Although Wireshark is by far the most common network analysis tool on the market, there are also many other network troubleshooting tools that I use a lot. Before getting into the details, I would like to go back some years to one of the funniest network problems I've ever had. The case itself was very simple, but it comes with an important lesson. It had to do with a network in a warehouse of a big hospital. The warehouse workers were equipped with wireless terminals, taking medication as needed and conveying it to the various departments of the hospital. The problem was that all the terminals worked very slowly. They called an integration company to help them with the problem, and these guys came in with every piece of troubleshooting equipment ever made. They came with Wireshark, Sniffer, wireless analyzers, spectrum analyzers, and many other boxes. I went there, and when I saw what they were doing, I told them that they forgot to bring one important thing, their heads. If they had used them, they would have discovered that the problem was a bad RJ45 cable from the warehouse to the hospital's main network 50 meters from there.
The conclusion is very simple of course. Tools are just tools. Without the knowledge of networking and where to use them, they will not help you. In this section I would like to bring in some additional tools, and where to use them.
Note
What I bring here, along with other examples in the book, are devices and software tools that I've worked with over the years. Some of them are freeware and some are commercial products. It is important to note that their descriptions come from my own experience. I don't have a commercial or any other interest in any of them.
The first sets of tools that I usually use to solve a problem are SNMP tools. There are tools with strong mapping capabilities, there are some with good statistical capabilities, and there are some with good logging and events capabilities.
First, in order to just monitor SNMP counters, you can use simple free MIB browsers and graphical tools such as:
|
Vendor |
Software name |
Where to download |
Notes |
License |
|---|---|---|---|---|
|
Manage engine |
MibBrowser |
Very friendly with minimal configuration. |
Free | |
|
Open source |
MRTG |
Requires time and knowledge to install and configure. Good for long-term statistics. Commonly used by ISPs as a console for their customers. |
Free with up to 10 sensors (*1); Commercial from 11 sensors | |
|
SolarWinds |
Network device monitor |
http://www.solarwinds.com/products/freetools/network-device-monitor/ |
Solarwinds is one of the leaders in network management tools, and along with the commercial stuff, you can find many free tools. |
Free |
|
SolarWinds Engineering toolset |
Engineer's Toolset |
Various tools for network monitoring, discovery, SNMP, configuration, basic scanners and more. |
Free with limited capabilities; Commercial with full capabilities |
SNMP platform are pieces of software that provide a central console that shows a map of the network, collects information and presents statistical reports, and collects SNMP events and presents them by severity and other parameters.
Some of the common tools in this category are:
|
Vendor |
Software name |
Where to download |
Notes |
License |
|---|---|---|---|---|
|
Castlerock Computing |
SNMPc |
This is one of the friendliest SNMP tools that I have worked with for more than a decade. The SNMP management platform is very easy to use and is great for network debugging. |
Commercial | |
|
SolarWinds |
Assorted |
SolarWinds has various tools that provide monitoring, mapping, configuration management and other network management capabilities. These are some of the best options available but are expensive. |
Commercial | |
|
Manageengine |
Assorted |
http://www.manageengine.com/network-performance-management.html |
Various tools that provide monitoring, mapping, configuration management and other network management capabilities. One of the best but expensive. |
Commercial |
|
HP |
IMC, NNM, and so on |
http://h17007.www1.hp.com/us/en/networking/solutions/network-management/index.aspx#.UkgqGT8YhyI |
This is a great platform. HP made it much friendlier than previous Network Node Manager (NNM) software. It is definitely worth checking out. |
Commercial |
|
OpenNMS |
OpenNMS |
It is open source but requires know-how of how to configure it. |
Free | |
|
Nagious |
Nagious |
Free |
There are many others tools, such as:
The open source Cacti (http://www.cacti.net/)
Zabbix (http://www.zabbix.com/)
MRTG (http://oss.oetiker.ch/mrtg/)
Some others (some under the GNU public license).
There are the "heavyweight" suites, such as:
The HP OpenView suite of management applications (http://www8.hp.com/us/en/software-solutions/software.html?compURI=1174702#tab=TAB1)
CA Unicenter (http://www.ca.com/us/network-performance-management.aspx)
There are also other medium-sized platforms, various tools from Plixer (http://www.plixer.com/), and many others.
For network monitoring and troubleshooting you will need the very basic tools, while as a platform you will need a more sophisticated one. You can find a nice comparison of management platform on http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems.
NetFlow from Cisco (www.cisco.com/go/netflow) and JFlow from Juniper (http://www.juniper.net/techpubs/software/erx/junose82/swconfig-ip-services/html/ip-jflow-stats-config2.html) provide a method for collecting TCP/IP traffic flow statistics on your routing devices.
SFlow (http://en.wikipedia.org/wiki/Sflow and http://www.sflow.org/index.php) is an industry standard technology for monitoring high-speed switched networks.
The differences between them are:
NetFlow applies to Cisco routers and L3 switches. In layer-3 switches make sure that they support NetFlow (depends on software version and hardware). In some cases, you will need additional software/hardware for this. It was standardized by RFC3954 (http://www.ietf.org/rfc/rfc3954.txt).
SFlow is a standard for monitoring LAN switches and was standardized by RFC3176 (http://tools.ietf.org/html/rfc3176).
IPFIX (RFCs 5101 and 5102) is a standard developed from NetFlow v9, and standardized by the IETF.
All Flow/IPFIX technologies are based on the communications device that collects the flow data from the interfaces and sends them to the management station. They require a simple configuration on the router or switch and software to collect the data and present it.
This software can be used for monitoring which users are causing a load on the network (displayed according to IP addresses or DNS names), on which applications (HTTP, SMTP, and so on, displayed according to their port numbers), web pages (displayed according to their IP addresses, translated to DNS names), and other such criteria. While Wireshark is usually used for this purpose in short-term monitoring (the Conversations feature), these tools can be used for long-term monitoring as well.
Some common software options include:
There are freeware tools, and there are commercial tools with free limited capabilities versions (usually limited by the number of interfaces they can monitor); in commercial SNMP platforms, you usually have a free license for two to five interfaces.
HTTP debuggers are tools that provide statistical and detailed data about HTTP. Here are some tools for this:
What you will get with these tools is HTTP statistical and performance information, for example, how much time it took to open a web page, the reasons for delays, and error summaries.
Syslog (https://tools.ietf.org/html/rfc5424) is a protocol for message logging. There are many parameters on communication devices that can be configured, so in cases where a problem occurs, a message will be sent to the Syslog server. These are usually hardware- and- software- based problems that are not always covered by SNMP.
A great Syslog server (that receives the messages and presents them) can be found at http://www.kiwisyslog.com/free-edition.aspx. There are many other tools, and they are available for free in many management platforms.
Some other tools you might need to get for working with networks are:
A neat tool, Xplico, for extracting application data contained in capture files: http://www.xplico.org/about (freeware)
Nmap security scanner: http://nmap.org/
Netcat (nc) for Linux: http://nc110.sourceforge.net/