by 56k dialup and scanning several hundred hosts, this number should be higher. ICMP Timeout The timeout value for ICMP queries, this value might need to be changed if you are scanning a network over a slow connection. For example, if you were connected by 56k dialup and scanning several hundred hosts, this number should be higher.



Max Threads Network Discovery is a multithreaded application and will use a user defined number of threads to perform the task of scanning. This number should be dependant on the resources on your machine and the network bandwidth requirements. For slow connections or machines, values such as 4 or 8 are reasonable. For higher end machines scanning a directly connected network, values such as 32 or 48 are reasonable. Interpreting Results While a scan is active, you can discern several pieces of information about the status of the scan. Specifically, from the Status Bar you can see the network being scanned, the number of hosts being scanned, the number of Active Threads, and the defined number of Maximum threads. The percent completed Panel and gauge show a percentage of the entire scan.



Completed Scan Screenshot As you can see from the above screenshot, the Network Discovery tool can determine very useful information about a network. It answers questions such as what IP Address’s are in use, what hosts are using them, what role they play on the network.



Export Methods

TXT A text file is created with the information. CSV A comma separated value file is created with the information. RTF A RTF file is created with information. Formatting is applied. Preview After Save After saving the data to the specified file, it will then open the file for viewing. This uses the default application for the extension. For example, .txt will usually open Notepad, .csv will normally open Excel, and .rtf will normally open Word or Wordpad.



Network Interface Utilization Monitor A tool used to monitor the status of many network interfaces using SNMP. This tool encompasses reporting and graphing for network and host availability and latency. The Hosts Menu Add New Node When you open Interface Monitor it has no devices to monitor.

To add new interfaces, simply use menu Hosts -> Add New Interface. Alternatively you can use the keyboard shortcut, Ctrl+Ins.

Enter the IP Address or Hostname to add the corresponding SNMP Read Community string and hit Enter. For example:



After you hit Select Interface, you should be presented with a selection of available interfaces to monitor. You can select as many interfaces as you wish from the list.

Your device should show up in the list now. *Although there is no official limit on the number of Interfaces the tool can simultaneously monitor, it will vary based on your system resources. DBAP Interface Monitor has been tested with up to 128 devices with no problems. Interface status Interfaces show up in the monitor with one of five status types. Not Polled The device has just been added and has not been queried yet.



Establishing Baseline The data collection process is proceeding normally but the application has not collected enough information to determine utilization statistics. On average it requires twenty seconds from startup to begin showing valid data. Active The data collection process is working correctly and network utilization statistics are available. The information is given in the format of "Util: 0.00% - In: Bps/Kps/Mps Out: Bps/Kps/Mps" where Util is defined as the percentage of the available bandwidth for this Interface and Bps/KBps/Mbps represents the current Bytes per second inbound and outbound on the interface measured in Kilo Bytes per second and Megabits per second. This realtime utilization number is given in the most suitable format. No Response There was no reply to the SNMP Query. This would indicate an invalid SNMP Community string, a down host, a network problem preventing you from reaching the machine, or an invalid IP address. Invalid Interface

The interface is invalid on the host being queried. This is usually caused by a hardware change on the device.

For example, let us say you had a Linux server with two network cards, eth0 and eth1. If you remove the second Ethernet card from a Linux server, it would be normal for the host to report eth1 as an Invalid interface.

For another example, let us say you had a Catalyst 6509 switch with a 48 port 10/100/1000 Module in slot 3. If you had exchanged it with a 16 port 1000 SX module, interface 3/30 would no longer be considered valid.

Lastly, from time to time (although rare) you may see an interface go to “Invalid Interface”, followed quickly by the Interface going to “Establishing Baseline” then “Active”. This is caused by the Host re-indexing the Interfaces; the application is recovering from a network change and relearning the targets you were monitoring. Delete Node To delete Interfaces from monitoring, simply use menu Hosts -> Delete Interface. Alternatively you can use the keyboard shortcut, Ctrl+Del. This will delete the highlighted entry. You will be prompted before the deletion takes place to ensure this is intended.



