Netquery, the complete PHP/SQL toolkit of network information utilities, includes the following major features:
Netquery is fully configurable. The administrator can enable or disable each feature individually and can select local execution and/or a remote server script for the ping and traceroute features. The administrator can also edit all of the data tables used by the whois, port services and looking glass features and can allow site users to submit port services and exploits information for acceptance. GeoIP and port services data can be updated independently of the module core.
A standlone edition and three CMS module editions of Netquery are available for download from the home site or from their respective CMS development project sites. Live test installations and user-to-user discussion and help forums are also available on line as follows:
(1) Windows downloads of .tar.gz files may get renamed with .tar.tar extensions. The downloaded file itself will be okay; it just needs to be renamed back to tar.gz at your end. (This happens because Apache servers flag ALL files ending in .tar, .tgz and .tar.gz as mime type "application/x-tar" and Windows thinks they should be renamed accordingly. One of those cases where two wrongs definitely do not make a right.)
(2) Only the Netquery standalone download contains basic administrator login authentication of its own. (The CMS editions rely upon module security provided by the CMS.) If you want to control user access for the standalone edition, authentication add-ons are readily available from open source PHP script sites, including HotScripts and the PHP Resource Index.
Netquery has been designed and developed with site administrators, hosting service providers and other technically inclined users clearly in mind. In particular, every effort has been made to keep administrative tasks such as module installation and configuration as easy and intuitive as possible taking into account the wide range of hosted sites and dedicated server environments in which it may be used.
Netquery can certainly provide site administrators and technicians with readily available and highly useful information about their ISP performance and their Internet environment generally. But it's not just for "network nerds". Ordinary users of your web site can also benefit from access to Netquery's functions and features. In particular, perhaps, the ability to view their own Internet connection from the downstream ("outside-in") direction is especially useful to your end users as that is the routing they depend on most.
Have you ever wondered who owns that disturbing web site that your child stumbled upon while browsing, and would you like to have some accurate contact information to complain about its lack of COPA protections? Want to know if an email address is valid? Or maybe you've joined the rapidly growing world of "always connected" Internet access and are concerned about whether your newly bought "firewall" software really has closed all of the entry ports to your system. Perhaps you're an ardent gamer who worries about "lag times" and would like to know where those game-losing extra milliseconds are coming from. Netquery can answer all those questions and more. Read on.
Getting started with Netquery is about as easy as anything could possibly be. Just install it and take a quick look at its pre-set admin options to see if you want to change any of them. Depending on which package you downloaded, options will be pre-configured for UNIX/Linux systems (the .tar.gz download) or for Microsoft Windows systems (the .zip download). Of course, either package can be reconfigured to suit your needs and preferences.
The following table summarizes the set-up steps and all available administrative options.
| Netquery Administration | |
|---|---|
| Installation of the Standalone Edition | |
| 1. Unzip and Edit | Unzip the download and edit nqconfig.php to specify parameters for your SQL database. All packages include two image sets (blue and grey) of query selector buttons and two CSS stylesheet layouts (vertical and horizontal) to overwrite the netquery.css file, or "roll your own" |
| 2. Upload and Start | Upload all Netquery files and subfolders to your web site and browse to netquery/index.php. |
| 3. Remove Set-Up File | Run the automatic setup process, remove the nqsetup.php file and go to the main nquser.php page. |
| 4. Choose Your Options | From Netquery's admin menu, select and configure options you want to make available. If you wish to use the optional ports services and exploits data, be sure to select the "Install Data" option for that feature and follow the on-screen instructions. |
| Installation of Content Management System (CMS) Editions | |
| 1. Unzip and Copy | Copy the unzipped download into your CMS modules folder as Netquery sub-folder. All packages include two image sets (blue and grey) of query selector buttons and two CSS stylesheet layouts (vertical and horizontal) to overwrite the netquery.css file, or "roll your own" |
| 2. Install and Activate | From the CMS's admin menu, install and activate the new Netquery module as usual. Access monitoring and/or logging requires loading and activation of at least one CMS block. |
| 3. Choose Your Options | From Netquery's admin menu, select and configure options you want to make available. If you wish to use the optional ports services and exploits data, be sure to select the "Install Data" option for that feature and follow the on-screen instructions. |
| Netquery Options Configuration | |
| Main User Interface | Select the stylesheet, the default query type for startup and interface options to display monitor status, client info and/or query execution times. |
| Netquery Access Monitor | Options for user access screening and logging and for the geoIP and "top countries" addon option. Only blocked spambot access attempts are logged unless the Log All Access option is checked. |
| Enable Whois Search | Whois domain name lookups up to specified maximum simultaneous entries. |
| Enable Whois IP Search | Whois lookups for IP addresses using IANA's query server. |
| Enable DNS Lookup | Domain name service forward and reverse lookups. |
| Enable Dig or NSLookup | DNS queries using the OS lookup function. (Executable entry may include full path.) |
| Enable Email Check | Checks email address for valid format and (if *nix dig or Win nslookup) DNS MX records. |
| Enable Port Check | Display port services, exploits and (optionally) host port status. |
