February 4, 2019 in Technology
Obviously several tools are out there but what are good tools?
Wireshark / Tshark
Wireshark is an unparalleled network protocol analyzer, and honestly, one of the best free network tools ever made. When you’re troubleshooting an issue and actually need to get into the weeds to find out what’s going on – this is your microscope. Never leave home without it!
If you’re looking for some command-line capturing, or maybe you want to programmatically trigger packet captures, don’t forget to check out TShark. It’s included with Wireshark, and totally awesome.
iPerf / JPerf
Between any two nodes is a network – be it vast or small. A simple ping between the two nodes is only good for general reachability and understanding the round-trip time for the small packets. If you want to measure actually achievable bandwidth, you need another tool such as iPerf.
iPerf3 is the latest iteration of this tool. You run the client on two ends of a network, configuring the parameters needed to measure performance. It supports tuning of many parameters related to timing, buffers, and protocols (TCP, UDP, SCTP with IPv4 and IPv6). Upon execution, it actively measures and reports on bandwidth, loss, latency, jitter, and so on. You can initiate multiple simultaneous connections to truly simulate load across the network. Very handy tool!
If you’re more of a GUI person, check out Jperf. It’s up there in age but still works like a champ.
Nmap / Zenmap
I personally use Nmap at least once a week. Almost verbatim from their website: Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
Nmap provides an incredible number of features for probing networks, including host discovery, service discovery and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. In fact, Nmap is used in the backend for various security assessment tools such as Nexpose.
Again, if you’re more a fan of GUIs, make sure the download the bundle with Zenmap.
Paessler SNMP Tester
SNMP can be hard. This is why you need a good tester. There are a few out there, but I’ve found great success with Paessler’s SNMP tester.
The idea of this program is to have a tool that enables the user to debug SNMP activities in order to find communication and/or data problems in SNMP monitoring configurations. Are your devices configured properly? Are you using the correct keys? Use this tool to validate if your SNMP configuration will function with programs like PRTG Network Monitor.
Angry IP Scanner
Angry IP scanner is an open-source, multi-threaded IP address and port scanner. Similar to Nmap, and used by millions, it’s become a standard tool for network admins. Angry IP Scanner first rapidly pings, then checks port status, then starts resolving hostnames, gathering MAC addresses, OSs and whatever it can discern based on the data gathered. It can collect NetBIOS info like workgroup and domain names, as well as logged-in users if you happen to have to privileged rights to retrieve this information. Like Nmap, it’s extensible with plugins. Scanning results can be saved to CSV, TXT, XML or IP-Port list files.
Runs on Windows, Mac, and Linux. Get it here.
Monitoring & Logging
Nagios is a networking monitoring software solution. In fact, it’s a suite of solutions for monitoring network availability, analyzing data flows and security, as well as collecting logs for auditing. It’s completely open source and has a vibrant community of like-minded developers and administrators.
With Nagios XI you can monitor everything from infrastructure to applications with granular detail. With Nagios Log Server, you can quickly sift through a central repository of audit logs, or setup triggers to alert you to critical events such as threats. And with Nagios Network Analyzer, dig deep into the health and integrity of your systems and network. Analyze flows, validate intent and troubleshoot with the lights on.
What I like most about Nagios is their straightforward approach to monitoring. They have multiple ways to represent data visually, which is another key interest of mine. Lastly, the built-in failover is wickedly cool if you start monitoring larger environments.
“High-Speed Web-based Traffic Analysis and Flow Collection.”
Named after the popular top command in Unix, ntop shows network usage similarly to how top shows system usage. Ntopng, based on libpcap, is the next generation version of the original ntop. It was written in a portable manner, which gives it the flexibility to run on numerous platforms: Linux, Mac OSX, and Windows.
Web-based, ntopng allows you to view traffic data and gather reports regarding network status. You can use numerous criterion for sorting, including IP address, ports, Layer 7 protocols, BGP AS, and so on. You can even do long-term reports to collect metrics such as throughput over time. I personally use this tool to generate detailed host-based reports showing applications latency, RTT, TCP statistics like retransmissions, out-of-orders, and zero windows.
Real-Time NetFlow Analyzer
“A real-time view of the network with SolarWinds NetFlow Analyzer”
When I need to troubleshoot network performance at a single site, or from a particular perspective, I rely on SolarWinds Real-Time NetFlow Analyzer. It’s free and simple to use. Hours of finger-pointing can be eliminated by firing up this tool and looking at traffic going through a router or interface. Easily identify users, apps, and devices that are consuming the most bandwidth.
If you like the tool, I highly recommend upgrading it to the full version, which we covered in a previous article. It’s truly stellar.
Kiwi Syslog Server
“View and archive Syslog messages and SNMP traps from five sources in real-time”
Again, if I’m troubleshooting a particular network, site or node, I rely on a logging mechanism to audit and aid in troubleshooting. With Kiwi Syslog Server Free Edition you can collect, view and archive up to 5 sources including routers, computers or other devices. Logs may also be written to disk—either in one large file or split up by day or priority.
It’s easy to use, and absolutely free for small, focused logging engagements. You can view logs in real-time, gather stats, and even setup warnings and alerts. It’s not just Syslog messages, but also SNMP traps you can collect and analyze with Kiwi.
If you want to get more serious, I recommend upgrading to the full version.
Configuration & Transfers
“No one likes repetitive tasks.”
