User Guide:Getting Started

From Netmon

Jump to: navigation, search

Once your server has been physically installed and basic setup has been completed, you are ready to log into the Netmon application.

Contents

Logging Into the Netmon Application

To log in, simply type Netmon's IP address into a web browser which can access that IP address, like this: 

http://netmon_ip_address/

This will display the Netmon login screen, as follows:

Username and Password for Initial Login

If you are logging in for the first time, use the User ID admin with a password of netmon.

Once you log in, it is recommended that you complete the Initial Setup Tasks located in the Settings console.

Performing Basic Setup Tasks

There are 4 quick steps which should be taken immediately after logging in for the first time. These steps allow Netmon to begin discovering devices and services automatically, and also ensures that alert messages can be properly relayed.

To start the Setup Wizard, click the Settings button in Netmon's main menu at the top of the screen, and look for the Initial Setup Tasks link. Click on it, and then click each of the 4 items in turn:

1. Define your Network Range(s) (see Managing Network Ranges)

2. Configure SNMP Automatic Discovery (see Using the SNMP Automatic Discovery Service)

3. Set up Netmon User Accounts (see Managing User Accounts)

4. Alert Testing Utility (see Troubleshooting Email Alerts)

Setting Up Traffic Sniffing

In order for Netmon’s packet analyzers to work properly, it must receive a copy of the packets going across your network. This is accomplished using port monitoring (also known as port mirroring or port spanning) on your switch. Most enterprise switches support this feature. The steps to enable port monitoring vary from manufacturer to manufacturer, so consult the product documentation for your switch to determine the necessary steps. For Cisco devices, the manufacturer has provided an excellent resource to get you up to speed on the SPAN capabilities of Cisco devices and the configuration steps that are required, in this document.

If you are using a hub, no configuration is necessary: hubs send all traffic to each port automatically.

Once you have traffic forwarding working on your switch, you must plug your Netmon device into the forwarding port on your switch.

The recommended configuration is to have NIC #1 (which the operating system calls eth0) configured as the Management Interface and NIC #2 (which the operating system calls eth1) as the Sniffing Interface. This means that the Management Interface will be connected to a normal port on your switch for normal network access, and the Sniffing Interface will be plugged into the mirrored port on your switch so it can sniff network traffic. To accomplish this, configure your interfaces as described below.

Open the Network Admin icon on the desktop. On eth0, set the IP Address, Netmask and Gateway. On eth1, set the IP Address and Netmask, but leave the gateway blank. Save your changes and reboot the Netmon Server.

Open the Netmon application in your web browser, and go to Settings > Netmon Services. Set the IP, HTTP, and eth plugins to 'automatic'. You can verify that Netmon is properly sniffing traffic by clicking on Networks and noticing that traffic is being displayed in the Visual Network Explorer.

Introducing the Netmon Home Dashboard

The first screen you will see after logging into the system is the Netmon Home Dashboard. This screen is designed to provide you with a high-level, up-to-the-moment overview of your network.

Panel: Recently Discovered Hosts

The Netmon network autodiscovery service detects new MAC/IP pairs on your network, and can alert you of this situation if you wish. You can locate this panel at the top right of Netmon's Home dashboard. It displays any recently detected MAC/IP pairs. These entries remain in the panel until they are cleared.

How Network Auto-Discovery Works

Netmon uses the Address Resolution Protocol (ARP) to probe for new hosts on your local segment(s). It issues periodic ARP broadcast requests, and checks the responses it receives against its database of known MAC addresses. When a new MAC address is detected, Netmon can be configured to send an alert message.

Clearing Entries

You can remove entries from the recently discovered hosts panel by checking off the entries you wish to delete, then click the Clear Selected button. There are also two additional buttons provided for convenience: Check All and Uncheck All which allow you to select or deselect the entire list at once.

Configuring Alerts

To configure alert recipients for newly detected hosts, click the button on the Recently Discovered Hosts panel. You'll be able to specify one or more alert recipients in the dialog window that follows.

