How To: Turn An Old Laptop Into A Network-Troubleshooting System

But troubleshooting a network when you're not constantly on-site can be difficult, especially when the problems are intermittent (as they frequently are). One alternative is to temporarily connect a machine to the customer's network, then let the machine gather data for a day or two. This often is enough to help you pinpoint the root cause of network issue. This system can also help you taking proactive steps to audit a network for performance and security issues, so these issues can be addressed before they become major problems.

In this Recipe, I'll show you how to build such a network-monitoring system, and without busting your budget. In fact, all you'll need is an old laptop, the FreeBSD operating system, and some open-source software that is included with the FreeBSD package. Your total cost could be as little as a few hours of your time.

Ingredients

Here's a list of the hardware and software you'll need to turn that old laptop into a portable network-troubleshooting system:

id
unit-1659132512259
type
Sponsored post

Hardware: Since you won't be doing any heavy-duty computation, hardware requirements for a laptop-based portable network monitoring station are modest. A good starting point would be a laptop with the following specifications:

The main reason for going with a faster CPU is the ability to use tools with graphical user interfaces (GUIs). Running modern GUIs on slower machines can be frustrating.

More specifically, here's the system I used for this recipe. It's a low-end Dell Latitude CPiA with the following specs as a proof of concept:

By the way, if you don't have an old laptop lying around, try eBay or some other auction or used-equipment site. You should be able to buy a used system with these specs for no more than $150.

Software: We'll use open-source software for this project, so your cost will be zero when you download them. Here are the particulars:

Note: File names and commands are shown in a fixed width font. Installing the OS and Associated Tools

Installing FreeBSD is pretty straightforward and doesn't take long. Rather than rehash this process, I'll refer you to my earlier TechBuilder recipe Build a Mail Server With Commodity Hardware and FreeBSD, Part I. That Recipe covers the installation steps in detail. However, for this Recipe, here are a few important differences you should keep in mind:

During the FreeBSD installation process, you will be asked if you want to browse its software collection. The collection is divided into categories, such as Editors, Net, Net Management, and Security. When prompted to browse the collection, I added several tools that I did not mention in my previous Recipe (cited above). These include:

The next item the FreeBSD installer will present is the option to add a regular user. You should do so, because logging in and running everything as root is generally considered to be bad. Also, running with full administrative rights makes it too easy to damage the system if you mistype a command. That said, to fully utilize programs like Ntop, Ethereal, and Nmap, you need to run them as root. I'll discuss how to do so below.

When creating a regular user, add him or her to the wheel group, so they are able to use the "su" command to temporarily acquire administrative rights. If you're familiar with the Bash shell from using Linux and want to install it on this system, specify it in the "shell" box of the user creation utility as /usr/local/bin/bash.

After the system installer is finished and the PC reboots, login as the regular user, type su, and enter the root password. This will get you the administrative rights needed to install some additional software. Post-Installation Tasks

You will need to install several more tools before you're done. The good news is, FreeBSD makes it easy to install from precompiled binary packages or from source code. The command to install a package is pkg_add. To install from source, we'll use the ports tree and make install clean to fetch, compile, install, and clean up.

A portable network-monitoring and -troubleshooting station will also require a port scanner to examine hosts for network-accessible vulnerabilities. The premier port scanner is Nmap. To add it, type the following:

# pkg_add "r nmap

The "r option tells pkg_add to automatically resolve any software dependencies for you. Nmap can be run from a command line, but there is also a graphical front end available. To get it, type in:

# pkg_add "r nmapfe

Packet sniffers allow you to decode packets and visualize network flows. They are helpful for seeing how different hosts communicate and for spotting hosts which are monopolizing network resources. Ethereal and Ntop are two sniffers I find very useful. To install them, type:

# pkg_add "r ethereal

I had difficulties fetching the Ntop binary package, so I installed it from source using the ports tree. First, find the Ntop directory within the ports tree:

# whereis ntop

which tells you that it's located at /usr/ports/net/ntop. So change to the Ntop directory:

# cd /usr/ports/net/ntop

Then download the source, compile it, and clean up the working directory:

# make install clean

Packages install faster than ports, because they are already compiled for you. On the other hand, programs installed from ports tend to run faster, because they are optimized for your system. Now your system has all the required tools. Next, you need to configure the system so that when you start the GUI, you're in FVWM. First, exit from being root by pressing CTRL-D. If you're not in your regular user's home directory, type in cd to return there. Next, create and open a file named .xinitrc in your editor. Note the leading period in the file name; it's required.

# vi .xinitrc

Then add the following line to the file in lower-case letters:

exec fvwm

Save the file, and exit the editor. To start the GUI, enter startx at your command prompt. FVWM should open with an xterm console window and a bare desktop. Left-clicking on the desktop will pop up a window with several options, including the ability to open more xterms, from which you can run the various utilities discussed in this recipe. To find the path to a program, use the command, for example:

# which ntop

To learn more about what a particular program does and how to employ it, use the manual (or "man") pages. For example:

# man ping

which opens the manual or help page for ping. I've also provided links above to the Web site for the utilities we've installed. Each will provide you with in-depth information on getting the most out of these tools. A Brief Look At The Associated FreeBSD Tools To give you an idea of what these tools look like, I've provided some screen shots. Nmap, as mentioned above, is a port scanner. It can tell you what ports, if any, are open on a network host. Hackers use port scanners to search for vulnerabilities, and so should you. The following figure shows Nmap being run inside an X terminal:


The next figure shows the graphical version, Nmapfe. To run it, first become root and grant root access to the local X display: # su # xhost + # nmapfe

The Ntop and Ethereal protocol analyzers are useful for viewing and analyzing network traffic. This Ntop screen, shown below, shows information (including IP address and bandwidth utilization) about several hosts on the local network and remote hosts to which they're connected. The Ntop analyzer can also present network information in the form of pie charts to help you understand what is happening on your network:

As shown in the next screenshot from Ethereal, the analyzer grabs detailed information about each packet that it sees on the wire, including sequence number, source and destination IP addresses, and protocol. Selecting a specific packet in the top-half of the screen allows you to actually see the contents of the packet in the bottom of the screen (unless, of course, the packet is encrypted):

That's it. You should now have a portable network-monitoring system that can help you diagnose LAN problems and proactively monitor networks for your clients. If your customers are experiencing issues like slow networks, suspect their systems have been breached, or feel vulnerable to security exploits, the tools discussed in this recipe will help you track down and solve their problems.

DAVID MARKOWITZ is a computer network and integration consultant who serves small and medium businesses and home users in and around Philadelphia.