My network map, thought I'd share

Started by jmurray, March 25, 2013, 11:21:21 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

jmurray

Hey guys, my first post here.

I'm a database/applications/developer guy where I work and my network technicians weren't interested in taking the time to diagram the network in a program or network management system that could continuously ping nodes to check for uptime. Being that my programs are very dependent on network connectivity I started looking for a program that could log the network latency and lost packets. I found a few free ones but they were relatively outdated and no longer supported. So I made one in visio. Eventually, it will be to terrorize our vendor and network guys with how latent our radio towers are as well as how many dropped packets occur in a day.

Q. How do I edit the map?

A. Drop any shape on the page and add the devices IP to the custom property of "IP Address". It will automatically find that shape on the page (while the macro is running) and if it does not respond within the threshold (defined in the textbox) it will be painted red or white.

Q. Do lines and connectors matter?

A. Nope, lines are just cosmetic.

Q. How do I run the macro?

A. Haven't figured out how to add a activex button to run the runloop macro just yet. If anyone has a solution, let me know. Run it manually from the macros menu or in the vba editor.

Q. How do I stop the macro?


A. CTRL + Pause/Break. It uses a DoWhile/DoEvents to keep the macro from locking the application while running indefinitely.

Q. How often does it query a node?

A. When I start having it write to sql I believe I will have a better idea of how often or quick it probes nodes. It uses Winsock as opposed to ping/shell that most people use in VBA so it can probe very quickly. I believe sometimes it is updating the graph slower than it its pinging the nodes. I would estimate its probing each node about 5-15 times a second.

Updates:

I'm going to add code shortly so that it writes to SQL the traffic and add a real time chart that will show a heart beat monitor.

Any suggestions are welcome.

aledlund

As an fyi (having spent many years supporting networks), if I found an app running on my network attempting to ping "each node about 5-15 times a second" I'd have a very long discussion with the management of who ever was hosting it. I've been in accounts where the next instruction would be to "update your resume"....
Any rate more than once every couple of seconds (minutes) is a waste of bandwidth and can create some really ugly network degradation.

al

jmurray

Well telling me that you'd fire me for monitoring network connectivity is a bit harsh. LOL.

Anyways, the minimum ICMP packet size is fairly small even with headers and all. Hell, with all the Vlans and VOIP traffic we have more ARP traffic than this program would ever create. Don't get me started on the traffic they allow on the network.

However, I'll write your suggestion down of "Max interval" as a necessity addition.


AndyW

How about this, with button to start/stop scanning. Also delay between scans.
Live life with an open mind

aledlund

#4
What you might be missing is that flooding a network with ICMP messages is exactly what a 'denial of service' attack does. Even a reasonably good network support team (assumes that network security is a part of networking, although it might not be) would be monitoring for it. The caution is to not be insensitive to the impact of excessive queries and be perceived as one of the bad guys. Where I applaud the desire to track errors and latency, you should share at least with your manager what you're doing.
hth,
al
ps this is the demo I put together for a similar set of issues
https://visracksysmgmt.codeplex.com/documentation



jmurray

Quote from: aledlund on March 26, 2013, 11:33:02 AM
What you might be missing is that flooding a network with ICMP messages is exactly what a 'denial of service' attack does. Even a reasonably good network support team (assumes that network security is a part of networking, although it might not be) would be monitoring for it. The caution is to not be insensitive to the impact of excessive queries and be perceived as one of the bad guys.

Yes, I am aware of a DOS attack.

While I'm not responsible for "networking". I'm the only one that can pinpoint broadcast storms and spot our techs ghosting on the network in multicast mode. Previously, before I came to this job they went room to room checking every port. Wireshark that crap and you can find the PC/Phone in loopback and with a proper naming convention on the PC or phone, find the room in seconds. Don't get me started on that either :)

I work in a part of the public sector which isn't funded very well. Our top IT guys make 32-49k a year. I'm on the higher end but its dreadfully obvious that the staff is overwhelmed and unskilled. Many of the guys are literally the public sectors failures and some of us are burdened with all the work.

The only person I have to worry about "alarming" is myself. I assume if you are looking for such a visio map, you may be as well.

I will definitely add a "maximum interval" setting as for most people they need to see if a site is down. I personally am looking at more than just if the site is down (and out). I want to see every "Blip" in the network in a large quantity so that when I take the data to our vendor that supplies the equipment for the radios and towers I can show them out of 1,000,000 requests; 87,000 weren't returned at all and 160,000 weren't returned in under 5000ms.

If you run the macro on your network for a brief period of time (granted you are the network admin) with your node values, do you see christmas lights? I do. We drop alot of packets. Its pathetic.

Last year, I went from site to site performing tests with wireshark and analyzing the data and found the technicians run amok at the sites. They multicast video because unicast is too difficult to set up. They constantly have switches in loops throwing arp requests. Its painful.

So, yeah, I probably should clarify that I'm also getting heat from our IT director telling me to "Make shit work" so our users at the very end of our star topology can access resources at the main office without getting disconnects and latency and I'm telling him that he needs a dedicated network admin and he can't toss the responsibility on various people in office and its going to be a cohesive strong solution.

Here I am... Implementing a data warehouse, managing 14 applicationsk, and the ETL processes that keep it all running, writing reports and metrics, doing RFP's, documenting this shit and still have to hand hold the few people I have on day to day (follow the fucking calendar I made you) processes that keep this place from burning to the ground.

Al, give me a break if you don't agree with my methods :) Hehe

aledlund

Just tryin' to help, some folks coming in to do this don't realize that it can be a loaded gun.
Your correct in that I was in a job that also was woefully underfunded and had to build my own for self protection,
good luck,
al