Centre closure

As part of a broader organisational restructure, data networking research at Swinburne University of Technology has moved from the Centre for Advanced Internet Architecture (CAIA) to the Internet For Things (I4T) Research Lab.

Although CAIA no longer exists, this website reflects CAIA's activities and outputs between March 2002 and February 2017, and is being maintained as a service to the broader data networking research community.

Greynets Toolkit Documentation

Version 0.5.8

Viewing Statistics

There are a few ways to read data from the greynets system. The most basic is to look at the values in the web interface on the 'Greynet Hosts' page, which reflect the contents of files on disk. The standard way is via SNMP, which can be queried by a myriad of software packages. The final approach is to use CAIA's L3DGEWorld environment to visualise Greynet activity.

Reading basic data from files

Measurements for 'packets per second' and 'bytes per second' are available in individual files for each Greynet host and are updated once every second, reporting the average value over the last five seconds. The /var/stats directory contains a directory for every vlan, and inside that, files of the format x.x.x.x-PPS and x.x.x.x-BPS where x.x.x.x is the IP address of the Greynet host. The values listed in the Web GUI are read from these files.

Accessing statistics via SNMP

Only simple measurements of packets per second and bytes per second are currently visible on a per host basis in the Web GUI. To view the full range of statistics provided by the greynet toolkit, the Greynet system must be queried with SNMP. A range of open source and commercial tools are available which can query the Greynets with this method.

Viewing statistics with iReasoning's MIB browser

  1. Download the and run the free iReasoning MIB Browser Personal Edition The software runs on any platform and the free Personal edition supports the basic features needed to look at the output from Greynets.
  2. Download the MIB (Right click - Save Target As)
  3. In the MIB brower open the File menu and select Load MIBs. Open the file you have just saved.
  4. Enter the IP address of the Greynets management interface in the address box in the top left corner. (You don't need to press 'Go', just read on.)
  5. Expand the CAIA-GREYNET tree and right click on greynetHostTable and select Table View in order to view statistics for individual greynet hosts.
  6. Doing the same actions for greynetTable will show aggregate data for whole Greynets
  7. Hit the refresh button at the top of either table to get an update from the Greynets system.

Note: The Web GUI displays PPS (floating point) but since SNMP is limited integer numbers, it has been decided to export packets per minute for higher precision.

Visualising Greynets in L3DGEWorld

L3DGEWorld is a data visualisation utility based on Open Arena, a GPL'd game that makes use of the Quake III Arena (Q3A) game engine. It was designed to be a network monitoring and control application.Using L3DGEworld will enable you to get an indication of the Greynet activity with a single glance.

For the sake of simplicity, we will use a package of L3dgeworld called LCMON that was created to monitor the Swinburne Supercomputer. (We will use this package because it contains a map that has a suitable layout).

Steps to setup L3DGEWorld Visualisation:

  • Configure a Greynet and some hosts. If you are just experimenting, click the 'Add demo greynet' link on the 'Greynets' configuration page to add a demo Greynet on VLAN 2341 with 15 hosts.
  • Download LCMON package and extract on a machine that has 3D graphics capabilities and is reachable from the Greynet management interface.
  • Save l3dgehosts.conf in the lcmon_1.1/lcmon/ directory. This file is used to identify L3DGEWorld hosts by IP addresses.
  • Save visualise_greynets.sh in the lcmon_1.1 directory if using Linux/FreeBSD for your L3dgeworld machine. If running Windows, save visualise_greynets.bat to your lcmon_1.1 directory.
  • Add the IP address of the Greynets management interface to the '/lcmon_1.1/lcmon/allowedinput.conf' file. This file must be saved with Unix style new line characters, therefore it is recommended that this file is edited on a Unix system.
  • Go to the 'General Setup' page and enter the IP address of the machine you have installed L3DGEWorld on then proceed to apply the configuration.
  • Run the visualise_greynets.sh script - L3DGEWorld should open and you should be able to walk around the virtual world.
  • Send some traffic to your greynet. If you are using the demo greynet, you will need to send traffic on VLAN 2341. This script can be used on another FreeBSD machine to configure the correct VLAN interface and continuously ping greynet hosts. (You will need to ensure no firewall is blocking traffic either on this host or between this host and the Greynets system.)

Each Greynet host is represented by a yellow star. The rate at which the star spins indicates the rate at which packets are being sent to that host. The size of the star indicates the number of attackers (hosts sending traffic to this Greynet host). When in the close vincinity of the the stars, they show a few details of the host. Clicking on the host will bring up a window showing ports that have been targetted in the last 30 seconds.

You may also consider making your own maps and models for L3DGEWorld, in order to display Greynet hosts in a way that best meets your needs.



© Swinburne | CRICOS number 00111D | Contact Us | Copyright and disclaimer | Privacy; | Feedback | Accessibility Information | - Smaller Font | + Larger Font
Last Updated: Monday 8-Dec-2008 14:44:12 AEDT | Maintained by: Amiel Heyde (amiel@swin.edu.au) | Authorised by: Grenville Armitage (garmitage@swin.edu.au)