by July 30, 2012 0 comments



– Sandeep Koul & Abhijit Ahaskar

No matter how capable your computing device and application are, hassle free experience would always depend on good connectivity. In fact in the context of modern IT, the connectivity has become so important and at times headache for IT administrator. A single faulty network interface card or one infected machine can choke your corporate network by broadcasting network packets; all this in turn would mean meager bandwidth for your business application leading to frustration and finally loss of business. There are lots of network monitoring tools available on web (paid, free, and open source) for most of the platforms. Here, we talk about few of them that you can find on the DVD with the August 2012 issue.

NetCut

A simple switch to turn off ‘rouge’ IP

[image_library_tag 058/63058, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

To understand this simple network monitoring tool, you have to understand the ARP protocol that is used to identify nodes on the network. Each machine on the network has an ARP cash that maps each IP address to Media Access Control address (MAC address). When a machine wants to send packets to another machine (whose IP address is known) it looks up in ARP cash for relevant MAC address, if it finds MAC address there it sends IP Packet on link layer to corresponding address. On the other hand, if there is no entry of IP address-MAC address in ARP cash then sender machine broadcasts packet to all machines, once receiver responds entry is created in ARP cash. You can download NetCut from http://tinyurl.com/6sc6vzs or can get it from PCQuest DVD. The size of this utility is about 1.66 MB and latest version (NetCut 2.1.4) can be installed on Windows 7. Once installed, this software can tell who all is on your network, and provide information like IP, Device Name, and MAC address. Using NetCut, you as an administrator can stop/start connectivity of any misbehaving device on your network. You can clone and change MAC address of any machine using this tool simple utility.

IO Connection Analysis Beta

Find Out what’s going on your system

[image_library_tag 059/63059, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

IO Connection Analysis Tool is a custom based freeware application meant to provide users a map with all the inbound and outbound TCP/UDP connections to an application and user account. It also provides info on performance metrics like processor and memory utilization per connection. This is an open source app which can be modified for adoption to meets specific requirements. It helps user to use native API [iphlpapi.dll} in an effort to pull in and scrub information via data grids attached to a .NET form.

It is easy to install and you don’t require admin rights to see user connections. Just copy ioca.exe to any directory and launch. When the splash screen appears showing components are loading, wait for the main frame to appear and then click on Acquire Data button to begin the analysis. This will populate all local and remote traffic and various other data in inbound\outbound tab. This will be followed by Filtered Data for remote traffic, giving users a full-fledged picture of all inbound and outbound TCP/UDP communications.

Snort

Do Much more with this free and renowned utility

[image_library_tag 060/63060, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

This open source and free to use utility is capable of real time traffic analysis and packed logging on your IP network. In past, PCQuest has covered this utility and you can find detailed installation steps at http://tinyurl.com/7yxurkc. Snort which can be used as intrusion detection and prevention tool is quite popular among open source community with around 4 million downloads and 400,000 registered users.

Latest version of Snort (v 2.9.2) comes with lot of improvements and new features. Among new features is GTP decoding and preprocessor, Snort packet decoders have been updated and preprocessor has been added to support detecting attacks over GTP (GPRS Tunneling Protocol). Snort’s GTP support handles multiple versions of GTP and has a rich configuration set. Other additions include improvement to SCADA (DNP3 and Modbus) and HTTP preprocessors, while former is to support writing rules for detecting attacks for control systems latter is to normalize HTTP responses that include JavaScript escaped data in the HTTP response body. Finally Protocol-Aware Flushing (PAF) support for FTP is also included in latest version; PAF is beneficial in accurately detecting intrusion.

Etherwatch

Keep a close look on traffic moving on Ethernet

[image_library_tag 061/63061, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

EtherWatch tool is an open source application which was developed to monitor user’s network traffic and Google search terms and show all the sorted elements on the display of the computer in mosaic format. This is a unique app with which users can know what is going on their network and can be of great help in identifying and diagnosis of network issues. It is very easy to configure and includes images, network filters, log file settings. It is free to download and its latest version Ether Watch 2.1 is only 6.77 MB in size.

Etherwatch allows you to monitor traffic based on Ethernet address (source, destination or both), Protocol Type (Ethernet Format) or Protocol Identifier (IEEE 802 Extended Format), or any combination of these. When selecting specific packets to be monitored, they must match ALL of the items you specify in the command line for the match to be considered successful. By default, any item not specified in the command line will default in such a way that it will match any packet, therefore specifying items in the command line will restrict the number of packets that are successfully matched.

Qcheck

Benchmark your connection and find out latency

[image_library_tag 062/63062, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

Would newly installed video conferencing system work between two points? If you have come across such questions then one way to actually find out width of pipe connecting two nodes on network is using Qcheck. Qcheck is the benchmark that can be used to measure response time, throughput, streaming rate, and latency between two machines. Simplicity of this utility makes it the choice for benchmarking network; we at PCQuest use this to check connection over wired and wireless network.

