Turn an Old Laptop Into a Portable Network-Troubleshooting System

    Many system builders find themselves doing double-duty as network administrators for their customers. Even if the system builder isn't formally the admin, they're often the person who installed and set up the network. So it's only natural that the customer relies on them when the network experiences problems.

But troubleshooting a network when you're not constantly on-site can be difficult, especially when the problems are intermittent (as they frequently are). One alternative is to temporarily connect a machine to the customer's network, then let the machine gather data for a day or two. This often is enough to help you pinpoint the root cause of network issue. This system can also help you taking proactive steps to audit a network for performance and security issues, so these issues can be addressed before they become major problems.

In this Recipe, I'll show you how to build such a network-monitoring system, and without busting your budget. In fact, all you'll need is an old laptop, the FreeBSD operating system, and some open-source software that is included with the FreeBSD package. Your total cost could be as little as a few hours of your time.

Ingredients

Here's a list of the hardware and software you'll need to turn that old laptop into a portable network-troubleshooting system:

Hardware: Since you won't be doing any heavy-duty computation, hardware requirements for a laptop-based portable network monitoring station are modest. A good starting point would be a laptop with the following specifications:

    * 500 MHz Pentium III CPU
    * 256 MB of RAM
    * 10-GB hard drive
    * DVD-ROM drive
    * 10/100/1000BaseT Ethernet card

The main reason for going with a faster CPU is the ability to use tools with graphical user interfaces (GUIs). Running modern GUIs on slower machines can be frustrating.

More specifically, here's the system I used for this recipe. It's a low-end Dell Latitude CPiA with the following specs as a proof of concept:

    * 366 MHz Pentium II CPU
    * 128 MB of RAM
    * 5.5 GB hard disk
    * CD-ROM drive
    * 10/100BaseT Ethernet card

By the way, if you don't have an old laptop lying around, try eBay or some other auction or used-equipment site. You should be able to buy a used system with these specs for no more than $150.

Software: We'll use open-source software for this project, so your cost will be zero when you download them. Here are the particulars:

    * FreeBSD: This freeware OS runs well on older hardware, is secure, and supports the tools we'll be using in this Recipe. Further, instead of having to hunt down applications all over the Internet, you'll be able to install all of them as part of the FreeBSD packages system.

      In fact, all the software applications I discuss in this Recipe can be installed through the FreeBSD ports/packages system as detailed in the article itself. I provide links to their respective Web sites directly below, because the sites provide more in-depth documentation about them than can be obtained from the FreeBSD.org site.

    * Ethereal: Known as a protocol analyzer, this software is basically a packet sniffer. It allows you to look at and analyze all the packets going across a network segment.

    * Ntop: Here's another packet sniffer, this time with the valuable ability to display output in tables and graphs in browser-friendly HTML format. I'll go into more detail on both the Ethereal and Ntop sniffers later in this Recipe.

    * Netcat: This tool lets you use network sockets from a command line. It's installed by default and called "nc" by FreeBSD. You can use Netcat to see if a host is accepting connections on a particular TCP port. For example, "nc 80" will let you know if the host is accepting connections on port 80.

    * Nmap: This is a port-scanning utility. It lets you identify hosts on a network and determine on which ports they are listening.

    * Ping and Traceroute: These two utilities can help you verify network connectivity, latency, and routes. Like the other tools in this list, both Ping and Traceroute are installed by default.

    * Smbclient: This is the client part of the Samba suite. It lets you to access Windows network shares from a UNIX-type OS.

    * SSH and telnet: These two utilities allow you to access network devices via the command line. Both clients are installed by default. The SSH server facilitates remotely logging into your system so you can check on tests while they're in progress.

    Installing the OS and Associated Tools

Installing FreeBSD is pretty straightforward and doesn't take long. Rather than rehash this process, I'll refer you to my earlier TechBuilder recipe Build a Mail Server With Commodity Hardware and FreeBSD, Part I. That Recipe covers the installation steps in detail. However, for this Recipe, here are a few important differences you should keep in mind:

    * When choosing software distributions, select a Custom install and include base, kernels, man, ports, and X.org.

    * When configuring network settings, you can set up the machine as a DHCP client or with a static IP. Also, you don't need to run inetd; nor should you activate anonymous FTP, or NFS server or client.

    * I do recommend enabling SSH logons from the network. That way, you can remotely access the box when it's deployed on a client's LAN.

    * You don't need to set up an SMTP daemon.

    * You do want to install X.org and a window manager, so you will have a GUI.

    * If your disk is small, omit Linux compatibility to save space.