| Enable HTTP Request | Shows server response to HTTP requests for specified object URL. |
| Enable Local ICMP Ping | Ping is limited to a maximum of 10 counts. (Executable entry may include full path.) |
| Enable Remote ICMP Ping | Ping count is determined by remote script. (Remote script url?param=target) |
| Enable Local Traceroute | Traceroute from your server to specified target. (Executable entry may include full path.) |
| Enable Remote Traceroute | Traceroute from remote server to specified target. (Remote script url?param=target) |
| Enable Looking Glass | Interrogates looking glass routers using IPv4 and IPv6 daemons. |
| Edit Whois Server/TLD Links | |
| Edit | This option for each listed whois server-TLD pair allows you to edit that "linkage". |
| Delete | This option for each listed whois server-TLD pair allows you to remove that "linkage". |
| Add New | This option allows you to add a new whois server-TLD pair. |
| Edit Port Services/Exploits | |
| Edit | This option for each listed port service allows you to edit its protocol and service notes. |
| Delete | This option for each listed port service allows you to remove that port service. |
| Add New | This option allows you to add a new port service and lookup information. |
| Edit Service/Exploit Flags | |
| Edit | This option for each listed flag allows you to edit its display keyword and search URL. |
| Delete | This option for each listed flag allows you to remove that flag. (Flag 99 reserved.) |
| Add New | This option allows you to add a new flag for classifying port services/exploits. |
| Edit Looking Glass Routers | |
| Edit | This option for each listed looking glass router allows you to edit its settings. |
| Delete | This option for each listed looking glass router allows you to remove that router. |
| Add New | This option allows you to add a new looking glass router. |
| Manage Access Log | |
| Show | Display the complete logged data for the entry. (Mouseover key for brief info.) |
| Whois IP | Display Whois lookup information (ARIN, RIPE, etc) for the IP address. |
| Delete | Delete the selected entry or entries. (Auto-deletion occurs after specified interval.) |
| Important Notes | |
|
- Access monitoring, screening and logging for CMS editions requires loading and activation of at least one of
Netquery's CMS block types. - Netquery's local ping and traceroute options and the use of Windows nslookup for email validation require read/execute permission for your server OS executables. - The ports data table is not installed automatically. Select the "Install Data" options as indicated. - Port services flag #99 is reserved for user submissions pending admin reflagging. - Looking glass default settings, except disabled items, may be overridden by individual router settings. - Individual looking glass daemon port passwords take precedence over the default user password. |
|
In many cases, unless you need to use other external scripts or have special path requirements, you won't need to change any configuration settings. However, unless you run your own web server and can set permissions on its system executables, you will probably need to disable the local execution ping and traceroute features and not enable Windows nslookup for email checking. Very few hosting services allow the read/execute permissions required for those local functions. A listing of alternative server scripts for use with the external traceroute and ping features can be found at Traceroute.org
In Netquery's administrator interface for Whois TLD-Server links, if the server entry is left blank when adding or editing items, Netquery will try autodiscovery using whois-servers.net data. Autodiscovery is NOT available for compound domain extensions (such as .co.uk) for which the server name must be entered manually based on that found for the top level domain (TLD).
When Netquery is initially installed, its whois and looking glass data tables contain only a few commonly used examples. To assist with populating your whois data table, you can look for TLD server information at Internic which contains the integrated database of all the global top level domains. You may also wish to refer to the IANA list of country registrars. To assist with populating the looking glass data table you can find lists of routers at Nanog.org and at Bgp4.net.
In setting the maximum allowed number of simultaneous whois lookup entries, administrators should be aware that whois server operators may set their own limits. If a whois server limit is execeeded, your system IP may automatically be "blocked" and no longer be able to obtain whois results from that server until the blockage expires or is removed by the server operator.
All user submissions of new port services/exploits are initially classified with flag #99 and are NOT displayed in the listing for any port. Initally, until accepted and reflagged by the administrator, they may be accessed ONLY via the [Allow User Submissions ~ ## New for Reflagging] item on the main Netquery admin panel. For comparison and variants checking, a popup list of other entries for the same port is available while reflagging and editing new submissions.
Because Netquery's looking glass configuration provides both default and individual router settings it is important to understand their order of operational precedence. For entered items (username, password, daemon port, daemon password) individual daemon passwords take precedence over the user password and individual router entries take precedence over the default configuration entries. (For example, leaving a router's "bgpd port" entry blank (or set to zero) means that the default "bgpd port" entry will be used.) For enabled/disabled items, disabling the main configuration item disables it for all routers. (For example, if "Use bgpd" has been enabled (checked) in the main configuration for looking glass, it can be disabled for an individual router, but NOT vice versa.)
It is beyond this manual's scope to provide a complete background course on the Internet itself and on the entire range of issues involved in examining various aspects of its complex structure, topology and day-to-day operations. Instead, we'll focus here on actual usage and application of Netquery's network info tools and we'll include a few useful links to other documentation for those who might like to pursue some of the underlying issues in greater depth. Let it suffice to say that the better one understands those issues and their impacts on both service providers and end users, the more useful Netquery becomes.