Panel: Top Activity Snapshot

This panel gives you a high-level overview of the 10 most active client-server conversations over the last 60 seconds, and also shows the TDP/UDP port of each conversation. If Netmon recognizes the port being used, you'll see a friendly name instead of the actual TCP/UDP port.

To get more information for the protocol(s) which are typically used on a particular port, just click the friendly name (i.e. HTTP or FTP) and you'll be taken to a page in the Help & Resources Panel which will tell you what Netmon knows about this port. Netmon ships with a built-in dictionary for over 50 protocols. Each entry in this dictionary contains a high-level overview of the protocol, as well as links to helpful web resources for that protocol.

To get more detail for any host which is shown in this panel, simply click on it. This will take you to a page where that particular host can be explored much more thoroughly.

Panel Actions

Image:button_print.gif Print an instant Quick Report by clicking this button in the panel.

Image:button_refresh.gif Refresh the display with new data by clicking this button.

Panel: Top Web Destinations

This panel shows the top web destinations (based on HTTP requests), averaged over the last 20 seconds.

To get more detail for any destination which is shown in this panel, simply click on it. This will take you to the Visual Network Explorer page where that particular host can be explored in more detail.

What is a 'Web Destination'?

A web destination is simply the recipient (i.e. the server) of HTTP requests. This could be any or all of the following:

  • Public websites like www.google.com or www.amazon.com
  • Local intranets and web based applications
  • Non-Web HTTP traffic (i.e. SOAP or XML-RPC calls)

Panel Actions

Image:button_print.gif Print an instant Quick Report by clicking this button in the panel.

Image:button_refresh.gif Refresh the display with new data by clicking this button.

Panel: Top Web Users

This panel displays the top local hosts which are requesting HTTP web traffic. Traffic rates (averaged over the last 20 seconds) are also provided for reference.

To get more detail for any host which is shown in this panel, simply click on it. This will take you to the Visual Network Explorer page, where that particular host can be explored in more detail.

Panel Actions

Image:button_print.gif Print an instant Quick Report by clicking this button in the panel.

Image:button_refresh.gif Refresh the display with new data by clicking this button.

Panel: Top Ethernet Protocols

This panel shows you the most active Layer 2 protocol usage, averaged over the last 20 seconds, and ordered by the Ethernet frame type.

This panel is extremely useful to get an idea of your overall network traffic load. It aggregates all traffic information for each major Ethernet protocol type, and displays information for each. Using this panel, you can also monitor the usage of non-TCP/IP protocols like IPX/SPX, ARP, as well as network bridging protocols like 802.1d. (Note that 802.1d is a much different protocol from the 802.11 wireless protocol suite).

On most TCP/IP networks, IPv4 (both TCP and UDP) should appear at the top of the list under normal network conditions. Address Resolution Protocol (ARP) is a MAC-to-MAC addressing protocol, is also generally present as well, though at a much lower level. (ARP poisoning attacks could be monitored through this panel.)

Panel Actions

Image:button_print.gif Print an instant Quick Report by clicking this button in the panel.

Image:button_refresh.gif Refresh the display with new data by clicking this button.

Using the Help & Resources Panel

The Help & Resources panel is a completely integrated, one-stop guide to your Netmon server appliance. This panel is built right into the Netmon application, and provides direct access to a rich variety of resources. Using this panel, you can:

  • Image:button_userguide.gif Access the Netmon User Guide
  • Image:button_rss.gif Stay up-to-date on recent network security news with the Security & Monitoring News Center
  • Image:button_techsupport.gif Request technical support, through either the Live Chat system or by sending a message through the built in Support Request Form.
  • Learn more about specific parts of the Netmon application with context-sensitive buttons located throughout the Netmon user interface.

Other Panel Actions

  • Image:button_navleft.gif Image:button_navright.gif As you move between different pages in the Help & Resources panel, these buttons can help you navigate.
  • Image:button_print.gif All of the pages which are displayed in the Help & Resources panel are automatically printer-friendly. Just click this button for a perfect printed document.

Go To Next Section: Monitoring Network Activity

Go Back: Installation

Retrieved from "http://wiki.netmon.ca/index.php/User_Guide:Getting_Started"
Personal tools