Ansible is a simple and powerful automation engine with the goal of reducing repetition by automating tasks. It’s vendor agnostic, programmable and relatively easy to learn. The folks at Ansible believe that automation shouldn’t be more complex than the tasks it’s replacing.
From a network perspective, I like this tool for generating configuration files based on my custom templates. I can quickly build “playbooks” for a large number of scenarios, ensuring that my configuration files are properly built based upon my standards and that my network devices are configured accordingly.
If you want to get more with a GUI, check out Ansible Tower. Super clean.
Created by Kirk Byers, Netmiko is a multi-vendor Python library that simplifies Paramiko, gearing it toward network devices. This is a more advanced tool, and only beneficial if you’re using Python for scripting or automation. It simplifies SSH connections, command execution and data retrieval like no-one’s business.
Each vendor has their own quirks regarding shell interaction. Whether is privileged modes, expert modes or commit functions, Netmiko is designed to simplify this lower-level SSH management across a wide set of networking vendors.
Netmiko current supports the following platforms:
- Cisco IOS, IOS-XE, IOS-XR, ASA, NX-OS, and WLC (with limited testing)
- Arista EOS
- HP ProCurve
- HP Comware (limited testing)
- Juniper Junos
- Brocade VDX (limited testing)
- F5 LTM (experimental)
- Huawei (limited testing)
SolarWinds TFTP Server
At some point in your day-to-day as a network administrator, you’ll have to transfer a configuration file or image file to a router. TFTP has been the easy go-to for this task for many years, and although alternative protocols are out there, good chances are you’ll still run into the case where TFTP is just easier.
This is the reason why I always have a TFTP server app loaded on my laptop. My personal choice for this software is SolarWinds TFTP Server. We’ve written about it in the past and it still holds its rank. It’s a multi-threaded, reliable and works like a champ. Best of all, it’s free.
As a bonus little feature, you can actually authorize specific IPs or ranges to limit sending and receiving directly to the server for advanced security. And if you’re doing this regularly or from a central server, run it as a service for 24×7 availability.
SolarWinds SFTP/SCP Server
Those alternative protocols I mentioned before? SFTP and SCP are two of them.
If you have the capability to use the secure protocols instead of TFTP, do it, just make sure you have trusted software like SolarWinds SFTP/SCP Server.
Like the TFTP Server software, SolarWinds SFTP/SCP Server is multi-threaded and commonly used to upload and download executable images and back-up configurations for routers and switches. You can authorize specific IPs or ranges to limit sending and receiving directly to the server for advanced security, and run it as a service on a centralized server.
Assuming you need one of these tools, it’s likely you’re transferring config or images files to/from network devices. If you’ve never checked it out, I highly recommend giving SolarWinds Network Configuration Manager a whirl. It’s free to try but does have a cost associated past the trial period. I am intimately familiar with several very large networks that use SolarWinds NCM for configuration, compliance and image transfers. In my opinion, it’s absolutely worth every penny.
Terminals & Text Editors
Notepad++ / UltraEdit / Sublime Text
If you’re still using regular old Notepad, you have no idea what you’re missing out on. Step up your text game with one of these text editors. I guarantee you will not regret it!
Another no-brainer for most — PuTTY is an SSH and telnet client the Windows platform. It’s simple, portable and effective! For many people I know, it’s the only tool they use for SSH access.
PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.
If you’ve ever used Linux, you’ve become familiar with useful commands such as ‘grep’, ‘ls’, ‘top’, ‘df’, ‘pwd’ and so on. In the Windows world, we are missing some of these commands, and we have them, it’s written in some other non-intuitive syntax. Wouldn’t it be great to have Linux commands and applets in Window? Enter Cygwin.
Cygwin is a large collection of GNU and Open Source tools, which provide functionality similar to a Linux distribution on Windows. Not only can you run familiar commands, but also you can load (similar to apt-get or yum) various Linux tools. Some favorites of mine are wget and curl. If I’m running Windows, I’m running Cygwin.
I love Visio. It’s undoubtedly the best tool for designing network diagrams. However, it can be expensive, and it only runs on Windows. As a Mac user, I run a Windows VM just so I can use Microsoft Visio. While this does function, I’ve recently started using Draw.io, a browser-based diagramming application. It’s awesome!
Whether you’re building an engineering diagram or a network diagram, Draw.io has tons of templates to get you started. It connects to online storage environments like Dropbox and Google Drive for real-time saving. No more losing data. Again, it’s absolutely free, and something you can rely on for cloud-based diagrams that are shareable and exportable.
SolarWinds Orion Network Performance Monitor (NPM)
Say your toolbag is full, and now you’re ready to upgrade to a professional set. For enterprise networks, you need robust monitoring, advanced troubleshooting, historical analytics, system analysis, fault alerting, capacity forecasting, detailed reporting, and a constant finger on the pulse of your infrastructure. This is where SolarWinds Orion Network Performance Monitor (NPM) steps in.
Winner of our recent Network Manager Software Smackdown, SolarWinds NPM is earned this achievement through constant innovation, easy-to-use interfaces, wide user adoption and an unmatched community in the performance and monitoring industries. If you need more reasons to check out SolarWinds NPM, read our articles highlighting a few of the new advancementsreleased in their latest iteration of the platform – version 12. NetPath, in particular, is a mind-blowing addition to this toolset that you won’t get anywhere else.
Get started with a free trial and start managing your network like a boss. And don’t forget to check out our 2016 smackdown!