Open source, tried and true

Six Network World Lab Alliance members praise the open source testing tools they love to use.

Rodney Thayer, member of the Network World Lab Alliance , is a big believer in using open source tools when simulating enterprise environments for testing purposes. "I dispute vigorously the claim some vendors make that using open source tools is not production-grade testing. [They] bury open source technology in their products, some even without attribution," says Thayer, who is an independent network security consultant. "They can't tell me that [a tool like] OpenSSL is not good enough to test against when they are simultaneously claiming it's good enough to sell to me."

Tools: AirJack and File2AirSource:

What do they do? AirJack is a device driver for 802.11 raw frame injection and reception, and File2Air puts the AirJack contents on the wireless network.

Who likes them and why? Wireless testing guru Henderson relies on these two tools regularly. "File2Air allows us to develop 802.11 packet types and insert them into AirJack wireless LAN client drivers," he says. "We can test how an access point reacts and also get a good view on access points from how they react to differing streams. We also use File2Air to emulate error conditions and perform denial-of-service simulations."

Tool: Ethereal


What does it do? This network protocol analyzer, which runs on Unix, Linux and Windows systems, can dissect more than 650 protocols (for a list of the protocols, click here). With Ethereal, users can access live network data or view, edit and save data-captured files.

Who likes it, and why? Ethereal gets high marks from Newman and Andress for supporting an array of network devices, running on many platforms, and being easily extensible and easy to use. "It's got the best interface and the most options available," says Andress, adding that her favorite feature is the ability to monitor traffic at the packet level so she can watch specific communications while ignoring others.

Tool: Fedora CoreSource:

What does it do? Fedora Core comes out of the Fedora Project, a Red Hat-sponsored effort to build a complete, general-purpose operating system from free software. Red Hat engineers and developers from the open source community at large create new releases.

Who likes it, and why? Thayer and Andress favor this tool but employ different versions. Thayer likes Red Hat Fedora Core 1 (now known as Fedora Legacy ), but recommends skipping the "flaky" Fedora Core 2. Fedora Core 3, the latest installment of the operating system, gets Andress' vote. "Red Hat is the most-used Linux system in enterprise systems, and [Fedora Core 3] is developed off the base of that," she says. That gets testing very close to a commercial Linux environment without the expense, she explains.

Tool: Firefox, with LiveHTTPHeaders and Web Developer Extension


What does it do? This Web browser features pop-up blocking, tabbed browsing, Active X control bans and an intelligent search engine.

Who likes it, and why? Web site developer Powell sees Firefox catching on as an open source alternative to Microsoft's Internet Explorer. He adds testing panache to the browser via the LiveHTTPHeaders and the Web Developer Extension add-ons. The LiveHTTPHeaders help users debug Web applications, see which kind of Web server a remote site is using, and view cookies sent by the remote site. The Web Developer Extension simply adds a menu and toolbar to the browser with critical Web development tools that let you validate the CSS, HTML and accessibility of Web pages. The Web Developer Extension also lets you make live edits to CSS pages, and configure Web site colors, create keyboard shortcuts and view style information for page elements.

The buy side

When Lab Alliance members go commercial, these are the tools they seek out.

While many Network World Lab Alliance members favor open source tools for testing, some say commercial tools are more appropriate at times. And at least one, Joel Synder, senior partner at Opus One, will only use commercial tools.

Click here for more

Tool: IperfSource:

What does it do? Analyzes network bandwidth and comes in handy for determining how adjustments to TCP and User Datagram Protocol (UDP) parameters, such as window size, bandwidth and time to live, would affect network performance.

Who likes it, and why? Bass calls Iperf "a must-have for measuring link capacity, latency and packet loss."

Tool: Kismet


What does it do? Available for PCs and Macs, Kismet is a WLAN security assessment tool that works with 802.11 a/b/g for network detection, intrusion detection and sniffing.

Who likes it, and why? Kismet is important for finding wireless networks, offering up details about those networks and trying to crack Wired Equivalent Privacy keys, Newman says.

Tool: Multi Router Traffic Grapher (MRTG)


What does it do? Monitors traffic loads on network links and creates a live visual representation of this traffic via HTML; can test system load, logon sessions and modem availability. MRTG, based on Perl and C, can operate in a Unix or Windows environment.

Who likes it, and why? Bass recommends MRTG as "a time series data grapher that's great for monitoring network link utilization or anything that has data that changes over time."

Tool: Netperf


What does it do? This benchmarking tool lets IT managers test for unidirectional throughput and end-to-end latency in TCP, UDP, Unix and other environments. Its primary focus is on bulk data transfer and request/response performance.

Who likes it, and why? Newman calls Netperf "a simple and powerful PC-based traffic generator."

Tool: Nmap


What does it do? As the name suggests, Nmap maps out available hosts, the services those hosts are offering and what operating systems are in use. Nmap also determines what types of filters or firewalls are employed.

Who likes it, and why? Several Lab Alliance partners count Nmap among their favorite open source wares for its ability to rapidly scan large networks or single hosts. Andress uses the tool to confirm services running on a system, while Henderson considers it a standard auditing tool for verifying configurations and to help assure operating system/networking operating system protocol types. "It runs on a variety of platforms and is an older and mature open source project," he says.

"Anyone should be able to run it and see decent results," Thayer adds.

Tool: Nessus


What does it do? One of the most popular open source testing tools, this vulnerability scanning tool matches results against a massive database of security holes. An RSS feed lets users monitor security checks and updates. Nessus runs on Windows, Mac OS X and Unix.

Who likes it, and why? Nessus is key in checking for known vulnerabilities in mission-critical enterprise devices and applications, Andress says. Thayer agrees, saying that all vendor quality assurance departments and IT managers should be testing against this "cute, easy-to-get, GUI-based" network scanner. "At least once every six months, I catch a product actually crashing, severely, when I scan it with Nessus," he says.

Tool: Snort


What does it do? Developers tout Snort as an open source intrusion-detection system, but the software also functions as a packet sniffer and logger. Snort detects attacks and probes, including buffer overflows, stealth port scans and CGI attacks, and alerts users to problems in real time.

Who likes it, and why? Talk to anyone in the security field and chances are you'll hear about Snort. Andress, for one, finds the tool an important part of her testing arsenal because it's the "most equivalent to commercial products."

Snort benefits from having a large pool of developers working on updates, she says. "It's stable, and new signatures are added almost as instantaneously as they're found, including Microsoft exploits," Andress says.

Gittlen, former events editor at Network World, is a freelance technology editor in Northboro, Mass.

Copyright © 2005 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022