Resolve IP When a hostname is added to the DBAP Interface Monitor, the hostname is resolved to IP Address. From time to time this IP Address may change and the tool may not be testing the correct device. This is a mechanism to refresh this information should the need arise. To initiate a refresh of the database information, use menu Hosts -> Resolve IP. Alternatively, you can use the keyboard shortcut, F10. The View Menu Options DBAP Interface Monitor supports variable SNMP Timeout Settings. You may want to change this value if you see inconsistent “No Response” error messages.

Snapshot Report DBAP Interface Monitor has a snapshot reporting ability to quickly report the status of all Interfaces.



Graphing DBAP Interface Monitor also has the reporting ability to display network interface utilization as a graph.



Router CPU Monitor A tool used to monitor the CPU Utilization of Cisco Routers using SNMP. This tool encompasses reporting and graphing for network utilization and system load. The Hosts Menu Add New Node When you first open Router CPU Monitor it has no devices to monitor.

To add new devices, simply use menu Hosts -> Add New Node. Alternatively you can use the keyboard shortcut, Ctrl+Ins.

Enter the IP Address or Hostname and SNMP Read Community String of the device to add and hit Enter. For example:



Your device should show up in the list now. *Although there is no official limit on the number of devices, it will vary based on your system resources. DBAP Router CPU Monitor has been tested with up to 512 devices with no problems. Delete Node To delete devices, simply use menu Hosts -> Delete Node. Alternatively you can use the keyboard shortcut, Ctrl+Del. This will delete the highlighted entry. You will be prompted before the deletion takes place to ensure this is intended.

Poll All To Poll All devices in the list, simply use menu Hosts -> Poll All. Alternatively you can use the keyboard shortcut, F5. Poll Node



To Poll a singular device in the list, simply use menu Hosts -> Poll Node to test the highlighted device. Alternatively you can use the keyboard shortcut, F6. The View Menu Options DBAP Router CPU Monitor supports variable Polling Intervals, SNMP and ICMP Timeout settings, and Granularity of the data.

Snapshot Report DBAP Router CPU Monitor has a snapshot reporting ability to quickly report the status of all nodes.



Graphing DBAP Router CPU Monitor also has the reporting ability to display CPU Utilization of a device as a graph.



Router Config Editor A tool used to work directly with Cisco IOS router configurations. The Cisco “configure terminal” method for configuring routers can be inconvenient when you are working with large configurations or attempting to do batch operations. This tool gives you the ability to download the configuration file, make changes and merge those changes directly back to the router within one application interface.

File Menu Open Open a configuration file into the editor. This could be used if you have templates and want to change a few values from a already defined and saved configuration. Save Save the contents of the editor main window to a file. This is useful in creating templates. Clear



Clear the editor main window. Use Populate the required fields to use, they are: Router IP Address The IP Address of the router to work with. TFTP IP Address The IP Address of the TFTP Server to use. This must be an IP Address that the router can reach. SNMP RW Community String The SNMP Read / Write Community String from the router.

Download Clicking Download attempts to retrieve the running-configuration from the router. If



successful, you should see the active configuration in about 10 seconds. After it is downloaded you can begin making edits as necessary.



You can see in the above screenshots three changes have been made to this configuration. We changed

Location in Config

Old Value New Value

Interface Eth1 shutdown no shutdown

System snmp-server contect test-nfig

snmp-server contact DBAP Software

Line vty 0-4 transport input telnet transport input none

Once your changes to the configuration are finished, you are ready to upload them back to the router. Upload Clicking Upload attempts to update the running-configuration on the router with your changes. During this time, the screen will disallow changes to the configuration. If successful, you should see “File successfully uploaded to router” in the Status Bar.



* Note: This utility saves the configuration to the running-config. After your changes have proven stable, you will want to go and save this configuration to startup-config in the router so that they are not lost with a power outage. Merging into configuration You can upload entire configuration files to the target router, or you can send just the lines that need to be changed. This is useful when you need to make the same changes to multiple routers.



Router Config Upload The Router Config Upload Utility is a tool used to facilitate the transfer of a Cisco configuration file from a TFTP server to the running configuration of a Cisco IOS based Router. This can be used for batch process configuration changes where you are sending the same files to multiple routers. Use

Router IP Address IP Address of the router to send configuration to. SNMP Community The Read/Write SNMP Community string for the router. TFTP Server IP Address IP Address of the TFTP Server to use. Filename Configuration file to use; this must exist on the TFTP server.



