netl is a customizable low level network monitor.
netl can be configured to look for particular TCP, UDP or ICMP packets, or can be setup to look for generic IP packets or even raw ethernet frames.
For example, netl's TCP filters allow individual SYNs and ACKs (or any combination of flags) to be logged into syslogd or stdout, or dumped into a file for later perusal. the companion program neta (1) is used to disassemble those packets in a human readable form.
Netl is a network monitoring utility. It still has a few rough edges, but provides functionality which cannot be found in similar programs. If you are running a recent Red Hat Linux, there is a good chance we have binary RPMs which should work on your system. If you are running another dist of Linux, then compiling the source code should be no problem. Provided with the netl dist is a file called INSTALL which provides step by step instructions. Unfortunately, if you are running a different operating system, netl does not yet support it. If you are a decent programmer, then a netl port won't be too difficult. Contact the netl development team if you are interested.
Netl can now run in one of two different modes. Interactive mode requires a special netl user interface. The only UI written for netl at this time is the perl/Tk netl user interface, but others are sure to follow. If you want to play around with the interactive mode, then you will have to install perl/Tk and tknetl.
Daemon mode is the default, and original mode. Using a config file (usually /etc/netl.conf), you can write rules which send packets to syslogd, or get dumped as a file. You don't need to install anything special to use daemon mode.
The latest version of netl is 1.08. For more information on recent advances in the netl source base, consult the HISTORY file.
We have binary versions available for redhat linux in RPM format.
| RPM | netl version | CPU | OS | os version |
|---|---|---|---|---|
| netl-1.08-1.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.1 |
| netl-1.08-1.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.0 |
| netl-1.08-1.alpha.rpm | 1.08 | alpha | Red Hat Linux | 6.0 |
As a prototype to a more perminent Gtk+ interface for netl, I have been working on a perl/Tk interface. If you download the source, the Tk interface can be built from face/perlTk in the netl dist. You will need Perl/Tk 8 or better. If compiling perl/Tk and the netl perl/Tk interface sounds like a hassle, considering grabbing one of the binaries:
| RPM | netl version | CPU | OS | os version |
|---|---|---|---|---|
| tknetl-1.08-1.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.1 |
| tknetl-1.08-1.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.0 |
| tknetl-1.08-1.alpha.rpm | 1.08 | alpha | Red Hat Linux | 6.0 |
You will also need perl/Tk, and since Red Hat 6.0 doesn't come with that, I have also provided that in binary form:
| RPM | netl version | CPU | OS | os version |
|---|---|---|---|---|
| perl-Tk-800.014.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.1 |
| perl-Tk-800.014.i386.rpm | 1.08 | i386 | Red Hat Linux | 6.0 |
| perl-Tk-800.014.alpha.rpm | 1.08 | alpha | Red Hat Linux | 6.0 |
You can also, optionally install perl/Tk yourself (you may have to provide rpm the `--nodep' option when installing tknetl, if it gives you problems). perl/Tk is available at your local CPAN mirror. See www.perl.com for more details.
We keep a limited number of older versions of netl available.
It's best to start out with the main daemon netl(8), unless you haven't managed to install netl yet, in which case it's best to start with the install guide. The newest, and most exciting new features for netl are the new netl modules and netl compiler. Modules are considered stable, in fact netl 1.02 and later are module based. The compiler is experimental, but useable.
You can contact the netl team at netl@netl.org.
1999 CORE software international