During the FreeBSD installation process, you will be asked if you want to browse its software collection. The collection is divided into categories, such as Editors, Net, Net Management, and Security. When prompted to browse the collection, I added several tools that I did not mention in my previous Recipe (cited above). These include:

    * Editors: Vim (or your preferred text editor). Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most Linux systems.
    * Net: samba: Samba allows you to browse and access Windows CIFS shares.
    * Net management: Net-snmp is used by the Ethereal packet sniffer, which I'll show you how to install later in this article.
    * Security: Freebsd-update facilitates installing patches. Portaudit examines the ports tree for security vulnerabilities. Sudo allows you to enable specified users to run applications as root.
    * Shells: Bash (short for Bourne Again SHell) is a user-friendly shell, one I find easier to use than the default tcsh. Most Linux distributions use Bash as their default shell, so you may already be familiar with it.
    * Sysutils: Portupgrade is a feature-rich port designed to help you get the most out of the ports collection.
    * Web: Firefox provides a graphical Web browser, and links 2.1 gives you one that you can use from the console.
    * x11-wm: FVWM-2 is a lightweight window manager that works with X.org to provide the system with a graphical user interface. The GUI is optional, but it lets you have multiple terminals open simultaneously, all running different tools.
 

The next item the FreeBSD installer will present is the option to add a regular user. You should do so, because logging in and running everything as root is generally considered to be bad. Also, running with full administrative rights makes it too easy to damage the system if you mistype a command. That said, to fully utilize programs like Ntop, Ethereal, and Nmap, you need to run them as root. I'll discuss how to do so below.

When creating a regular user, add him or her to the wheel group, so they are able to use the "su" command to temporarily acquire administrative rights. If you're familiar with the Bash shell from using Linux and want to install it on this system, specify it in the "shell" box of the user creation utility as /usr/local/bin/bash.

After the system installer is finished and the PC reboots, login as the regular user, type su, and enter the root password. This will get you the administrative rights needed to install some additional software.

Post-Installation Tasks

You will need to install several more tools before you're done. The good news is, FreeBSD makes it easy to install from precompiled binary packages or from source code. The command to install a package is pkg_add. To install from source, we'll use the ports tree and make install clean to fetch, compile, install, and clean up.

A portable network-monitoring and -troubleshooting station will also require a port scanner to examine hosts for network-accessible vulnerabilities. The premier port scanner is Nmap. To add it, type the following:

# pkg_add "r nmap

The "r option tells pkg_add to automatically resolve any software dependencies for you. Nmap can be run from a command line, but there is also a graphical front end available. To get it, type in:

# pkg_add "r nmapfe

Packet sniffers allow you to decode packets and visualize network flows. They are helpful for seeing how different hosts communicate and for spotting hosts which are monopolizing network resources. Ethereal and Ntop are two sniffers I find very useful. To install them, type:

# pkg_add "r ethereal

I had difficulties fetching the Ntop binary package, so I installed it from source using the ports tree. First, find the Ntop directory within the ports tree:

# whereis ntop

which tells you that it's located at /usr/ports/net/ntop. So change to the Ntop directory:

# cd /usr/ports/net/ntop

Then download the source, compile it, and clean up the working directory:

# make install clean

Packages install faster than ports, because they are already compiled for you. On the other hand, programs installed from ports tend to run faster, because they are optimized for your system. Now your system has all the required tools. Next, you need to configure the system so that when you start the GUI, you're in FVWM. First, exit from being root by pressing CTRL-D. If you're not in your regular user's home directory, type in cd to return there. Next, create and open a file named .xinitrc in your editor. Note the leading period in the file name; it's required.

# vi .xinitrc

Then add the following line to the file in lower-case letters:

exec fvwm

Save the file, and exit the editor. To start the GUI, enter startx at your command prompt. FVWM should open with an xterm console window and a bare desktop. Left-clicking on the desktop will pop up a window with several options, including the ability to open more xterms, from which you can run the various utilities discussed in this recipe. To find the path to a program, use the command, for example:

# which ntop

To learn more about what a particular program does and how to employ it, use the manual (or "man") pages. For example:

# man ping

which opens the manual or help page for ping. I've also provided links above to the Web site for the utilities we've installed. Each will provide you with in-depth information on getting the most out of these tools. A Brief Look At The Associated FreeBSD Tools To give you an idea of what these tools look like, I've provided some screen shots. Nmap, as mentioned above, is a port scanner. It can tell you what ports, if any, are open on a network host. Hackers use port scanners to search for vulnerabilities, and so should you. The following figure shows Nmap being run inside an X terminal:
The next figure shows the graphical version, Nmapfe. To run it, first become root and grant root access to the local X display:

# su
# xhost +
# nmapfe


The Ntop and Ethereal protocol analyzers are useful for viewing and analyzing network traffic. This Ntop screen, shown below, shows information (including IP address and bandwidth utilization) about several hosts on the local network and remote hosts to which they're connected. The Ntop analyzer can also present network information in the form of pie charts to help you understand what is happening on your network:


As shown in the next screenshot from Ethereal, the analyzer grabs detailed information about each packet that it sees on the wire, including sequence number, source and destination IP addresses, and protocol. Selecting a specific packet in the top-half of the screen allows you to actually see the contents of the packet in the bottom of the screen (unless, of course, the packet is encrypted):


That's it. You should now have a portable network-monitoring system that can help you diagnose LAN problems and proactively monitor networks for your clients. If your customers are experiencing issues like slow networks, suspect their systems have been breached, or feel vulnerable to security exploits, the tools discussed in this recipe will help you track down and solve their problems.