man cheops (Administration système) - network monitor tools for system administration

NAME

cheops - network monitor tools for system administration

SYNOPSIS

cheops

DESCRIPTION

Cheops is a network "swiss army knife". It's "network neighborhood" done right (or gone out of control, depending on your perspective). It's a combination of a variety of network tools to provide system adminstrators and users with a simple interface to managing and accessing their networks. Cheops aims to do for the network what the file manager did for the filesystem.

Cheops features: Host discovery

Machine fingerprinting to determine OS

Use of DNS and ICMP to

Network monitors

Interface with SNMP

Thus, cheops has taken on the role of a network management system, in the same category as one might put HP Openview or Scotty (also known as Tkined a very nice, although a bit outdated free network monitor). Notice that while this program thus not provide as many features as the aforementioned it does provide a nicer interface and is still under development (so nicer things might be available in the near future).

Cheops must be run by the root user, since it is not installed (by default) setuid. You can make it setuid but there are (quite probably) bugs that might make this a security risk. It needs to run as superuser due to the use of raw sockets in order to do TCP/IP fingerprinting.

This IS NOT designed to be an attacker's tool, and you SHOULD NOT use it to explore domains you do not have authorization to access. The author does not take any responsibility for use of this tool on unauthorized domains! Be aware that cheops is not stealthy and that using it on a remote network, it will be very obvious that you are doing so!

This manual page was written for the Debian GNU/Linux distribution because the original program does not have a manual page.

INTERFACE

The interface presented shows a view of hosts available on the network showing, if possible, the operating system they use with a distinct pixmap. The user can select a given host and monitor processes running there, also, new hosts or networks can be added using the menu above the network display.

The mechanics of cheops operation are nothing new:

Simple ICMP "ping" packets are used to initially search a network for hosts that are alive. (ping)

Domain Name Transfers are used to list hosts in a domain (nslookup)

OS detection is done using invalid flags on TCP packets (queso)

Port detection is done (somewhat) silently using half-open TCP connections in order to avoid unnecessarily starting services or logging on the remote machine. (halfscan)

Mapping is done using UDP (or optionally ICMP) packets with small time-to-live values (traceroute and mtr, respectively)

Monitoring is done using normal connect() sequences using sets of chained stages centerd around the gtk_input_add routine.

OPTIONS

Cheops does not yet use any command line options.

Virtually everything is configured via the graphical interface. After discovering hosts, right clicking on them will give you a list of possible choices.

ENVIRONMENT

CHEOPS_HOME
The place cheops should look for its pixmaps and configuration file. Plugins are stored in a system dependent directory (in Debian /usr/share/cheops/).

FILES

~/.cheops/geometry

~/.cheops/options

~/.cheops/plugins

Automatically generated per-user configurations file. DO NOT EDIT MANUALLY!

BUGS

Cheops is beta software, and consequently still has bugs and incomplete features.

But reports can be e-mailed to Mark Spencer at markster@marko.net or to the Debian maintainer of this package using the Debian Bug Tracking System (http://bugs.debian.org/) , but any questions answered in the FAQ at the main cheops page will not be answered. Suggestions and ideas for improving it are welcomed.

SEE ALSO

queso(1),cheops-ng(1)

Additional information at the main site: http://www.marko.net/cheops (home page) ftp://ftp.marko.net/pub/cheops (FTP site: look here for newest releases) and in the default location for installed documentation /usr/shared/doc/cheops/

AUTHOR

This manual page was written by Javier Fernandez-Sanguino <jfs@computer.org>, for the Debian GNU/Linux system (but may be used by others).

Cheops was originally written by Mark Spencer, and was sponsored greatly by Adtran, Inc.