Live digital threats

I wanted to bring these free tools to my blog to keep track of them, as most probably I will forget about, and to share with anybody interested in gathering information in the security areas.

First tool was revealed to my in tweet from Greg Ferro:

https://twitter.com/etherealmind/status/392606499044098049

As usually I trust his words, I said to give it a try. I can tell that this tool is very interesting. According to the explanation found on http://www.digitalattackmap.com/faq/ :

The Digital Attack Map presents data gathered and published by Arbor Networks ATLAS® global threat intelligence system. ATLAS sources its data worldwide from 270+ ISP customers who have agreed to share anonymous network traffic and attack statistics. Data is updated hourly and can also be found in Arbor’s ATLAS Threat Portal.

Below you have an embedded version of this map, but better access the Digital Attack Map website.

Second tool caught my attention from the Digital Attack Map explanation and it’s called Arbor’s ATLAS Threat Portal.

Atlat Threat Portal

This tool is explained as:

The ATLAS portal today is a public resource that delivers a sub-set of the intelligence derived from the ATLAS sensor network on host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures.

If the first tool is related to network attacks, the second one is covering more topics like botnets, phishing, scans and more.
You can access Arbor’s ATLAS Threat Portal here.


Packet header graphic representation

I was surfing the Internet in search of some good drawing representing packet header and I come across five excellent diagrams large enough ( 1050px wide ) to use digital but also for printing. The person behind these excellent drawings is Matt Baxter, but his site (fatpipe.org) is not accessible anymore. I found these documents on the Internet and I thought to add them here together.

You will find a link at the bottom of this post where you can download them all together.

Disclaimer: These drawings are not mine and I don’t claim any rights on them. My thanks and all copyrights go to Matt Baxter.
Matt, if you come across this blog and you find sharing to be inappropriate, please contact me.

IPv4 Header

IPv4 Header

IPv6 Header

IPv6 Header

TCP Header

TCP Header

UDP Header

UDP Heater

ICMP Header

ICMP Header

Download all drawings here:

Packet header representation

 

Draw network diagrams online (with Cisco stencils)

I’m a Mac and Linux user and if you are like me, then you have the same problems drawing network diagrams. Microsoft Visio does not have a version for this platforms. I’m not saying that there are no alternatives to Visio on Mac or Linux platform, but most of them are either limited in features, expensive or need some tricks to use it (as I described in one of my early post).

Finally I’ve found something that is:
– accessible (free or paid, but decent prices)
– online
– allow me to use Cisco stencils (not all, but at least a decent set of them)
– import / export Visio .vdx files (for paid version; I would like to have it for free or for Personal plan, but they have to make some money, isn’t it?)
– allow me to save the work in .pdf, .png or .jpeg format

The application is brought by LucidChart.com. I’ve found some other applications online, but I consider this to be the best so far.
I’m using the free version for now, but I’m thinking to buy paid account, especially for the Visio import / export features. As said above the prices are decent:

[adsense_id=”1″]

LucidChart.com may be used for more than just network diagrams, but I’m writing about this kind of drawing as is the most important for me now. Since a picture worth a thousand words, here is a small screencast that I made to show you how it works. No words (I don’t like how my recorded voice sounds) but you can see how a new network diagram is created from start to the point where I can save and use it outside LucidChart.com

P.S. I’m not affiliated in any way to LucidChart.com, the links are not part of any affiliate program and I’m not paid to write this post! I just want to share with you something that I find useful for network engineers.

[adsense_id=”4″]

Etherape – Real time network topology and traffic flow

There are numerous reasons why you would want to watch your network topology or the flow of traffic on your network. Say you are experiencing a bandwidth bottleneck. What is causing that bottleneck? Is it a particular user? A machine gone awry? How do you find out what is happening without having to walk around to every single machine on your network? Easy. The Etherape network monitor gives you a real-time graphical display of your network and the flow of traffic. Using this tool you can easily pinpoint suspect machines. Let’s take a look at exactly how you can use this tool to troubleshoot networking issues.

