Provided by: cheops_0.61-13ubuntu1_i386
cheops - network monitor tools for system administration
Cheops is a network "swiss army knife". It’s "network neighborhood"
done right (or gone out of control, depending on your perspective).
It’s a combination of a variety of network tools to provide system
adminstrators and users with a simple interface to managing and
accessing their networks. Cheops aims to do for the network what the
file manager did for the filesystem.
Machine fingerprinting to determine OS
Use of DNS and ICMP to
Interface with SNMP
Thus, cheops has taken on the role of a network management system, in
the same category as one might put HP Openview or Scotty (also known as
Tkined a very nice, although a bit outdated free network monitor).
Notice that while this program thus not provide as many features as the
aforementioned it does provide a nicer interface and is still under
development (so nicer things might be available in the near future).
Cheops must be run by the root user, since it is not installed (by
default) setuid. You can make it setuid but there are (quite probably)
bugs that might make this a security risk. It needs to run as superuser
due to the use of raw sockets in order to do TCP/IP fingerprinting.
This IS NOT designed to be an attacker’s tool, and you SHOULD NOT use
it to explore domains you do not have authorization to access. The
author does not take any responsibility for use of this tool on
unauthorized domains! Be aware that cheops is not stealthy and that
using it on a remote network, it will be very obvious that you are
This manual page was written for the Debian GNU/Linux distribution
because the original program does not have a manual page.
The interface presented shows a view of hosts available on the network
showing, if possible, the operating system they use with a distinct
pixmap. The user can select a given host and monitor processes running
there, also, new hosts or networks can be added using the menu above
the network display.
The mechanics of cheops operation are nothing new:
Simple ICMP "ping" packets are used to initially search a
network for hosts that are alive. (ping)
Domain Name Transfers are used to list hosts in a domain
OS detection is done using invalid flags on TCP packets (queso)
Port detection is done (somewhat) silently using half-open TCP
connections in order to avoid unnecessarily starting services or
logging on the remote machine. (halfscan)
Mapping is done using UDP (or optionally ICMP) packets with
small time-to-live values (traceroute and mtr, respectively)
Monitoring is done using normal connect() sequences using sets
of chained stages centerd around the gtk_input_add routine.
Cheops does not yet use any command line options.
Virtually everything is configured via the graphical interface. After
discovering hosts, right clicking on them will give you a list of
The place cheops should look for its pixmaps and configuration
file. Plugins are stored in a system dependent directory (in
Automatically generated per-user configurations file. DO NOT
Cheops is beta software, and consequently still has bugs and incomplete
But reports can be e-mailed to Mark Spencer at email@example.com or to
the Debian maintainer of this package using the Debian Bug Tracking
System (http://bugs.debian.org/) , but any questions answered in the
FAQ at the main cheops page will not be answered. Suggestions and
ideas for improving it are welcomed.
Additional information at the main site: http://www.marko.net/cheops
(home page) ftp://ftp.marko.net/pub/cheops (FTP site: look here for
newest releases) and in the default location for installed
This manual page was written by Javier Fernandez-Sanguino
<firstname.lastname@example.org>, for the Debian GNU/Linux system (but may be used by
Cheops was originally written by Mark Spencer, and was sponsored
greatly by Adtran, Inc.