One of the grooviest things about the Sixties was the art form known as underground comix (spelled with an "x" to distinguish it from the kind DC and Marvel published). I dug the heck out of the late Gilbert Shelton's work, (he of the Fabulous Furry Freak Brothers and the Doings of Dealer McDope), but my main comix ax was Zap--and the ubiquitous R. Crumb's Mr. Natural was the very embodiment of its psychedelic, Zen perspective.

Mr. Natural was often as hapless and beset by circumstance as any of Crumb's more obvious schlemiels. However, unlike others, such as Flakey Foont and Schuman the Human, ol' Natch never lost his cool and he often had quite hard headed, practical advice for those characters who, like Flakey and Schuman, were less well-favored by their creator.

My favorite Mr. Natural panel shows him perched atop a tractor, harrowing a hemp field. The caption reads, "Mr. Natural sez, `Get the right tool for the job!'"

1998 is going to be a big year for the Internet. Telephone local exchange carriers are finally starting to roll out xDSL to their bandwidth-hungry customers and cable multi-system operators are doing likewise with cable modem access. The big ISPs (mostly long-distance phone companies and AOL) are starting to gobble up the little ones as if they were salted peanuts. This past Christmas' crop of sub-$1,000 PCs are going to cause the Internet user population to really explode, any second now. And all those things mean the bar of competition in the ISP industry is soon going to be raised to Olympic heights.

Your job is about to get a whole lot tougher-and you'd better be sure you've got the right tools for it.

Mapping the Territory

Any network tech worthy of the title has to be able to diagnose and monitor the health of his or her network. You can't afford to guess, because guessing wrong will cost you bandwidth, up time and customers.

Luckily, there are a goodly number of such tools available, in a range of prices that makes at least the basic ones affordable to nearly anyone. (And, by "basic," we're talking a step or two beyond WhoIs, TraceRoute, Ping, Finger and nslookup--all of which are available for Windows95/NT in Alex Danileiko's freeware NetLab program.)

It doesn't get any cheaper than free, and Servers Alive by DBU Consulting is a Visual Basic freeware program (the author requires registration, but doesn't charge for the program) for Windows95/NT that simultaneously monitors the status of up to 100 different hosts running HTTP, FTP, NNTP, POP3, SMTP or other servers running on any user-specified port number. In the event of a server failure, Servers Alive can sound an audible alarm, send an SMTP e-mail alert, execute an external command or publish an HTML page to a designated server. Best of all, it can be monitored remotely via Telnet or a web browser, since the program incorporates a mini-HTTP server. (Make sure you have the Visual Basic 5.0 Service Pack 2 runtime dlls installed, or this one won't run.)

Another great free network administration tool is the IP Subnet Calculator version 2.0 for Windows 95/NT. Enter an address and a subnet mask and it will give you back the start and end addresses for the subnet. It supports CIDR supernetting, so you can simply enter the number of supernet bits you want to use and an IP address, and it will return the number of possible supernets and their address allocation range, as well as the supernet mask and the route address. Get this one.

If you're running Unix, you'll definitely want Van Jacobson's tcpdump. It's a packet capture and analysis tool for Ethernet that compares very favorably in power with commercial applications in the multi-thousand-dollar range. Van also wrote the original TraceRoute and happens to be one of the great, gray gurus of Internet network management.

Then there's Multi-Router Traffic Grapher by Tobias Oetiker and Dave Rand. MRTG is a tool to monitor the traffic load across network links. It's based on a Perl 5 script that uses SNMP to read the router traffic counters and a C program that logs the data and creates graphs of the traffic on the network. MRTG then generates HTML pages which contain GIFs that provide snapshots of network traffic. With a little modification, it can be used to generate graphical reports from any SNMP MIB, so a little time invested in hacking the MRTG source will provide you with a general-purpose monitoring tool. It's licensed per GNU, so you're free to turn any such hack into a commercial tool--so long as you agree to make your source code available to anyone who wants it.