Router Config Download The Router Config Download Utility is a tool used to facilitate the transfer of a running configuration from Cisco IOS based Router to TFTP Server. This can be used for offline analysis of the configuration or for archival purposes. Use

Router IP Address IP Address of the router to backup. SNMP Community The Read/Write SNMP Community string for the router. TFTP Server IP Address IP Address of the TFTP Server to store the configuration file on. You can use any TFTP Server, or you can use the DBAP TFTP Server that comes with the product.



Cisco Password Decryption The Cisco Password Decryption utility is a tool used to crack the algorithm used in “cisco 7” passwords. I can be used for single lookups and in file mode to scan for all occurrences of passwords in a configuration file. Use Given the following scenario, this utility can be used to determine the cisco 7 password. service password-encryption no service tcp-small-servers ! hostname cisco1 ! enable password 7 09686C282945241D0D18132B3921 !

The above password of “09686C282945241D0D18132B3921” is “DBAP Software”. File Mode Given a configuration file, this utility will scan for passwords it can decrypt.



You can see that by scanning the file C:\Program Files\DBAP Software\dbap_router-confg”, two passwords were extracted. enable password 7 072B036D7E492D0A181E18 = DBAP Tools password 7 08254E4F190A0A11061C0D162F = dbapsoftware



Cisco Security Scanner Cisco Security Scanner is a tool used to analyze Cisco routers for some common security related issues. Specifically, it checks the following items: Will the Router answer an ICMP Request This can allow a potential attacker to gather information about your network including information needed to map your network remotely. This can also be used in large quantities as a Denial of Service against your network. Is the web server enabled There are several vulnerabilities related to the http server. Is the telnet server enabled There are issues with enabling telnet on a router. A better solution would be to use the ssh protocol if your device supports it. Does it respond to common SNMP strings Tests for response to public, private and ILMI SNMP Community Strings.



Cisco Proxy Ping The Cisco Proxy Ping utility is a tool used to send ICMP Ping packets from a Cisco Router to a destination and report the reply status of the end node. This is useful for several scenarios; to be able to get a true metric of the latency of a Wide Area Network circuit without the latency of your Local area network, to be able to get around firewall rules that block ICMP packets, and to be able to audit CIR/CAR rates on WAN lines.

Router IP Address IP Address of the router to backup. SNMP Community The Read/Write SNMP Community string for the router. Destination IP Address IP Address of the destination. Interpreting Results Packets Sent and Received Total number of packets sent will always be 4, packets received indicates the number of successful Pings. 4/4 represents 0% packet loss, 4/2 represents 50% packet loss. Min, Avg, Max RTT These number represent the Minimum, Maximum and Average Round trip time for the reply.



Router Configuration Register Calculator The Configuration Register Calculator is a tool used to translate the confreg setting value into a meaningful description. It also let's you define the options you want and determine what setting is appropriate for your setup. The Cisco IOS supports setting a configuration option to define how a router should boot. Although this is not often used, there are several good uses for it. For example, should the router: simply boot and run diagnostics? boot and load the image from ROM? boot and load the image found in Flash? boot and try to netboot to dynamically get a configuration? after booting, should it attempt to load a configuration? if so, where should it load the configuration from? what should the router do with console "break" signals? at what baud rate should the console connect at? The most common industry use is when you have a router or switch that is "locked out." Either by a lost password, a changed password, or the router is depending on TACACS+ without having network interfaces to access the server. Options Bits 0 - 15 are selectable as definable options Boot system from Flash, ROM, or wait at ROM Mon. Define the Console Baud rate and break settings. The Config register value is created below and a brief summary of the behaviour to the side.



Find MAC Addresses This utility maps out local area network address space and identifies the MAC address of all attached machines.

Use Scan Network The tool automatically shows you the networks directly attached to your system. Simply select which interface you wish to scan from.



