/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsAs a network administrator, everyday you’re faced with a host of problems–slow data transfers, malfunctioning network devices, vulnerabilities and security threats, viruses and screaming users. To survive you need not only manpower, but also the right kinds of tools to help you manage your network better. The trouble, though, is the number of monitoring tools is unlimited, making it difficult to choose the right ones. So, we’ve given a broad break-up of the various types of network-monitoring tools to help you create your own network survival kit. We’ve also identified some good tools for some of the categories, and put them on the CD. These include both time-limited demos of commercial products and freely distributable ones.
Packet-capture tools
Such tools allow you to capture packets flowing across your network, so that you can analyze them. Due to their nature, packet-capture utilities help you analyze a range of things, including causes of network congestion and security loopholes on your network–so, use them with care and ensure that they don’t fall in the wrong hands. Packet-capture tools also give you the overall network utilization, and a break-up of the size of packets on your network, the protocols being used, etc. You can also set filters on them to determine the traffic patterns for a particular protocol.
|
/pcq/media/post_attachments/2ee05a6fd696ea11fdc52328a10370bf8ec023d5f25e875eb2d10e755ea57406.jpg)
One good free packet-capturing utility for the Windows platform is called Analyzer. Among other things, it displays information such as source/destination IP and MAC addresses, the protocols on your network, as well as descriptions of various packets. It needs another program called WinPcap to capture packets. EtherPeek is another excellent packet capturing utility. It’s not free like Analyzer, but a commercial package, with a lot of good features. We’ve given the latest demo version of this utility on this month’s CD.
Throughput tools
Sometimes you may not want to see a breakup of the types of packets flowing across your network. You may just want to see the raw throughput of your network or your Internet connection, or determine usage patterns of various devices on your network such as network printers, switches and routers. This is where throughput tools come in handy. There are some very good free tools, such as MRTG (Multi-Router Traffic Grapher) or Bronc, available for this. They capture the raw packets, measure the throughput, and display it in easy to read graphs. Such utilities can help to determine network usage over a period of time.
Path-characterization tools
These are the tools that will help you measure various characteristics of a particular network path. They can help you determine the availability of a particular node, measure bandwidth congestion along a particular network path, etc. Usually, these tools work by sending out ICMP (Ping) requests along a network path, and measure things like raw throughput and response time when the packet returns. They usually work at the packet level so it won’t show a protocol level break-up of the bandwidth. Such tools can be helpful in determining congestion on different segments of your network, determining which links are down, or even overloaded nodes.
SNMP tools
These tools use SNMP (Simple Network Management Protocol) for managing devices on your network. Most network devices today support SNMP. These include switches, hubs, routers, and even OS, printers and UPS systems. Each of these devices will have an SNMP agent, which will capture critical information about the device and pass it to a central management console, which could be a commercial network-management software, or a single SNMP tool. For instance, an SNMP-enabled switch will pass on information like throughput on each port, or packets dropped to the network-management software, which would then display it. You can set threshold limits, called SNMP traps, which if exceeded will raise an alert.
Traceroute programs
|
/pcq/media/post_attachments/e166dc907e3859951fe47eb1e53c0bec913e8bcded91646cb3e54207a2eb08c0.jpg)
Suppose your user complains about not being able to access a particular website. You check your Internet connection and find that it’s working fine, only the site seems inaccessible. It could be that the website in question is down. But it could also mean that there is a problem with your ISP, or something wrong with the Internet. So how do you find out? This is where traceroute utilities come in. Most Windows OSs have a simple command line based traceroute program. This displays all the hosts your request goes through to reach a particular destination, and also displays the response time from each host.
However, there are also some GUI-based traceroute programs, such as VisualRoute and NetTrace, which show not only all the hosts, but also where are they located on a world map. This can be extremely helpful in determining, say spam mail originators, bottlenecks on a route, etc.
General monitoring utilities
While we’ve covered the major categories, there are still some tools that can make the life of a network administrator a lot easier. These include tools for doing nslookup, ping scans, port scanning, finger, etc. These are available both independently as well as plug-ins for other larger tools. For instance, ping scan is available as a plug-in for EtherPeek. This allows you to determine which nodes are up and running on a particular network segment, and also helps you find a free IP address on your network. NS Look-up tools allow you to query various domain name servers to determine information about various hosts.
Port scanners are usually considered to be a hacker’s tool, but can be extremely useful for a network administrator in finding the security loopholes on your network.
Anil Chopra