We all know that IT budgets are constrained and we are challenged to do more with less and “working smarter not harder.” IT departments increasingly rely on open-source to help them get things accomplished.
The network consulting company that I work for is similarly cost-conscious. Therefore, I am constantly looking for new open source tools that can make my life easier or allow me to assess client network environments. Here are some of my favorites, including a few lesser-known treasures, to help you manage your networks on a tight budget.
Drop me a comment and let me know your thoughts on any of these tools -- or share a tip on your own secret weapons.
Not everyone can afford Solarwinds Orion Network Configuration Management (NCM) or CiscoWorks LAN Management Solution (LMS) to manage the changes to their network device configurations. That is why Really Awesome New Cisco confIg Differ (RANCID) continues to be a favorite tool among network engineers. RANCID is easy to install and configure on a variety of operating systems. RANCID’s real benefit to network administrators is its ability to backup network device configurations and help you investigate changes to your environment. Since most network issues are attributable to human error, it is valuable to have that historical record of what changed. Configuration management is one of the best-practices that typically go by the wayside for organizations on a limited IT budget. Often times the root cause of the problem can be easily found within that list of differences between yesterday’s and today’s configuration.
Links to the commercial tools I referenced:
Download RANCID here.
I like using Backtrack 4 to help me perform security assessments. It contains most of the tools that a penetration tester would need. Back in January I wrote about Backtrack 4 when it was first released and wrote about how it organizes the tools into categories that relate to different security assessment methodologies. Backtrack 4 R1 is the current version and it contains most of the tools that security practitioners use for performing security assessments. Backtrack 4 organizes the tools into categories that relate to the security assessment methodology. Most of the must-have tools are already compiled and installed and ready to go. It would take you a long time to put together such an extensive collection of tools on your own. Backtrack 4 contains many of my favorite tools: nmap, OpenVas, Paros Proxy, Burpsuite, W3AF, Metasploit Framework 2 & 3, Social Engineering Toolkit (SET), Ophcrack, XHydra, Netcat, SNORT, among numerous others.
Multicast can be one of the most elusive types of traffic to test and troubleshoot. Unlike Unicast traffic that is typically client/server in nature, multicast one-to-many traffic is more difficult to verify. With multicast you have to troubleshoot the IGMP communications, the multicast routing protocols, and the application traffic being forwarded. Multicast applications do not typically have good diagnostic capabilities so you need a simple multicast-capable source and receiver to test your end-to-end multicast reachability. VideoLANClient (VLC) is a great multicast client/server/media-player that can use an extremely wide array of stream sources and protocols. VLC can be set up as a multicast source on one end of your network and another node can run the exact same VLC version as a multicast receiver. VLC works with IGMPv2, IGMPv3, and MLDv1 and MLDv2 for IPv6 testing. VLC can stream multimedia files, DVDs, audio files, and many other media formats.
It is important to know that your network is able to operate at its peak potential. However, it can be difficult to artificially simulate a large amount of traffic to validate the throughput ceiling. It is helpful to have a tool in your bag that can help determine the end-to-end throughput of a link or traffic path. For years network experts have used IPerf as a CLI tool to perform TCP and UDP traffic analysis. IPerf was originally written by a group at National Laboratory for Applied Network Research (NLANR), but it has now been updated by Google. Google has also put a Java GUI on the tool to make it just that much more usable. That latest version of JPerf 2.0.2 allows you to easily adjust the buffer/MSS/TCP window size, and navigate all the lesser-known IPerf CLI options. JPerf provides a nice chart of the performance, as opposed to the table-format of IPerf, and JPerf allows you to save pervious tests for quick recall and retesting. As a bonus this tool will also work with an IPv6-capable client and server.
You may also have a need to assess application performance because people tend to “blame it on the network.” To validate that the problem is not within the network domain and assess application performance a tool like JMeter comes in handy. JMeter is a simple Java application that can perform load tests on a wide variety of web-based applications, FTP, and other protocol traffic. It takes just a moment to download the package, unzip it into a directory, run the JMeter application and get started configuring your test. Just make sure you already have Java Runtime Environment (JRE) installed. There are a wide variety of tests and test options. The easiest way to get started is to first create a Thread Group and then apply your tests beneath that. Then you can run the test and look at the results/reports that you configured for your test. There are many tutorials and examples out there to help your learning curve. JMeter can be configured for multiple threads and can really generate a lot of traffic and help you determine how many connections per second your systems are capable of serving.
Not many IT shops can afford dedicated hardware-based protocol analyzers or RMON probes for the organization’s many network segments. That is why software-based protocol analyzers are often used on network-engineer laptops or dedicated computers setup on crash carts. Hardware-based protocol analyzers are good for troubleshooting physical-layer errors because they have dedicated NICs and special operating system software. Conversely, software-based protocol analyzers on laptops do not show the physical erred packets because they are not forwarded up to the operating system through the NIC driver. Many of us know how great Wireshark is and the vast number of protocols that it supports. Wireshark can even monitor the Virtual Switch Link (VSL) header (VSH) communications on a Cisco Virtual Switching System (VSS). Wireshark can monitor SIP/skinny/RTP traffic and capture the voice conversation from a VoIP call. Wireshark is also good for capturing the application payload data for other protocols. Wireshark has full IPv6 capabilities so you can troubleshoot IPv4/IPv6, DHCPv6, and DNS queries/responses with dual-protocol behavior. Wireshark can now decode 3GPP, GSM over IP, and UTRAN mobile phone signaling packets.
Fewer of us have lab setups as extensive as Scott Morris's mega-lab. Indeed, many network administrators do not have access to a suitable lab at all. Their organizations are not financially capable of providing lab devices that are similar to those devices in the production network. However, it is often useful to configure a simple little scenario to validate an idea or prototype a solution. Dynamips is a system that allows you to emulate Cisco IOS image files and run them in a configurable environment. You can use Dynagen 1.11.7 or Graphical Network Simulator (GNS3) 0.7.2 front-ends that utilize Dynamips underlying capabilities to make it easy to configure a virtual lab of Cisco routers joined together. Once the lab devices and interconnection is defined within the text file, the lab can be started and you can console to your routers and commence the fun. Just be sure you are cognizant of the CPU and memory resource constraints of building a large lab environment and review the tutorial to set the idle-PC value. If you are studying for any Cisco certification that requires hands-on experience, then these free tools are invaluable.