Options

ICMP Timeout The timeout value for ICMP queries. Max Threads MAC Address Discovery is a multithreaded application and will use a user defined number of threads to perform the task of scanning. This number should be dependant on the resources on your machine and the network bandwidth requirements. Interpreting Results While a scan is active, you can discern several pieces of information about the status of the scan. Specifically, from the Status Bar you can see the network being scanned, the number of hosts being scanned, the number of Active Threads, and the defined number of Maximum threads. The percent completed Panel and gauge show a percentage of the entire scan.



Completed Scan Screenshot As you can see from the above screenshot, the MAC Address Discovery tool can discern the MAC address of every machine on the network. Export Methods




Ping Subnet This utility maps out network address space by using ICMP pings to determine what is or is not being used. You can select either report for export in text, Rich Text, or export to CSV for Excel.

Use Network Simply put an IP Address in that you want to scan. This can be the host or an IP Address on the subnet. Subnet Mask Use Single Host or the subnet mask for the scan. Options



ICMP Timeout The timeout value for ICMP queries, this value might need to be changed if you are scanning a network over a slow connection. For example, if you were connected by 56k dialup and scanning several hundred hosts, this number should be higher. Max Threads Ping Subnet is a multithreaded application and will use a user defined number of threads to perform the task of scanning. This number should be dependant on the resources on your machine and the network bandwidth requirements. For slow connections or machines, values such as 4 or 8 are reasonable. For higher end machines scanning a directly connected network, values such as 32 or 48 are reasonable. Interpreting Results While a scan is active, you can discern several pieces of information about the status of the scan. Specifically, from the Status Bar you can see the network being scanned, the number of hosts being scanned, the number of Active Threads, and the defined number of Maximum threads. The percent completed Panel and gauge show a percentage of the entire scan.



Export Methods




Trace Route Trace Route is a tool used to determine the routed path to a destination host.

Hop In measuring the network distance between you and the destination, each router is considered a hop. IP IP Address of the Hop Router. Note Time to Live being reporting by the Hop router. DNS Resolved Hostname of the Hop Router.



Subnet Calculator Network Calculator is a tool used to determine subnet masks and valid IP Address ranges.

Network The Network Name, specified in terms of Network Address and Number of bits in the subnet mask. Subnet Address The first Address of the Subnet, this address is normally non-usable. Broadcast Address The last Address of the Subnet, this address is normally non-usable. Usable Range The number of usable IP Address’s in the Network Description. Start - To - End First Usable Address and Last Usable Address



Bandwidth Calculator Bandwidth Calculator is a tool used to determine realistic time estimations for network traffic. It is the most accurate Bandwidth calculator available today as it includes metrics for latency, MTU, TCP Window Size, and existing load on circuit. For example, how long it would take to copy a 60 MB file over a T1 to a location in Singapore; when the circuit in question is already under a 75% load. Bandwidth Calculator makes it easy to answer this question.

File Size The amount of Data to send over the network. MTU in Bytes The MTU (Maximum Transfer Unit) is the largest packet that can be sent over the line without fragmenting. RTT ms Latency The Round Trip Latency from source to destination is a measurement of the amount of time taken to send information from end to end. TCP Window The TCP Sliding Window maximum size, normally this will be 32K unless specified otherwise. By enabling RFC1322 options in your OS, some WAN applications see huge performance gains. Bandwidth Total bandwidth of the network. Bandwidth Amount of the Bandwidth from above that is available.



WAN Traffic Generator WAN Traffic Generator is a utility to generate massive amounts of network traffic for testing traffic pattern scenarios. It is useful to test network performance under various loads and also is useful to test redundancy and load balancing. For example, if you have 2 T1 lines to the Internet and they are in a load balanced configuration when you send 3MB per second, you should see each T1 at near capacity.

Options IP Address The destination to send packets, this should be on the other end of the WAN you are testing. *This device must be pingable by the application. Protocol Discard is a single direction packet sequence. When the destination receives the data, it simply drops the packet. Echo is a bi-directional packet sequence. The destination host will try to echo the packet back to you. This is useful to test asynchronous circuits or remote site load balancing. Packet Size The size of the Packet to generate, this should be close to your MTU. Bandwidth The total amount of bandwidth you have.



Utilization The desired utilization you wish to achieve.

