When:  TUESDAY, September 23rd, 2003    (** NOTE: Special Meeting Day **)

     Where:  The Chase Manhattan Bank
             One Chase Manhattan Plaza (1CMP)
             Conference Center, 28th Floor
             Downtown, NYC

      Time:  6:15 PM - 6:30 PM  Registration
             6:30 PM - 6:40 PM  Ask the Wizard,
                                Questions, Answers and Current Events
             6:40 PM - 6:50 PM  Unigroup Business
             6:50 PM - 9:30 PM  Main Presentation

     Topic:  Remote Monitoring with SNMP
             (Simple Network Management Protocol)

   Speakers: Jozef Skvarcek (main presentation),
             Mark Spitz (followup presentation/panel discussion).

   Speaker:  Josh Birnbaum on "ifchk"  (see below)



   Note: Since the TECHXNY/PCEXPO Show is being held at the Javits Center
   on September 16th through 18th, we moved the Unigroup meeting a couple
   days forward to Tuesday, September 23rd in order to avoid the

   For complimentary exhibits hall registration, you may use the Unigroup
   Source Code "GLAUUG", and web-login to the show registration:


   Note: Our code was reported to be working last week, but when I just
   tried it (just before sending this mailing) I received a pile of M$
   SQL/ODBC error codes (always fun to see).  Your mileage may vary.
   If anything, try our code, on its own, from the registration section
   of the show's web page:


   Note: We are not sure if the code will remain usable this week.


   One of our Unigroup members, Josh Birnbaum of Noorg, Inc., has
   developed an Open Source Project called "ifchk", which is a tool
   which provides Host Based Promiscuous Mode Detection.

   Josh will give us a mini-presentation on "ifchk" at our November 2003
   meeting, prior to the main presentation which is scheduled to be IPv6.

   At our September meeting, Josh will briefly describe his project and
   give us a brief introduction to "ifchk" and his upcoming talk.

   Topic: Project ifchk,
          and Promiscuous Mode Network Interface Operation.

   Intro: Packet sniffing is often employed as much as a means to
          assess the underlying performance of networks as it is
          to capture the very data that flows through them.  For
          good or bad, packet capture is a powerful facility.

          Joshua Birnbaum, President of Noorg, Inc., will discuss
          ifchk, an open source packet sniffer detector/handler
          written by him in C.  The integrals of promiscuous mode
          operation, from the points of view of both hardware and
          software, as well as some typical scenarios of it's use
          will also be covered.  For further information about
          Project ifchk, visit: http://www.noorg.org/ifchk


   Main Presentation Introduction:

   It is possible to monitor and administer a small number of computers
   individually, for example, by running an interactive session on each
   one.  We could also create various smart scripts performing the
   monitoring functions automatically locally and notifying the
   administrator about the exceptions by, say, e-mail.  However, this
   approach has obvious limitations as the number of servers increases
   for it demands a manual modification of the local scripts should the
   threshold values or the e-mail address change.  In general, we want to
   have available one centralized point (management station) where we
   could set up the thresholds and process the notifications about the
   exceptions.  We prefer to have a unified, simple installation and
   configuration of the part of the monitoring software which runs on
   the managed nodes since that would allow for more robust and automated
   installation procedures for a large number of the systems.  Also, we
   prefer such a monitoring method which would work for different
   platforms that can be found in the data-centers nowadays.

   SNMP (Simple Network Management Protocol) fits the task well despite
   some limitations.  It takes care of the network communication between
   the management station and the managed nodes.  Also, it organizes the
   management information on the client side so that it can be retrieved
   and modified by the management station via a small number of SNMP
   operations.  It does not process, filter or correlate the management
   information retrieved from the clients.  It passes the information to
   other application programs, or put differently, the management
   applications take advantage of SNMP in order to communicate with their
   clients.  One of the compelling reasons for using SNMP is the fact that
   the SNMP daemon or service is a part of the standard installation of
   all major modern operating systems.  The enterprise-grade database
   systems, firewalls and other applications often contain an SNMP module
   which can communicate the application specific management information.
   The components of the network infrastructure such as routers or
   switches support SNMP, also many other devices such as the
   un-interruptible power supplies allow for the installation of a card
   with an embedded SNMP daemon.  Therefore, with a relatively little
   extra burden caused by the planning and the configuration we can have
   a multi-platform, network monitoring capability based on open



   * Keep an eye out on the deadline date and time, as it may change.

   Please RSVP if you know you are attending or if you think you may
   be attending.  This will help us arrange for a letter to security
   for all of Unigroup.  It will also help us to determine the correct
   amount of food and refreshments.

   To REGISTER for this event, please RSVP by:

   a) If at all possible, please use the Unigroup Registration Page:
      This will allow us to have some automation in the RSVP process.

   b) If you must Email us, send an EMail containing the FIRST and
      LAST NAMEs of the persons attending to the Unigroup RSVP
      The Email subject should start with "RSVP".
      You may optionally include your contact phone number (that
      day) or other current information.

