Wireshark is the de facto packet analysis tool and it comes with a wealth of options beyond what is included in a default installation. One option I discovered recently was to leverage the free version of the MaxMind geolocation database to enhance the visibility of packet data within Wireshark to include BGP AS assignment information, cities, and countries. This allows you to create filters based on this geolocation data which can be incredibly useful to quickly include or exclude interesting traffic based upon country or origin for example.
The complete setup guide can be found here.
In the course of operating a network there are countless times when it’s incredibly useful to be able to generate very specific types of network traffic. Some examples I’ve personally encountered are:
- QoS troubleshooting (the ability to generate DSCP or CoS tagged packets)
- Reproducing specific traffic for troubleshooting purposes
- Validating access lists and security policies
- Testing how applications respond to unique traffic
A fantastic tool to accomplish these tasks, amongst many others, is Ostinato. Ostinato is cross-platform with API support so you can integrate it with existing tools and processes. In addition to browsing the web site I would highly recommend listening to the Packet Pushers Priority Queue episode 52. In this episode host Ethan Banks talks to one of the creators of Ostinato provides and provides great overview of the tool as well as how to put it to use.
There are times when it’s incredibly convenient to be able to stand up an FTP server without the need to actually install anything or reboot. I came across Xlight FTP for Windows and was pleasantly surprised to find that it didn’t require any installation and worked well with very little setup or configuration required. You basically double click the application and bind the FTP service to an IP address and TCP port and then you add a user account and assign directory permissions. Once done you click the “play” button and the server should start up.
Here’s a link to their page: http://www.xlightftpd.com/
They offer 32-bit and 64-bit versions as well as a “traditional” installer based version.
TranslatorX is an indispensable tool for parsing Cisco Unified Communications Manager (CallManager) as well as Cisco CUBE logs and trace files. Check it out here: http://translatorx.cisco.com/
I recently discovered the excellent web based diagramming tool named Gliffy. You can think of it as a web based version of Microsoft Visio at a high level. In addition to network diagrams you can create flowcharts, org charts, sitemaps, user interface diagrams, etc. The import/export functionality works well and even supports importing Visio VDX files (not VSD though). Gliffy offers smooth integration with Google Drive.
A free account offers you the ability to test drive the capabilities of their platform with a few limitations including:
- Total diagrams are limited to 5
- Storage is limited to 2 MB
- Inability to create private diagrams (everything you create is viewable by anyone)
I encourage you to take their tool for a test drive at http://www.gliffy.com/
TACACS+ provides authentication, authorization, and accounting services for network devices. In simple terms this provides granular control over who has access (authentication), what that user is allowed to do (authorization) and keeps a log (accounting) of everything that user does.
Marc Huber has created and maintained a fantastic open source TACACS+ server for Linux available here: http://www.pro-bono-publico.de/projects/tac_plus.html
If you’re more inclined to the Windows world have a look here at a free TACACS+ server for Windows: http://www.tacacs.net
Often it can be challenging to test how an application will perform over different types of network connections. Development is normally done when the application is running on a server located in the same building or campus over high-speed, low-latency connections.
Once applications start to be used over longer distances it becomes increasingly apparent that proper testing should include testing how these network variables impact both front-end (user interaction) and back-end (interaction with other business components, a database for example) performance of applications.
I’ve found that the open source software package “WANem” does an excellent job simulating a huge variety of WAN conditions. The developers of this great tool have taken all the challenge out of using their application by making it available as a virtual machine.
Once you have WANem running the configuration is through an intuitive web interface. The product documentation is well written and easy to understand.
Here’s a link to the SourceForge page of WANem.
This is mostly notes for myself… however, it was a useful post on NANOG that I wanted to keep track of. So I’m listing some packages to manage systems and devices via SNMP, syslog, daemons on the hosts, etc… and of course including graphing of time series data and such too.
Argus – http://argus.tcp4me.com
BigBrother – http://bb4.com/
Cacti – http://www.cacti.net
Groundwork – http://www.groundworkopensource.com/
Hyperic – http://www.hyperic.com/
Munin – http://munin.projects.linpro.no/
Nagios – http://www.nagios.org
OpenNMS – http://www.opennms.org/wiki/Main_Page
OpManager – http://www.manageengine.com
opsview – http://www.opsview.org/
Orion (not open source) – http://www.solarwinds.com/products/orion/
osimius – http://www.osmius.net/
PandoraFMS – http://pandorafms.org/
Spiceworks – http://www.spiceworks.com/
Zabbix – http://www.zabbix.com/
Zenoss – http://zenoss.com
NMIS – http://sins.com.au/nmis/ – http://sourceforge.net/projects/nmis/files/
http://www.icinga.org/ – a fork of Nagios
http://software.uninett.no/stager/ – another netflow tool
http://nedi.ch – amazing network discovery and inventory of hardware/network resources
http://nipper.titania.co.uk/ – audit tool for different network devices
I have tried many different monitoring platforms some of which have been open-source and many of which have been proprietary, and all of which have seemed to miss the point when it comes to being extensible and at the same time be reasonably easy to manage. I recently discovered Zabbix which looks to be the perfect blend of easy to manage while also including all the advanced capabilities that make a monitoring package flexible enough to be useful.
A quick overview of some of the more interesting capabilities includes:
- Distributed Monitoring (the ability to have remote nodes gather information and push that information to your primary management server)
- Complex escalation options
- Agent based monitoring with support for various Linux/Unix variants, Windows, OS X, and others
- Customizable web interface to allow individuals the ability to create an interface that is most useful and relevant
- A variety of alerting methods including e-mail, Jabber, SMS, and others
- A web based regular expression editor to facilitate advanced alerting based on more complex criteria than simple “up/down” type methods
- Database storage of all data and published API’s for integration with 3rd party tools
I came across this software yesterday and must admit I was quite impressed at this open source network discovery software. The basic idea is to use existing network discovery protocols such as CDP, FDP, LLDP as well as SNMP to “crawl” a network and record the various network relationships encountered. It also appears to have a very clean and user friendly interface which is something many network management tools seem to lack.
NeDi is web based and runs on a standard LAMP (Linux, Apache, MySQL, and PHP) infrastructure.