Interpreting Results Available Bandwidth The Bandwidth selection from options in bytes per second. Desired Utilization The Desired Utilization selection from Options. Current Utilization The actual utilization being generated per second. Bytes per second The total number of bytes per second that are being generated. . Packets per second The number of packets per second that are being sent.



TFTP Server The DBAP TFTP Server fully supports TFTP File Transfers as defined by: RFC 1350, Trivial File Transfer Protocol, July 1992 RFC 1782, Trivial File Transfer Protocol, Option Extension, March 1995 RFC 1783, Trivial File Transfer Protocol, Blocksize Option, March 1995 Use This application will attempt to listen for incoming requests on UDP 69, as defined by TFTP standards. It supports GET PUT requests on files located in the defined TFTP root directory. Screen-Shots of normal Operation.

Options



Root Directory defines where the TFTP Server will put or get files from.



Ping Path Ping Path is a tool used to monitor and report the packet throughput and network latency to a destination host. By determining the routed path to a destination and testing each segment, this tool is useful to determine the percentage of dropped packets and where network congestion is affecting performance.

Hop In measuring the network distance between you and the destination, each router is considered a hop. IP IP Address of the Hop Router. Hostname DNS Resolved Hostname of the Hop Router. TTL Time to Live being reporting by the Hop router. Packet Loss Ping Path will attempt to send 25 packets to the router and measure the responses to determine if this router is dropping packets. Latency Ping Path will log the time values from the above step and report an average round trip time. This can be used to show where network bottlenecks are occurring.



Ping Monitor A tool used to monitor the status of many devices by ping. This tool encompasses reporting and graphing for network and host availability. The Hosts Menu Add New Node When you first open Ping Monitor it has no devices to monitor.

To add new devices, simply use menu Hosts -> Add New Node. Alternatively you can use the keyboard shortcut, Ctrl+Ins.

Enter the IP Address or Hostname and hit Enter. For example:



Your device should show up in the list now. *Although there is no official limit on the number of devices, it will vary based on your system resources. DBAP Ping Monitor has been tested with up to 512 devices with no problems. Delete Node To delete devices, simply use menu Hosts -> Delete Node. Alternatively you can use the keyboard shortcut, Ctrl+Del. This will delete the highlighted entry. You will be prompted before the deletion takes place to ensure this is intended.

Ping All To Ping All devices in the list, simply use menu Hosts -> Ping All. Alternatively you can use the keyboard shortcut, F5. Ping Node To Ping a singular device in the list, simply use menu Hosts -> Ping Node to test the highlighted device. Alternatively you can use the keyboard shortcut, F6. Resolve IP When a hostname is added to the DBAP Monitor Software, the hostname is resolved to IP Address. From time to time this IP Address may change and the tool may not be testing the correct device. This is a mechanism to refresh this information should the need arise. To initiate a refresh of the database information, use menu Hosts -> Resolve IP. Alternatively, you can use the keyboard shortcut, F10. The View Menu Options DBAP Ping Monitor supports variable Polling Intervals and ICMP Timeout settings.



Snapshot Report DBAP Ping Monitor has a snapshot reporting ability to quickly report the status of all nodes.

Graphing DBAP Ping Monitor also has the reporting ability to display network latency to hosts as a graph.



SNMP Information Update Also included in the DBAP Software Network Tools is a utility to lookup and change the System SNMP Parameters. These are the Device name, location and the technical contact.

And after an update:



Whois The Whois tool is used to determine information for Internet Domain’s. It will use the internic.net Whois database to resolve .com, .net and .edu domains.



Discovery File Viewer When using the Network Discovery or Subnet Scan tools, you have the option to save the results of your scan to file. This file, a DBAP Discovery “.dis” format contains all of the details of the scan and can be very useful for future use.

For example:

Capturing a “Snapshot” of the network at a certain time

Scanning a network you are only going to be briefly attached to.

Keeping a historical view of networks, or having the ability to send network information to other people.

Once the DBAP Network Tools are installed, dis files will be associated with the DBAP Discovery Viewer. You should be able to double-click on them to load. Also, you can use File -> Load within the tool.

Below is a screenshot of the Viewer looking at a Network Discovery Scan:


dbap network tools â„¢

Documents