Cheops, developed by Mark Spencer, is intended as a network management tool. Its chief functioning features include:
■ Automatic network scans to add all hosts present on the network
■ A graphical network map of each host that shows the default gateway for the network
■ The ability to provide crude port scans for each host
■ Operating system identification
■ Active monitoring of remote systems to see if the host is up, or if a particular service is up and running
■ The ability to manually add or delete a host from the map
■ The ability to add an entire IP network or DNS domain to the map, and then have Cheops automatically add new hosts to the map
■ The use of the Simple Network Management Protocol (SNMP) to query hosts
■ Resolution of DNS names (including reverse DNS lookup)
■ Use of ping or traceroute on each host on the map
■ Ability to access the network services (e.g., FTP,Telnet, and SSH) provided by a host on the map
The most impressive feature that Cheops offers is scalability. You can configure Cheops to launch any application you wish to further help you determine the nature of a host. You will learn how to do this in the exercise later in this section.
Billed as a graphical network neighborhood, Cheops is related to applications such as HP OpenView. HP OpenView is a sophisticated, expensive graphical front end that uses SNMP, a protocol that allows you to monitor remote systems. Both Cheops and HP OpenView allow you to create a graphical map of the network, and then manage any host on that map. Although Cheops is not nearly as sophisticated, it still allows you to quickly learn which hosts are up on a particular network segment.
The Simple Network Management Protocol (SNMP) helps you gain information from remote systems. It can also be used to set operating system values. It is commonly used on routers, as it can be used to change routing values, IP addresses, and any element of the operating system. SNMP requires that the remote system install small daemons, called agents, that accept commands from an application commonly called a "Network Management Station" (NMS). Examples of NMS applications include snmpwalk, snmpget, and Scotty. In the Windows world, the HP OpenView application is especially popular. Using NMS applications, it is possible to issue queries to agents to learn information such as:
■ The configuration of the operating system, including IP addresses, active interfaces, and defined users.
■ Processes currently running on the operating system.
■ The amount of IP, ICMP,TCP, and UDP traffic that has passed through an interface.
■ A count of the number of routers a packet is supposed to travel through before it reaches a particular network.This number is often known as a hop count.
If the system agents are allowed to write values to the operating system, it is possible to have these agents actually change the configuration of the operating system. For example, agents can change the IP address on some operating systems. For more information about how SNMP works, install the UCD SNMP tools (discussed later in this chapter), and consult the snmpwalk and snmpget man pages.You can also learn more about SNMP at the Research Web site (www.snmp.org).
Was this article helpful?