      DO NOT simply reply to this Email, sending us back the entire
      announcement (we already have it); leaving the subject as it
      was, and NOT containing the phrase "RSVP" as requested.  In
      that case, your message just looks like failed mail and it
      makes it impossible to automate the RSVP process and get
      you registered for our event.

      ALSO: Do NOT give us an Email address which is over quota
      and cannot receive any new Email.  This causes us to receive
      bounces from your address when we send out the RSVP-ACKs.
      You must have a working and valid Email address in order
      to get on the Unigroup Meeting Attendee List which will
      grant you access to our meetings.  Be sure to proof-read
      your Email address before submitting the RSVP request.

  **  AND: Do NOT give us an Email address which has anti-spam
      processing requiring our automated shell scripts to reply
      to your mail servers or visit a web page... that will NOT
      happen!  Be sure to add Unigroup to your "allow" lists!

   Please continue to check the Unigroup web site:
   for any last minute updates concerning this meeting.  Please
   check your Email for any last minute announcements prior to the
   meeting.  Note that only the Attendee First and Last Names will
   be provided to Chase Security.


   Outline of Main Presentation:

     * Introduction
          + General intro into centralized management, motivation
          + RFC documents
          + SNMP versions
          + SNMP components (managers, agents, entities, MIB's, PDU's)
     * SNMP and Security
          + Security threats
          + SNMP v1,v2 clear-text communities
          + SNMP v3 improvements
     * SNMP agents on Linux, Solaris and Windows 2000
          + Short description, suggestions
     * Practical Example (configuration)
          + Configuration of NET-SNMP agent on Linux/Solaris
          + Setting up SNMP v3
          + Issuing SNMP PDU's (GET, NEXT), reading output
     * Practical Example (monitoring script)
          + Monitoring goals: availability, disk and swap utilization,
            system load, running processes
          + Detailed description of the algorithms
          + Script implementation with Perl (see References for the URL)
     * Commercial products
          + Network Management Station: IBM Tivoli Netview (HP Openview)
          + Centralized monitoring: IBM Tivoli Framework, BMC Patrol
     * Conclusions

   Outline of Followup Presentation:

     1) SNMP Tools: net-snmp, scotty, joe-snmp, etc. (not all will be free)
     2) Post Processors For Collected Data: rrd tools, open-nms, etc.
     3) Related Things: MIB Compilers, PostgreSQL, Books, etc.




          1. Remote Monitoring with SNMP
             by J. Skvarcek,
             Usenix ;login;, October 2002

          2. Remote Monitoring with SNMP: A Practical Example
             by J. Skvarcek,
             Usenix ;login:, February 2003

             Perl Monitoring Script:


          1. Essential SNMP by D.R. Mauro and K.J. Schmidt
             O'Reilly 2001

          2. Understanding SNMP MIBs by D. Perkins and E. McGinnis
             Prentice Hall 1997

          3. SNMP Network Management by P. Simoneau
             McGraw-Hill 1999

          4. Practical Guide to SNMP v3 and Network Management
             by D. Zeltserman
             Prentice Hall 1999


          1. NET-SNMP (UCD-SNMP)

          2. HP OpenView

          3. IBM Tivoli Netview

          4. GxSNMP

          5. RFC

          6. SNMP v3

          7. The details of the standardization of SNMP v3



   O'Reilly has been kind enough to provide us with some of their
   books, which we will continue to raffle off as giveaways at our

   Addison-Wesley Professional/Prentice Hall PTR has been kind
   enough to provide us with some of their books, which we will
   continue to raffle off as giveaways at our meetings.

   Unigroup would like to thank both companies for the support
   provided by their User Group programs.


   Speaker Biographies:

   Jozef Skvarcek programmed high performance parallel numerical
   simulations during his post-graduate studies at the City
   University of New York.  Since January 2000 he has been working
   for Datek Online and Ameritrade as a System Engineer.  The Unix
   System Administration is not only his job but also his hobby.
   Jozef is a long time Unigroup member and currently also serves
   on the Unigroup Board of Directors.  Jozef was also our speaker
   for our Beuwolf Cluster meeting.

   Marc Spitzer has been working with computers since 1991, when he
   started out as a VAX/VMS operator.  Since then he has worked as a
   System Administrator, Programmer and Security Analyst.  Currently
   he is a independent consultant working in NYC.  Marc has been
   a regular attendee at Unigroup meetings during the past year.


   Fee Schedule:
         Yearly Membership (includes all meetings):      $ 50.00
       * Non-Member Single Meeting:                      $ 20.00
         Student Yearly Membership:                      $ 20.00
         Non-Member Student Single Meeting (with ID):    $  5.00
         Payment Methods: Cash, Check, American Express.

       * Employees of JPM/Chase (with ID) can attend general
         meetings at NO CHARGE.

    ==>  Unigroup is the Greater NYC Regional Area Affiliate
         of UniForum - an International Unix Users Group.
         Our Joint Membership Program with UniForum is currently
         on hold due to circumstances at UniForum.  For information
         about UniForum visit http://www.uniforum.org.