Vikas Aggarwal's Network Operation Center On-Line/NetConsole is a network monitoring package that runs on Solaris 2.2, SunOS 4.1.1, Ultrix 4.2 and BSDI/386 platforms. It's made up of several standalone monitoring agents that poll various network and system parameters. The NOCOL/NetConsole agents all share a common display and post-processing interface for logging and notification. They permit you to define four different levels of severity for event notification, from "informational" to "critical" and the user at each monitoring station can individually decide which level merits display. The currently available agents monitor ICMP, RPC portmapper, Ethernet load, TCP ports, Unix host performance (including disks, memory, swap, load, nfs, and collisions), SNMP variables (RMON, Cisco router and terminal server), TCP data throughput, named, SNMP traps, terminal server modem lines (i.e.-busy lines), and BGP peer status, as well as OSI, IPX and AppleTalk. It's freeware, too.

Strictly Commercial

At the low end of the cost scale, there's the $79 IP Sentry, a Windows 95/NT app that monitors network components and can be configured to page or email you, as well as trigger audible and visual alerts when it senses a failure. It will run as a service under NT and can be configured to run an external command when triggered, to page multiple numbers or to escalate pagers, if the alarm condition isn't fixed within a user-specified time. In multihomed networks, it can be configured for component dependencies (so that, for instance, a crashed router won't trigger a server down message).

WhatsUp by IpSwitch Corporation lists for $195. It's a Windows 95/NT application that includes a graphical display of the components you've selected to monitor and their current status. WhatsUp works best with RMON-manageable components (hosts, servers, workstations, bridges, routers, hubs and so on), but it can also "see" whether non-manageable devices are alive. It includes versions of WhoIs, TraceRoute, Ping, Finger, and Lookup (IpSwitch's version of nslookup). You can configure it to monitor specific services--such as SMTP, POP3, FTP, HTTP and Telnet--and to notify you if they stop responding or hit user-definable maximum thresholds. Better yet, it can be configured not only to give visual and audible warning of outages, but to page or email you when alarm conditions occur. At night and on weekends, it can be a reputation saver for smaller ISPs.

WhatsUp Gold at $595 is WhatsUp's enterprise-ready brother. It includes all the features of the original version and adds such features as additional views (the original version only shows a map view) of the network, the ability to poll multiple maps simultaneously, and a set of object-oriented drawing tools to enable you to create custom network maps. It also gives you the option to designate up to three user-defined monitorable services (such as a web server configured for a non-standard port), user-defined voice notification, user defined hierarchical relationships (between subnets, for instance), and dependencies and the ability to view the display in any web browser (allowing you to monitor your network from home, for instance).

At the high end of the range is Network Associates' Cinco NetXRay and its sister product WebXRay. NetXRay is both a protocol analysis and network monitoring tool. It runs on Windows 95/NT and does real-time packet capture and decoding, monitors both current and historical network node utilization and packet and error rates for IP, Novell, AppleTalk and other network protocol environments. NetXRay can generate traffic to do load and performance testing and can play back captured packets either as they were recorded or in edited form. It does auto discovery of your network's nodes, allowing you to build a network topology map from the discovered data. NetXRay also does paging and email alerts, as well as being able to run external commands whenever your network exceeds thresholds you define. It can display its data in both tabular and graphical format, including pie and bar charts, traffic maps, plots and matrixes, as well as being able to export it to Network Associates' Sniffer Analyzer trace file format or to CSV text so that you can import it into a spreadsheet or database for custom analysis. All this power comes at a price and the price isn't cheap. Anything other than basic Ethernet capture capability will cost you in the neighborhood of $2,500 (there is no "list" price, per se, but Network Associates' resellers all charge about the same amount).

WebXRay is an IP-only version of NetXRay that leaves out the trace file format export capability, but substitutes for it the ability to report on user access lists, access frequency and aborted connection attempts. It also offers statistical monitoring of HTTP, FTP, POP3, SMTP, Telnet and any other services you define by IP port number. It, too, does auto discovery, features page, email and other alarms, has very nice graphical display capabilities and costs an arm, a leg and your first-born child.

Lest we forget, there's also Network Associates' Sniffer. It does so many things that it takes a week of training just to be able to scratch the surface. It also costs as much as a new Volvo, so only the largest ISPs will be able to afford it.

And, of course, there are also the really high-end network monitoring platforms, such as Hewlett-Packard's OpenView, Sun's Solstice, IBM's Netview/AIX, DEC's Polycenter and Cabletron's Spectrum. If your operation runs on one of those platforms, I'm sure your friendly, neighborhood value added reseller has told you all about them..again and again and again.

