Simple LAN Monitor 1.0

Description
===========
SLAM (Simple LAN Monitor), is a software program that enables you to look at
the LAN load.
In it's present form, it's delivered with:

- a sniff server listening for LAN traffic
- a sniff client/TCP server with a JAVA applet client
- a sniffclient/MRTG "plug-in" client for long-term stats generation.

At the server side, it has 2 executable bynaries. They only run on UNIX systems.
The software itself was developed and tested with:
- Debian 2.2r2 with a 2.4.13 Linux kernel  
- Debian 2.2r2 with a 2.4.12 Linux kernel 
- RedHat 6.1   with a 2.2.11 Linux kernel

Altough efforts were made to make it portable, it is probable it will need some
tweaking in another UNIX variants. It *should* compile in a UNIX version that
supports gcc and libpcap.

The JAVA cliente was developed with Visual Studio, and tested with:

- IE 6.0 and Windows 2000 Workstation SP2;
- IE 5.0 and Windows 2000 Workstation;
- IE 4.0 and NT 4.0 Workstation;
- JDK's 1.3 virtual machine under Windows 2000 Workstation. 

This software was developed by Rui Fernando Ferreira Ribeiro (
ruiribeiro@users.sourceforge.net), and Jose Caetano Alves da Costa e 
Silva (jcaetano@users.sourceforge.net). It was developed for a software 
competition promoted by recortes.org.


Utilization
===========

You must execute:

. server side:

#/usr/local/sbin/slmstart.sh

you must open, under Netscape or IE:
http://endereco_de_servidor/slm

If all goes well, you should visualize a rectangle with a graphic depicting the
LAN traffic usage.


MRTG plug-in

In order do install the MRTG plug-in, you don't need the sniffclient program.
In despite of it, sniffclient and sniffmrtg can happily coexist, and the same
server can provide both long-term statitics with MRTG, or statistics through
the sniffclient+the client (JAVA applet).

To be able to integrate MRTG and sniffclient, you must substitute the MRTG 
default config file with the one delivered with SLM, or, if you already have
MRTG working in the same machine as sniffserver, you should take out the workdir
of our mrtg.conf, and append the remaining lines to your mrtg.conf file.


Inner workings (technical details)
==================================

The inner workings are the following:
- the sniffing programming is listening for the net packets. It only
collects the packet headers, in order to minimize the server load.

Analizing the packet data, it computes the real size of the packets
travelling in the LAN, and add the value to a variable.

This same variable is a pointer to a shared memory area.
This program only does this tasks, to spend as few CPU cycles as possible.
This strategy allows it to keep up with 100Mbps traffic loads while running
in slow processors.

- the sniffing client (server side), reads and makes calculations with the
same value kept in the shared memory aforementioned. The core of this
program, is no more than a TCP server that waits patiently for TCP
connection requests (by default in the 5000 TCP port).
Receiving a request in this TCP port, it returns a string in the format
"xxx.xx\n", where the x is a number between 0 and 9 (it doesn't return the
"""). This value represent the LAN utilization, with kbps (kilobits per
second), as the unity chosen.

In this programm, a UNIX alarm is called periodically in an assincronous
way. This routine reads the data in the shared memory, and computes the
current collision segment speed where it's located.

- The MRTG plug-in reads the data as the sniffer daemon has it, and returns
it in a format acceptable for MRTG input. 

- the JAVA client (the applets), connect to the address and server port(s).
These values are keep as arguments in a HTML file, and thus easily
customized. The JAVA client gets through TCP the current LAN utilization,
and shows it has a graffic on the screen. It resizes the axis and values
according to the received values.