   Complimentary Food and Refreshments will be served.  This includes
   sandwiches such as turkey, roast beef, chicken, tuna and grilled
   eggplant as well as brownies, cookies, bottled water and assorted



     The 1CMP building is situated: South of Liberty Street, North
     of Pine Street, East of Broad/Nassau Street and West of William
     Street.  The building is one block east of Broadway, right
     behind 140 Broadway.

     The closest entrance to the conference center is from Nassau
     Street, first elevator bank from the Nassau Street entrance.

     The building is on a raised platform.  Walk up the outside
     stairs at Nassau Street and head for the guard's station at the
     south-west corner of the building.  Tell the guards you are
     heading for Unigroup.   Note: at times, you may need to enter
     the building on its lower level, on the east side of the block.

     They will inspect your ID and carry-ins and direct you to the
     meeting facility assuming you are on the Unigroup RSVP list.

     Once you get upstairs, enter the conference facility through
     its main doors.  There is a bank of large monitors to the left
     of the entrance which should direct you to the Unigroup meeting
     room (the room changes from month to month).  To the right of
     the main entrance is the concierge's desk, ask for help there
     if you need anything.  The conference facility has two levels,
     use the staircase to get to the upper level.  Most of the time,
     our meeting room has been upstairs, on the south side of the

     As always, also look out for Unigroup signs marking the path
     to the meeting room.  Also note, if you come early, we may not
     have our own signs in place yet (we have to commute there too).

     Transit By Train:  Take the J/M/Z to Broad Street and walk one
     block North to Pine St.  Take the 4/5 to Wall Street and walk
     North to Pine St., then East to Broad St.  Take the 2/3 to Wall
     Street, the North West exit is inside the Chase complex, else
     you will need to walk a block North and West.  See the MTA
     Downtown NYC Map (pdf) for detailed mass transit information:


   Please mark this meeting on your calendar and join us!
   Please tell your friends about Unigroup!



   We have a series of meetings in the works:

   - SNMP  (September 2003)
   - IPv6  (November  2003)
   - DNS
   - iSCSI, Serial ATA, and other new peripheral technologies
   - IPsec
   - Zope (Web Page Development)
   - Unix Clusters and Clustered Databases
   - High Performance Internet Servers / Web Acceleration
   - Unix 30th Birthday Celebration
   - Linux Clustering Part 3: Beowulf version 2
   - Building a Firewall using FreeBSD and Linux
   - Unix Office Tools: Word Processors, Spreadsheets, Accounting Packages.
   - Emacs
   - Tex
   - PKI
   - GNU Development Environments
   - Meetings on a variety of Sun/Solaris/Java topics

   Please let us know about any other meeting topics that you may be
   interested in.  Potential speakers on Unix related technology topics
   should contact the Unigroup board at uniboard@unigroup.org.



   July 2003: Internet Security: Firewall Intelligence

   Unigroup would like to thank our speakers Arpan Lakra and
   Larry Reed from CheckPoint Software Technologies for presenting at
   our July 2003 meeting.  We would also like to thank CheckPoint for
   sponsoring the food and refreshments at that meeting.



   Unigroup is one of the oldest and largest Unix User's Groups serving
   the Greater New York City Regional Area since the early 1980s.  Unigroup
   is a not-for-profit, vendor-neutral and member funded volunteer
   organization.  Unigroup holds regular and special event meetings
   throughout the year on technical topics relating to Unix and the Unix
   User Community.  Unigroup is also the Greater NYC Regional Area Affiliate
   of UniForum - an International Unix Users Group.

   Thanks to Chase, Unigroup holds regular meetings planned for the Third
   THURSDAY of Odd Months at The Chase Manhattan Bank, 1CMP, NYC.
   Chase has been a long time sponsor of Unigroup, allowing us the use of
   a meeting room and presentation equipment.

   Planned meeting dates are: 9/23/2003, 11/20/2003, 1/16/2004, ...
   Watch for our Special Event meetings at the various trade shows in NYC
   as well as "field trips" to the facilities of local hardware and
   software vendors.

   = For Unigroup Information, Events and Meeting Announcements be sure to =
   = visit our World Wide Web Home Page:                                   =
   =       http://www.unigroup.org                                         =

   For further information or to get on the Unigroup Electronic Mail Mailing
   List send an EMail message to:

   To contact the Board of Directors of Unigroup, send an EMail message to:

   To contact the Newsletter Editor, send an EMail message to:

   If you have recently attended a meeting and you are not receiving
   Email announcements, please send us an Email and we will make
   corrections to our lists.

   Please Email the Board with any suggestions, especially potential
   meeting topics and speakers.  Unigroup welcomes contributions and
   content suggestions for our newsletter.  Unigroup is a volunteer
   organization and we need your assistance!  Please let us know if you
   can help!


I hope to see you all at our next meeting!

-Rob Weiner
 Unigroup Executive Director

[Unigroup Home]