Better living through SNMP

I happened across a OSS package called NeDi the other day. In a nutshell, it's a network discovery and management tool. CDP calls coupled with SNMP queries determine the network device paths, node population, MAC tables, etc, bring the network into focus, and the Web front end offers a searchable interface for querying node location, switch/router health, and so forth. The UI is well done, but the CSV-based back

I implemented this on a 75-switch Cisco network, and it's already become indispensable. I thought that it might be nice to integrate NetReg, so I joined them at the hip and NetReg queries are linked to NeDi's node locator, showing the exact switch and port that any given user is presently using. I also linked back, and NeDi queries on MAC/IP addresses can be pulled up in the NetReg UI. Sweet and simple.

I also wrote another module for NeDi that leans on tethereal to provide an "instant-analysis" interface. A pcap filter is passed to tethereal, listening on a SPAN interface. The resulting output is parsed and presented in the browser, along with the current location of the IP. For example, a 30s capture of icmp traffic will show any Nachi-infected hosts due to the high packet count and provide the switch and port that the compromised system is currently utilizing. Handy.

You can grab the NeDi code from the site, and the network monitor code is right here.