Author: Vivek Rajagopalan

Vivek Rajagopalan is the a lead developer for Trisul Network Analytics. Prior products were Unsniff Network Analyzer and Unbrowse SNMP. Loves working with packets , very high speed networks, and helping track down the bad guys on the internet.

Unbrowse SNMP – Enhanced SNMP Walker available

We just released a new build (R.1.5.1.1239) of Unbrowse SNMP with major updates to the MIB Walker (also known as MIB Browser in other products).

This is a FREE update to all current customers. Please download the latest version from here.

Lets take a quick tour of the new features

walker-context-menu.JPG

1. Enhanced user interface (see above)

To access this functionality : Right click on the tab sheet

If you are dealing with a MIB walk containing, say 100+ tables, clicking the sheet tabs quickly gets cumbersome.(See screenshot above). We added a menu which allows you to quickly navigate to the desired sheet.  The tables are sorted in alphabetical order and even show the number of rows present in the walk. This menu does not appear if there are just a dozen or so tables.

2. SNMPWALK import more tolerant to input formats

This is one of the commonly used features of Unbrowse SNMP. It interprets text dumps from snmpwalk tools like Cisco, Juniper, Net-SNMP into a fully OID-to-name resolved spreadsheet like interface. Saves you tons of time and hair pulling.  See here for more details about this feature.

In this release, we add an option for interpreting any bunch of hex strings as human readable ( See Tools->Customize->Advanced->Tools and check the “SNMPWALK Import : Make Hex Strings human readable” option)

Unbrowse SNMP can also now handle broken lines, inconsistent BITS datatypes, and large files.

3. Option to quickly open the MIB definition of any table

Just right click any sheet and select “Show Definition”.

4. Option to export a selected sheet as HTML or CSV

Right click on any sheet and select “Export as HTML” or “Export as CSV”. This allows you to only export a single sheet in a large MIB walk.

5. Option to export numeric OIDs instead of object names

By default, Unbrowse resolves all OIDs using the MIBs installed. Now you can export a MIB walk and see OIDs instead of names in the HTML output.

 walker-export-oids.JPG

To enable this use Tools->Customize->Advanced-> Scroll down to the Walker group, then check the “Export OIDs instead of names to HTML” option (see screenshot above)

Various other minor bugs reported by users have been fixed in this build.

Download it now from http://www.unleashnetworks.com/unsniff/unsniff.html

Happy MIB Walking 🙂

We wish to thank a very cooperative customer (David Smith) for his help with major parts of this release.

 

Trisul – Packages released for Ubuntu Hardy and Fedora 7

There has been a lot of heavy activity on the open source Trisul Network Metering and Forensics project.

fetch.png

Packages available

We have packages for Ubuntu (i386,32-bit) and Fedora (i386,32-bit) available for download. This is the easiest way to get install and give Trisul a spin.Please download the packages from http://code.google.com/p/trisul/downloads/list

You could be up and running in only 3 steps on Red Hat for example

  1. Download the RPM package from http://code.google.com/p/trisul/downloads/list
  2. As root : rpm -Uvh trisul-x.y.z.rpm
  3. As root : service trisul start

Thats it ! Trisul will now be capturing forensics data from eth0. Statistics and flows are stored in a SQLITE3 database, raw packets are stored in a ring directory. See the installation documentation for more details.
Mailing list support
Any trouble / questions / contributions ? Send email to trisul@googlegroups.com

You can browse the newly setup group at http://groups.google.com/group/trisul/topics

Freshmeat announcement
We are ready for our first public announcement on Freshmeat today. Trisul is stable and usable enough to be of great value immediately.

Winpcap permission issue with Vista

One of the most used features of Unbrowse SNMP is the passive SNMP trap receiver. The trap receiver can listen to SNMP trap activity using any of the following three options.

  • On UDP Port 162 (this is the classic mode)
  • Via Windows Raw Sockets
  • Via Winpcap

When running Unbrowse SNMP on Windows Vista, you may encounter the following message when attempting to listen to SNMP traps using the Winpcap library.

wpcap1.jpg

This message means that Unbrowse SNMP is not able to load the Winpcap driver service using the current users credentials. Unfortunately, running Unbrowse SNMP as administrator does not fix the problem.

The work around is :

  • Open a command prompt as administrator (Start->All Programs->Accessories -> Right click on Command Prompt and Run as administrator)
  • Type “net start npf” This loads the driver used by Winpcap.
  • Exit

Now, Unbrowse SNMP can listen to traps without further issues.

Note : This only needs to be done once after you restart the machine.

Â