Installation

Etherape is only available for UNIX and UNIX-like OSs (such as Linux and even OS X). In order to use Etherape you will need:

  • libpcap
  • GTK+
  • Libglade 2
  • GNOME
  • Standard resolver library (name depends upon OS)

Read more here…

Free Netflow Analyzer software

For today, I put together a list with the software that I’m using when I’m testing network behavior in the lab. The software below is free, with some restrictions but is perfect to use it when you need a quick solution to monitor your network with Netflow, sFlow or jFlow.

All the proposed software have commercial version, so if you like then and you consider one for your company please get in touch with the company that develop them for more information about licenses.

sFlowTrend

Free, graphical network monitoring tool. sFlowTrend makes use of the popular sFlow standard to generate real-time displays of the top users and applications making use of network bandwidth.

Some features:

  • Quickly understand who is using the network and what they are doing.
  • Enforce corporate acceptable network use policies.
  • Rapidly identify the cause of any problems or abnormal traffic.
  • Understand trends in usage and accurately target upgrades.
  • Generate management reports on current and historical performance.

sFlowTrend is written in Java and will run on most platforms.

Download sFlowTrend.

Solarwinds Netflow Analyzer

Solarwinds Real-Time NetFlow Analyzer captures and analyzes NetFlow data in real time to show you exactly what types of traffic are on your network, where that traffic is coming from, and where it is going. It displays inbound and outbound traffic separately for granular analysis that makes problem diagnosis quick and easy. You can view the historical NetFlow data broken out by application, conversation, domain, endpoint, and protocol. That way you know exactly how your bandwidth is being used and by whom.
Features:

  • Investigate, troubleshoot, and quickly remediate network slowdowns
  • Easily identify which users, devices, and applications are consuming the most bandwidth
  • Isolate inbound and outbound traffic by conversation, application, domain, endpoint, and protocol
  • Personalize NetFlow data displays to view traffic by specified time periods (up to 60 minutes) and by traffic type
  • Customize refresh rates and display units for NetFlow traffic

Drawback for this free version is that it can record only up to 60 minutes, than you have to restart software to record again.

Available only for Windows platforms.

Download Solarwinds Netflow Analyzer

ManageEngine Netflow Analyzer

ManageEngine NetFlow Analyzer is a, web based (no hardware probes), bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use. NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector, analyzer and reporting engine integrated together.

Features:

  • Real-time visibility into top applications and talkers in the network.
  • Detection of unauthorized WAN traffic.
  • Identify virus, worms and DoS attacks in real-time.
  • Understand the history of security violations with alert reports.
  • Recognize applications that use dynamic ports by performing a deep-packet inspection using Cisco NBAR.
  • Real time reports with 1 minute granularity.
  • Aggregated data stored for ever for historic reports
  • Ability to view reports in different granularity – 10 min, hourly, daily, weekly, monthly, and custom time period.

The bad aspect is that you can use it only for 30 days. Then you have to buy it. There is a trick, that if you reinstall the product you can use it again for 30 days. I advice to use this trick just for personal use or for testing purpose.

Available for Linux and Windows.

Download ManageEngine Netflow Analyzer

Plixer Scrutinizer

Plixer Scrutinizer captures Cisco NetFlow, sFlow and other flow technologies and uses that data to monitor the overall network health. Reports on which hosts, applications, protocols that are consuming network bandwidth.

Custom NetFlow Reports allow you to filter (include/exclude) in on exactly the information you need. They can be saved and run again later.

Features:

  • Adds several additional traffic analysis Report Types (e.g. Flows, Flow Volume, NBAR Support, etc.).
  • Report on Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc., across dozens of routers and switches.
  • Any saved report in Scrutinizer can be configured with a threshold to trigger an alarm.
  • DNS resolution becomes automated and a constant process.
  • Network traffic reporting and alarming on the internal network: SYN, NULL, FIN, XMAS Scans, RST/ACK worms, P2P, ICMP Unreachable, illegal IP addresses, excessive Multicast traffic, known compromised Internet hosts and more.

The bad part is that it drops the database after 24 hours. Still you can save the databases before this are dropped by the free version of Scrutinizer.

Available for Windows platforms.

Download Plixer Scrutinizer

Do you have any other alternatives that can help network engineer test their environment? Feel free to suggest in the comments form and if they are good I will add them to  this post.