Professional Documents
Culture Documents
Network Monitoring Tools
Network Monitoring Tools
Network Monitoring Tools
When you launch Microsoft Network Monitor, choose which adapter to bind to from the main
window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click
“Capture Settings” to change filter options, adapter options, or global settings accordingly and
then hit “Start” to initiate the packet capture process.
2. Nagios
Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems,
applications and services are always up and running. It provides features such as alerting, event
handling and reporting. The Nagios Core is the heart of the application that contains the core
monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement
plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as
well as add-ons for data visualisation, graphs, load distribution, and MySQL database support,
amongst others.
Tip: If you want to try out Nagios without needing to install and configure it from scratch,
download Nagios XI and enable the free version. Nagios XI is the pre-configured enterprise class
version built upon Nagios Core and is backed by a commercial company that offers support and
additional features such as more plugins and advanced reporting.
Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to
seven nodes.
Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host
groups and service groups. Once Nagios has had some time to monitor the status of the specified
hosts and services, it can start to paint a picture of what the health of your systems look like.
3. OpenNMS
OpenNMS is an open source enterprise grade network management application that offers
automated discovery, event and notification management, performance measurement, and
service assurance features. OpenNMS includes a client app for the iPhone, iPad or iPod Touch
for on-the-go access, giving you the ability to view outages, nodes, alarms and add an interface
to monitor.
Once you successfully login to the OpenNMS web UI, use the dashboard to get a quick
‘snapshot view’ of any outages, alarms or notifications. You can drill down and get more
information about any of these sections from the Status drop down menu. The Reports section
allows you to generate reports to send by e-mail or download as a PDF.
4. Advanced IP Scanner
Advanced IP Scanner is a fast and easy to use network scanner that detects any network devices
(including wireless devices such as mobile phones, printers and WIFI routers) on your network.
It allows you to connect to common services such as HTTP, FTP and shared folders if they are
enabled on the remote machine. You are also able to wake up and shut down remote computers.
The installer allows you to fully install the application on your machine or run the portable
version. When you launch Advanced IP Scanner, start by going to Settings > Options to select
which resources to scan and how fast/accurate you want the results to be. You can then choose
which subnet to scan and proceed with pressing the “Scan” button. Once the scan is complete,
expand the results to see which resources you are able to connect to for each discovered device.
5. Capsa Free
Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot
network issues and analyze packets. Features include support for over 300 network protocols
(including the ability to create and customize protocols), MSN and Yahoo Messenger filters,
email monitor and auto-save, and customizable reports and dashboards.
When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the
capture process. Use the tabs in the main window to view the dashboard, a summary of the
traffic statistics, the TCP/UDP conversations, as well as packet analysis.
6. Fiddler
Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the
Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests
and responses before they hit the browser. Fiddler gives you extremely detailed information
about HTTP traffic and can be used for testing the performance of your websites or security
testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).
When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic
capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by
clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from
the top menu bar onto an open application.
7. NetworkMiner
NetworkMiner captures network packets and then parses the data to extract files and images,
helping you to reconstruct events that a user has taken on the network – it can also do this by
parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network
packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool
(NFAT) that can obtain information such as hostname, operating system and open ports from
hosts.
In the example above, I set NetworkMiner to capture packets, opened a web browser and
searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab
are what I saw during my browser session.
When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to
initiate the packet capture process.
8. Pandora FMS
Pandora FMS is a performance monitoring, network monitoring and availability management
tool that keeps an eye on servers, applications and communications. It has an advanced event
correlation system that allows you to create alerts based on events from different sources and
notify administrators before an issue escalates.
When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’
node from the left hand navigation pane. From here, you can configure monitoring agents and
services.
9. Zenoss Core
Zenoss Core is a powerful open source IT monitoring platform that monitors applications,
servers, storage, networking and virtualization to provide availability and performance statistics.
It also has a high performance event handling system and an advanced notification system.
Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step
wizard that asks you to create user accounts and add your first few devices / hosts to monitor.
You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure,
Reports and Advanced tabs to configure Zenoss Core and review reports and events that need
attention.
When you launch The Dude, you first choose to connect to a local or remote network and specify
credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and
Reports.
12 Splunk
Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze
data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic,
etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive
search, reporting and dashboard features to make the most of the collected data. Splunk also
allows you to install ‘Apps’ to extend system functionality.
Note: When you first download and install Splunk, it automatically installs the Enterprise
version for you to trial for 60 days before switching to the Free version. To switch to the Free
version straight away, go to Manager > Licensing.
14 Icinga 2
Icigna is a Linux based fully open source monitoring application which checks the availability of
network resources and immediately notifies users when something goes down. Icigna provides
business intelligence data for in depth analysis and a powerful command line interface.
When you first launch the Icigna web UI, you are prompted for credentials. Once you’ve
authenticated, use the navigation menu on the left hand side to manage the configuration of
hosts, view the dashboard, reports, see a history of events, and more.
16. NetXMS
NetXMS is a multi-platform network management and monitoring system that offers event
management, performance monitoring, alerting, reporting and graphing for the entire IT
infrastructure model. NetXMS’s main features include support for multiple operating systems
and database engines, distributed network monitoring, auto-discovery, and business impact
analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a
management console.
Once you login to NetXMS you need to first go to the “Server Configuration” window to change
a few settings that are dependent on your network requirements (e.g. changing the number of
data collection handlers or enabling network discovery). You can then run the Network
Discovery option for NetXMS to automatically discover devices on your network, or add new
nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.
17. Xymon
Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive
deep into the configuration, performance and real-time statistics of your networking
environment. It offers monitoring capabilities with historical data, reporting and performance
graphs.
Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts
that you are going to monitor. Here, you add information such as the host IP address, the network
services to be monitored, what URLs to check, and so on.
When you launch the Xymon Web UI, the main page lists the systems and services being
monitored by Xymon. Clicking on each system or service allows you to bring up status
information about a particular host and then drill down to view specific information such as CPU
utilization, memory consumption, RAID status, etc.
18. WirelessNetView
WirelessNetView is a lightweight utility (available as a standalone executable or installation
package) that monitors the activity of reachable wireless networks and displays information
related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher
Algorithm, etc.
As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi
networks in the area and displays information relevant to them (all columns are enabled by
default).
Note: Wireless Network Watcher is a small utility that goes hand in hand with
WirelessNetView. It scans your wireless network and displays a list of all computers and devices
that are currently connected, showing information such as IP adddress, MAC address, computer
name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.
20. WireShark
This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive
network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of
protocols and runs on multiple platforms.
When you launch Wireshark, choose which interface you want to bind to and click the green
shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected
what you need, you can export the data to a file for analysis in another application or use the in-
built filter to drill down and analyze the captured packets at a deeper level from within
Wireshark itself.