Sections

What is the BWMonitor Project?
The Applications
Requirements
To-do Requirements (Tentative)
Screen Shots
Installation
Credits
Links
My Contact Information

What is the BWMonitor Project?

The administrator must have full control over how and who is using the network at any given time. He/she must also make sure that his subnet usage trends are monitored closely to avoid reduced network performance due to heavy traffic loads. The administrator has to know what services are generating the traffic and how much. To address this issue, I embarked upon developing a set of utilities that would allow an administrator to do exactly this.

The reason I wrote this set of applications was to expose myself to new and initially unknown programming (and networking) concepts. I was required to develop a technical project upon completion of the Computer Engineering Technology Program at Saint Lawrence College in Cornwall, Ontario, Canada. I decided that this project would be interesting, and challenging enough for me to persue. (It took many beers to come up with this concept)

This is an application suite that allows a user to specifically state what port/service numbers he/she wishes to monitor (i.e. Http, ssh, etc...), or the user has the ability to use the same expressions that tcpdump uses (i.e. "dst net 192.168") in order to be more specific about the data they wish to monitor. Bwmonitor will root out all traffic on athe subnet that the local machine is attached to, is inbound/outbound to/from that subnet and comply's to the user defined network sniffing rules.

The Applications

This is the Linux daemon process that reads a set of user defined rules from a configuration file named /etc/bwmonitor.conf. It also acts as a server for the Bwmonitor GUI client.

This is the QT3 based configuration utility that is used to add, delete, append and modify new rules in the /etc/bwmonitor.conf. Although this configuration file is very easy to edit manually, this utility allows the user to add rules without knowing exact service port number by using the service name.

This is the QT3 based client application that allows the user to view how the network bandwidth is being used in real-time on a per rule basis. Besides displaying a scrolling real-time histogram of the bandwidth usage, it also displays other stats in a dialog such as: current rate inbound, current rate outbound, peak rate inbound, peak rate outbound, total data inbound and total data outbound.

Requirements

The initial requirements of this project were chosen specifically to make the creation of the initial software model less complex and easier to add new features into the project. The following list was the intial requirements that i set out to follow.

• Create a multi-threaded daemon process that allows the capture of packets that were not intended for the local machine
• Make sure that each thread represents a sniffing rule
• With each sniffing rule thread, create another thread that runs in parallel to generate and record statistical data for that sniffing rule.
• Stats updated every 1/2 second. Create a GUI application to allow easy manipulation of the configuration that is associated with the daemon process ("/etc/bwmonitor.conf")
• Create a GUI application that provides a visual representation of how the bandwidth is being used for each of the network snifffing rules.
• Use Unix Domain Sockets to provide communication between the client application and the daemon.
• Use QT3 as the GUI API, so that when KDE version 3 is release over the coming year, there will be no compilation issues. (also allows for MySQL support; see ToDo Section)

To-do Requirements (Tentative)

Daemon Application (bwmond)

• Make the program usable on other types of connections (tokenring, ppp, pppoe....)
• Provide a method of tracking activities of hosts and rule stats on the subnet via a mysql database
• Must be dynamic for reset on a daily basis (and old movement archieving)
• DB will have record stats for all hosts that have made external connections to the subnet.
• Will allow for viewing of how much data was inbound and outbound for a particular host on that subnet to the external host.
• Will have average hourly stats (Rate in and out, data movement, etc...)
• Put code for memory locks in daemon application to control access to thread shared memory (doesn't appear to have any issues without, but inserting anyway)
• May switch from using Unix domain Sockets to Posix Shared Memory to provide communication between daemon and client
• Aquire other stats such as Hourly averages of Amount In/Out, Peak In/Out Fix Overflow of variables in Stats struct

Client (bwmclient)

• Add new interface to browse Host Tracking database
• Add new interface to browse Statistic Records
• Makes sure user accessing the database records is root Add method to configure pathnames
• Change daemon comm. To daemon over to POSIX shared memory
• Insert startup logo
• insert proper about dialog.

Daemon Configurator (bwmdconfig)

• set up start/stopping of daemon process; kill problem
• allow resizing of windows

Screen Shots

1. BWMonitor Client Pic 1
2. BWMonitor Client Pic 2
3. BWMonitor Client Stat Dialog
4. BWMonitor Daemon Configurator Pic 1
5. BWMonitor Daemon Configurator Pic 2

Installation

• The following Installation procedure automatically assumes that Trolltech's QT version 3 Final(not beta) is installed on the system. So if your running KDE 3, you should not have any problems because it uses QT3.(KDE 3 alpha may not work because it uses a beta version of QT3)


• BWMonitor requires you to have libpcap installed to provide the network sniffing capabilities. Its used by tcpdump.


• Currently only ethernet is supported by bwmonitor... others to come...


• In order for new changes to the rule configuration to take effect on the daemon and the client, they both must be restarted.

1. Download the three packages available here. Untar/zip the source tgz with this command: "tar -zxpvf packagename.tar.gz".


2. After decompressing the files, go into each one of the directories and type in the following commands:
   
   • ./configure
   
   
   • make
   
   
   • make install (as root user)
   
   
   Keep note that this will install the executable files to /usr/local/bin/ by default (look at ./configure --help for other options)


3. In order to start the daemon sucessfully, you have to create at least one rule in which daemon can follow. These rules are saved to a file called "/etc/bwmonitor.conf". So start up bwmdconfig (probably in /usr/local/bin/ if you followed the above proc.) and add the rules u want the daemon to follow. For a simple rule, simply choose the rule ID #, port # (by actual number or by service name; example: http) and make sure your chosen interface is correct (example: eth0). In order to state a more complex rule, use the packet capture expressions as used by tcpdump by unchecking the "Use Regular Expressions" checkbox. Click "Save to File" when done, then exit. Note: If the expression is invalid, the rule will simply be skipped by the daemon and there will be a syslog error indicating thus.


4. Start the daemon as the "root" user by executing "bwmond" (probably located in "/usr/local/bin/")


5. Start the bwmonitor client by executing "bwmclient". Then click from the menu "File"->"Connect" and you will presented with all the graphs of the rules you have set. By putting one of the rules into focus, you can view the stats for that rule by pressing the space bar.

My Contact Information

Credits

• To Uwe the creator of the QT/AI QT plotting graphs
• Thanks to everyone on irc.openprojects.net for thier help. Many people there with lots of patience to help newbies!
• Thanks to my Programming professor G. Mackay (creator of Netwatch) at Saint Lawrence College for all his assistance
• And of course SourceForge for allowing me to expose this project to the world :)

Links