All domain names on the Internet are registered with "domain name registrars". Domain name registrars are entities which have been allocated the authority to register names for a specific subset of domain names. Most Domain name registrars provide a "whois" function, where you can ask "whois domain.name" and they will tell you who has registered that domain name.
Netquery's whois lookup feature provides to the user the same information that has been provided by the owner of the site domain in question to the top level domain (TLD) registrar. To use it, simply enter the name of the site domain (without any "www." or other prefix) and select the TLD (e.g., ".com") from the available drop-down listing.
The allowed maximum number of simultaneous lookup entries and the drop-down TLD listing is fully under the control of the Netquery administrator who may add, delete and change entries to suit his/her web site's purposes and its users. If the TLD you're looking for is not available in the drop-down listing, you can ask the administrator to add it if an associated whois server is available.
More info: ICANN
This Netquery feature provides owner-registrar information on a particular IP address, useful when you do not have the domain information needed to use the Whois Lookup feature described above.
More info: ARIN
DNS stands for Domain Name System. This system is used to associate a domain name (e.g. www.mydomainname.com) with one or multiple IP addresses. Now, an IP (Internet Protocol) address is like a phone number to a computer. Every computer has one but just like a phone number, sometimes an IP address can be hard to remember. This is why there is DNS. Instead of having to remember, 216.226.138.60 we only have to remember www.simplehost.com.
The domain registrar from whom a domain name is purchased will assign two IP addresses to that domain name. These IP addresses are the primary and secondary name servers which are responsible for propagating, on the Internet, that domain name and its associated IP address.
Netquery can provide users with both forward and reverse DNS resolutions. If the user enters a domain name, it will be resolved to its IP address. If the user enters an IP address, it will be resolved to its domain name, if one has been allocated and propagated for that IP address.
More info: phpweb simplehost tutor
Netquery's Dig tool is available only on web sites that run on UNIX/Linux servers. Microsoft Windows servers do not support this feature. Where available, it provides essentially the same functionality as the DNS lookup feature, but uses the UNIX/Linux command set to execute the actual function.
This allows site administrators and users to check the validity of any email address. The first test checks for a properly formatted address. Then, if running on a UNIX/Linux system or if Windows nslookup is accessible, it checks the domain name system for proper MX and other DNS records. Lastly, if the option has been enabled by the site administrator, it queries the mail exchange server itself to accept or reject the address entered. Note that no email message is actually sent to anyone.
Port checks can be an important part of securing your computing system, especially for those who operate with "always connected" (cable, ADSL, etc) Internet services.
Netquery's port check feature has a dual purpose. First, entering any port number, will provide a listing of that port's protocols, services and any known attack exploits such as "trojans" and "back doors". If you also enter a host name or IP address, that host will be checked to determine whether the specified port is open and accepting connections.
While viewing any listing of port services/exploits, users may click "Submit" to send a new item for the administrator's attention to be added to the listing upon acceptance.
More info: IANA UDP TCP-IP Ports dB SANS Shields Up PC Audit
Hypertext transport protocol (HTTP) is the languange used by web browsers and web servers to communicate with and respond to each other across the internet. Using this function, you can send an HTTP request (HEAD or GET) directly to a server specifying a particular object with a complete URL and examine the server's response "in the raw".
More info: RFC2068
As its name suggests, the ping feature can be compared to a submariner's sonar. It is a utility that simply checks whether the target computer is currently connected to the internet and responding. You should be aware that some servers (e.g., microsoft.com) are deliberately configured so that they do not respond to ICMP pings.
Traceroute can be used to show you how a site is physically connected to the Internet. Along the way you will also gain an understanding of how networks inter-connect. Traceroute can be used to determine the specific network route taken to reach a specific remote host.
In a simplified way, this is how traceroute works. Every IP packet can specify how many hops it can go through before it is no longer forwarded on. When a packet is no longer forwarded on, that router just forgets all about it, but it also will usually send out a message to the source host saying, "Hey, sorry, but your packet died here." So, traceroute cleverly manipulates these values so that the first round of packets it sends out to the designated host are specified such that they can only go through one hop before dying. So that first hop gets those packets, sees that it's not supposed to forward them on any further and doesn't, and then sends a message back to the source host telling it that the packets died. When traceroute receives the "your packets died here" message from the router, it knows that's the first hop. It then sends on the second round of packets specifying that they can only go through TWO hops, and the cycle continues. It finishes when it gets a response from the final destination. For each hop, traceroute then displays the RTT, Round Trip Time, or the time difference between when the probe was sent from traceroute and the time the response arrived for each packet.
More info: Cisco visualware
Looking glass extends Netquery's scope by providing capabilities for interrogating routers (Cisco, Zebra, Juniper) used in wide area networks that comprise the Internet. It is intended for advanced users who have an in-depth understanding of network topology and router functions. The looking glass feature in Netquery contains the following commands for both IPv4 and IPv6: OSPF neighborship, BGP neighborship, OSPF RT, BGP RR, Zebra Any RR, and Zebra Interface Info.
More info: Bind.com BGP Expert Routeviews