Tools on Dead Trees

The Internet has a lot of advantages over mere books. It's easily searchable, factual mistakes can be readily corrected, and keeping reference works current is a heckuvva lot easier. It has two major disadvantages, though: when your network's down, you're out of luck, and you still can't take it to the bathroom with you. For both reasons, words on paper will be with us for a good long while to come. At a minimum, your bookshelf should include the following works:

How to Set Up and Maintain a Web Site, Second Edition by Lincoln Stein (copyright 1997 by Addison, Wesley Longman, $39.75, ISBN 0-201-63462-7). This is as close to an all-in-one reference as you'll find. It includes an exhaustive CD-ROM and covers all the major Unix, NT and Mac servers, content creation tools, HTML 3.2 and VRML, Java, JavaScript, Perl 5, CGI, and--very importantly--security, security and more security. It's great as a standalone, or as a companion to Webmaster in a Nutshell, Deluxe Edition (copyright 1997 by O'Reilly & Associates, $69.95, ISBN 1-56592-305-7,) including the full text of O'Reilly's HTML: The Definitive Guide, Second Edition, JavaScript: The Definitive Guide, Second Edition, CGI Programming on the World Wide Web, Webmaster in a Nutshell and Programming Perl, Second Edition (the famous "camel" book,) all on a browser-searchable CDROM (the search applet doesn't run on the Java virtual machine supported by any current Mac browsers, though).

If you're running Unix machines (and most of us are) or MetaInfo's sendmail for NT you're probably also going to want a copy of Sendmail, 2nd Edition by Bryan Costales & Eric Allman (copyright 1997, 1993 by O'Reilly & Associates, $39.95, ISBN 1-56592-222-0). Co-author Eric Allman is the creator of, and continues to maintain, sendmail. An update of the 1993 original, this book is both a tutorial and a comprehensive reference to version 8.8 and earlier of the standard Unix mail server and daemon. It covers building, installation, and configuring sendmail and various aspects of sendmail administration, including using the sendmail restricted shell (a topic also covered in Practical Unix & Internet Security, 2nd Edition). If you find it useful, you'll probably also want to get the classic:

TCP/IP Network Administration by Craig Hunt (copyright 1992 by O'Reilly & Associates, $32.95, ISBN 0-937175-82-X). This is a must-have volume for Unix network admins. It addresses the basics of IP administration, including basic configuration for network interfaces, routing, DNS, sendmail and other network applications. It starts with an overview of TCP/IP and ends with a whole lot of useful appendices (although some of the URLs listed are now outdated and/or unreachable). In between, it addresses the basics of IP administration, such as basic configuration for network interfaces, routing, DNS, sendmail and other network applications, and it includes a very useful section on troubleshooting.

Regardless of whether you run Unix or NT, you'll want a copy of Paul Albitz & Cricket Liu's DNS and BIND, 2nd Edition (copyright 1996, 1992 by O'Reilly & Associates, $32.95, ISBN 1-56592-236-0). This book describes the Domain Name System and walks you through setting up both Unix and NT versions of the Berkeley Internet Name Domain software that is the workhorse of most Internet name servers. It also explains how to delegate the ability to assign names to a child server and how to correctly set up mail forwarding. It also goes into debugging and troubleshooting problems in versions 4.8.3 and 4.9.4 of BIND. For code warriors, it also discusses both shell programming with nslookup and C programming with the Resolver library routines.

Which Way Do We Go?

Let's face it--we've just scratched the surface of the surface, so far. We haven't looked at development tools, web log analysis tools, help desk tools, or tools to help you deal with financing your operation. Nor have we dealt with tools to help you diagnose and analyze physical problems with cabling, modems or NICs. And we've studiously ignored the whole issue of security. But, those topics will all just have to wait for future columns, because it's time for me to go, now.

In the meantime, for a lot more information on network analysis, management, benchmarking and diagnostic tools, take a look at rfc 1470. It's a comprehensive listing of network operations center tool sets that briefly describes dozens of different freeware and commercial products for Unix, Macintosh and Wintel platforms.