cheops-ng - network monitor tools for system administration

cheops-ng

Cheops-ng is a network "swiss army knife". It's "network neighborhood" done right (or gone out of control, depending on your perspective). It's a combination of a variety of network tools to provide system adminstrators and users with a simple interface to managing and accessing their networks. Cheops aims to do for the network what the file manager did for the filesystem.

In order to run cheops-ng you need to start up cheops-agent first and, when requested the IP address of the cheops server, introduce the IP address provided by the agent when it started up. If you run the agent and the GUI in the same system you can just use 127.0.0.1 as the IP address of the agent.

Cheops-ng features: Host discovery

Machine fingerprinting to determine OS (using Nmap)

Use of DNS and ICMP to detect network hosts

Network monitors

Thus, cheops-ng tries to take on the role of a network management system, in the same category as one might put Nagios (formerly Netsaint), HP Openview Network Node Manager or Scotty (also known as Tkined). Notice that while this program thus not provide as many features as the aforementioned it does provide a nicer interface and is still under development (so nicer things might be available in the near future). Outstanding missing features are: SNMP support (to detect hosts and interact with them through SNMP) and service monitoring (to probe systems and determine when a critical service is no longer available).

Cheops-ng must be run by the root user, since it is not installed (by default) setuid. You can make it setuid but there are (quite probably) bugs that might make this a security risk. It needs to run as superuser due to the use of raw sockets in order to do TCP/IP fingerprinting.

This IS NOT designed to be an attacker's tool, and you SHOULD NOT use it to explore domains you do not have authorization to access. The author does not take any responsibility for use of this tool on unauthorized domains! Be aware that cheops-ng is not stealthy and that using it on a remote network, it will be very obvious that you are doing so!

The interface presented shows a view of hosts available on the network showing, if possible, the operating system they use with a distinct pixmap. The user can select a given host and monitor processes running there, also, new hosts or networks can be added using the menu above the network display.

The mechanics of cheops-ng operation are nothing new:

Simple ICMP "ping" packets are used to initially search a network for hosts that are alive. (ping)

Domain Name Transfers are used to list hosts in a domain

OS detection is done using invalid flags on TCP packets (nmap)

Port detection is done (somewhat) silently using half-open TCP connections in order to avoid unnecessarily starting services or logging on the remote machine.

Mapping is done using UDP (or optionally ICMP) packets with small time-to-live values (traceroute and mtr, respectively)

Cheops-ng does not yet use any command line options.

Virtually everything is configured via the graphical interface. After discovering hosts, right clicking on them will give you a list of possible choices.

~/.gnome/cheops-ng.map Automatically generated per-user configurations file. DO NOT EDIT MANUALLY!

Cheops-ng is beta software, and consequently still has bugs and incomplete features.

If you have a bug report please prepare a message with the following information:

Distribution

version of cheops-ng

detailed description of your problem (something descriptive enough to recreate the problem). This includes the contents of your config.log or output of make when you are trying to compile cheops-ng

Check the forum at sourceforge.net ( http://sourceforge.net/forum/forum.php?forum_id=17325 ) to see if anyone else has had the same problem solved, if not then just post your question so that others can get the benefit of the answer.

If you still have problems you can email Brent Priddy at toopriddy at mailcity dot com

You can also send bug reports to the Debian maintainer of this package using the Debian Bug Tracking System (http://bugs.debian.org/) Suggestions and ideas for improving the software are welcome.

nmap(1)

Additional information at the main site: http://cheops-ng.sourceforge.net (home page) and in the default location for installed documentation in Debian: /usr/shared/doc/cheops-ng/

This manual page was written by Javier Fernandez-Sanguino <jfs@computer.org>, for the Debian GNU/Linux system (but may be used by others). because the original program did not have a manual page.

Cheops-ng has been rewritten by Brent Priddy <toopriddy@mailcity.com> based on Cheops which was originally written by Mark Spencer, and was sponsored greatly by Adtran, Inc.