One can download this free utility from http://www.ixchariot.com. To use it either install Qcheck on both machines or install Ixia Performance Endpoint on one side and Qcheck on other. In response time test, Qcheck returns the minimum, maximum and average number of seconds it took to complete a transaction while for throughput test, Qcheck returns the amount of data per second that was successfully sent between the two endpoints. In streaming test, this package returns the rate at which the streaming data was received by the second endpoint and the amount of packet loss that occurred and finally for a trace route test, it returns the number of hops, average hop latency, and the address and names of the host at each hop.

NetIO-GUI 1.0.4

Use it to export results of ICMP response into excel or CSV file and then rate results

[image_library_tag 063/63063, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

NetIO-GUI is an easy to use Windows front-end for the multi-platform command line utility ‘NetIO’ and is designed to help users measure the ICMP (Internet Control Message Protocol) response time and network transfer rates between two peers. NetIO is a network benchmark for Windows, Linux and UNIX. It measures the net throughput of a network via TCP and UDP protocols using various different packet sizes. One instance has to run on one machine as a server process, another instance is used on another machine to perform the benchmark. When executed without arguments, the program will explain its usage. The results are saved into a SQLite database file and can be easily compared. One can also export the results into excel or CSV file and can rate your result on a scale of 1 to 5. NetIO GUI comes with multiple language support. In case of errors while trying to start a non-supported language, it automatically goes to English as back-up language. It is free and easily downloadable as its total file size is just 1.6 MB.

Observium

Get enterprise class features for free

[image_library_tag 064/63064, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

How about network monitoring system that could do more? Observium is one among them, it is an auto discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more. Observium provides easy to navigate interface to monitor health and performance of your network. Its design goals include collecting as much historical data about devices as possible, being completely auto discovered with little or no manual intervention, and having a very intuitive interface. One can check demo of this comprehensive package from http://demo.observium.org/ .

Observium is Free Software which means that you can use and redistribute the software without permission and without paying anything but for those who want it to be installed professionally can take paid professional support. Besides monitoring traffic this package has comprehensive list of parameters that it can monitor which include CPU, Memory and Storage statistics. Observium is distributed via an SVN (a version control mechanism based on SVN command) -based release mechanism providing rapid access to security and bug fixes as well as new features. The SVN release mechanism also includes automated database schema upgrades.

Nagios

Do lot more than monitoring network

[image_library_tag 065/63065, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

Nagios is an Open Source infrastructure monitoring tool that is designed to inform system administrators of problems on their networks before it affects clients, end-users or managers, and can be rectified in-time. And amongst long list of features this package can take care of network monitoring too. It was primarily made for Linux, but works well on Windows, Linux/Unix/BSD, Netware, and other network devices too. It is a free software offering absolute monitoring and alerting for servers, switches, applications, and services.

Nagios allows IT team to plan infrastructure upgrades before systems fail and in case of failures it sends out alerts through email or SMS, so that the process of instant recovery could be initiated. Reports provided by Nagios provide users a vast record of outages, events, notifications, and alerts which can be reviewed later to improve the IT infrastructure. In a survey conducted among the nmap-hackers mailing list in 2006, 3243 people responded when asked for their favorite network security tools. Nagios stood 67th overall and 5th in traffic monitoring tools.

Cacti

RRDTool based network management tool

[image_library_tag 066/63066, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. RRDTool’s biggest benefit is that it can monitor nodes across routers, which your ordinary sniffers can’t do. So, if you have your offices connected over WAN links, then you can run this tool from one place and monitor the performance of all your WAN routers. It can even show the usage by specific IP addresses, and you can set alarms if a node’s traffic usage goes beyond a threshold limit. RRDTool can monitor the load average, CPU usage, mount volume, logged-in users, RAM usage and temperature. Here, CPU usage, temperature and RAM usage are possibly only if the node/router supports SNMPv2.

Cacti provide a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

BWMeter

Control traffic and check your network usage

[image_library_tag 067/63067, border=”0″ align=”right” hspace=”4″ vspace=”4″ ,default]

BWMeter is a bandwidth meter, monitor, traffic controller and firewall, which measures, displays and controls all traffic to/from your computer or on your network. This package can analyze the data packets and check where are data packets coming from, where they go, which port and protocol they use this makes it possible to distinguish between local and internet traffic. BWMeter can also be used for traffic control by setting a speed limit for all kinds of connections or restricting access of applications to certain internet sites. It creates statistics for all computers in your network; measuring and displaying all LAN traffic as well as downloads / upload from the internet. You can even define filters which show your transfer with certain internet addresses (e.g. to see how much data you download from your favorite news server). BWMeter is ideal for home users to get an overview of how much bandwidth they use, as well as small to large businesses, where one computer can control the traffic and maintain the statistics of downloaded/uploaded data of all computers in the network. The product is easy to configure and offers a rich set of options and features for beginners as well as experts and network administrators.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<