
1. Description
2. Installation
3. Use

1. Description

	Argusalpha is the alpha release of argus, the topology discovery
toolkit developed at the http://www.cs.cornell.edu/cnrg/. A document
describing in some detail the aim of this rpoject can be found at
http://www/cnrg/topology_aware/discovery/argus.html. The current release
does not implement all the functions described in the above mentioned
document. Allthough it has been tested, probably many of the components
still have bugs. If you find any, please report it to estan@cs.cornel.edu.
	Argusalpha implements 3 network discovery algorithms and contains
some hepler programs that can be used independently from the toolkit. The
algorithms store the discovered topology in some text files in human
readable format. The format is such that it can be easily processed with
normal Unix programs like grep, sort and wc and small scripts.
 	The executables from the toolkit are:
-argus.pl is the core of the toolkit that starts the algorithms;
-bping (batch ping) is derived from ping and sends out a batch of ICMP
packets at a time to speed up discovery;
-ftraceroute (fast traceroute) is derived from traceroute; These two
programs work well with our scripts, but used standalone don't have the
roubustness of their ancestors.
-recursive.pl does a recursive dns listing for the domain passed to it on
the command line;
-count.pl,nonumbers.pl,total.pl and zeroify.pl are small scripts used to
process the database files. 

2. Installation

	We have tested the toolkit on Solaris and Linux on x86 machines.
It might work on other Unices too, probably with some adjustments.
	If you want to use the SNMP facilities of Argusalpha, install (the
snmp library of) ucd-snmp-3.5.3 (3.6.1 doesn' work properly with perl) 
available from http://ucd-snmp.ucdavis.edu/ and the perl module called
SNMP-1.8 available from CPAN. 
	To install ftraceroute and bping unpack util.tar.gz, ./configure
it, make and make install. If you do not have the rights to install these
binaries in the proper directories, put them somewhere else and change
the files that use them (ping.pl and tracert.pl) to find them, but make
sure that they are setuided root.
	Edit the nslookup file of argusalpha so that the path to bash and
to nslookup are the ones valid on your system.
	Please *change the parameters describing the target domain* in
argus.pl to reflect your domain's parameters, not Cornell's. Thank you.

3. Use

	There are 3 algorithms you can use for discovering you domain's
topology, called for historic reasons h5, h4 and h2. h5 starts with an
initial list of guesses of valid addresses from the domain, pings,
traceroutes, guesses some new addresses and in the process tries to
discover the topology. h4 does a recursive dns of the domain and then
tries to construct the topology from the outputs of the traceroutes to
all the valid computers. h2 uses SNMP queries to the routers. The hosts
are discovered by looking at the ARP tables. After having discovered the
topologies, they are written to the disk. If you discover a large network
(like cornell.edu) running times can be above an hour. The logfile created
together with the databse can contain useful information too.
	You can select which algorithm to use by setting the variable $alg
in argus.pl. Around the place where it is defined there are some other
variables that define the target (scope) of the discovery. Please set
these to reflect your domain. In common.pl there are some additional
parameters you might want to change (mainly timeouts). I recommend you try
the toolkit out on a small domain and use it on larger ones after that. h5
and h4 have been extensively tested, and h2 behaves well too, but got less
testing.
	Direct feedback, questions and bugreports to estan@cs.cornell.edu.

Enjoy :-)

