Open Source Dashboard Softwares - Business Intelligence

https://www.predictiveanalyticstoday.com/open-source-dashboard-software/


https://logz.io/blog/business-intelligence-tools/

A NetOps to DevOps Training Plan

Courtesy - Dave Trucker

My recommendation was basically for Networkers to be open to change, and to start broadening their horizons. DevOps is coming to networking and that is a FACT. You might be wondering what skills a Network DevOps Engineer needs and here I attempt to answer that.

It's still about NETWORKING

I'm going to state this upfront here. You need to be good at Networking for any of the other skills here to be useful. Continue along vendor certification tracks, follow the IETF, join NANOG, experiment with new technologies. This is all invaluable.

Software Engineering Fundamentals

A lot of the DevOps skills have roots in Software Engineering. Being a Network Guy ™ this may seem like a little bit of a paradigm shift but here's something cool. Would you believe that some of these software engineering concepts have more to do with engineering best practice than with software, and are in fact relevant to the work you are doing today? Also, your SysAdmin buddies already know this and started their DevOps pilgrimage a while ago.

Unit/Functional/Integration Testing, Version Control, Agile, Test-Driven Development (TDD) and Behaviour Driven Development (BDD) are all things that you could benefit from today.

Fortunately, there is an easy way to pick these skills up. The folks over at Software Carpentry have put together a set of Tutorials to help research scientists get to grips with Python and supporting tools. The Lessons are put together in such a way that they are easy to understand for mere mortals (unlike a lot of CS textbooks/lectures)

Know your *nix

An understanding of Linux is going to stand you in good stead in the transition from NetOps to DevOps. As much as people like to talk about "Death of the CLI" they don't realise how much time Developers and SysAdmins spend in the Terminal. Whether this be checking in code with git, extracting information from Open vSwitch or using the OpenStack CLI clients you will likely spend a lot of time in the terminal too. Learning how to be productive here is essential and a good understanding of Linux will help when troubleshooting complex issues.

LPIC

There are vendor neutral *nix certifications which are worth a look like LPIC-1. While I haven't gone through this myself, I have read some LPIC study materials and found this infinitely useful. If you want a vendor certification, Red Hat have certifications available too.

Have some fun

Learning Linux doesn't have to be boring. I prefer a more practical approach so you may find attempting one of the following a nice project to hone your Linux-Fu:

• Install Arch Linux
• Replace your ESXi Lab with KVM, Libvirt and Open vSwitch
• Write command aliases to save yourself some typing
• Learn vim, and make yourself a .vimrc

Learn some Python

I'm biased towards Python, but I feel it's the most approachable Programming Language for Network Engineers to pick up.

1. It has an "Interactive Interpreter" which is a lot like a CLI and let's you enter statements to see what happens
2. It can be used to basic scripting or beautifully designed object-oriented software but it doesn't force you to do things one way or another.
3. There is a rich ecosystem of libraries that simplify doing everyday tasks
4. It's being embedded in Network Devices AND network vendors are providing Python libraries for their software.

You don't need to know Python much to start getting real value. Think of how many things you could automate! People joke about automation not saving time (as it takes time to automate) but during that time you are getting a better understanding of Python, so it's not a total loss. Whether it's your weekly report, Mining the Social Web or something more Network-centric, undertaking a Python project will be really worthwhile... and if you can, host the result up on GitHub.

There are hundreds of good tutorials online, but if you are just getting stated I would recommend CodeAcademy.

Get your head around "Infrastructure as Code"

"Infrastructure as Code" is the battle cry of DevOps. To really understand what this is about and to get a handle on the what/why/how for Networking I'd recommend that you spend some time with:

• Chef
• Puppet
• Ansible
• CFEngine
• SaltStack

Run through the tutorials, boostrap a server with Chef, use Puppet to deploy a LAMP server and if you are feeling brave, write a Chef Cookbook/Puppet Manifest. I couldn't mention this and not mention the awesome working being done on the Netdev library for Puppet and Chef.

What about some SDN?

You could take a course on Coursera, but why not get some practical experience? Download OpenDaylight and follow one of Brent Salisbury's awesome tutorials. You can simulate massive networks using Mininet and have some fun pushing paths using the REST API or experimenting with OpenStack integration. The nice thing about the OpenStack integration piece is that this requires you to get DevStack working, which is not easy, and it gives you some OpenStack experience.

Conclusion

Looking in to my crystal ball, I would predict that the Network DevOps engineer will need:

• Strong Networking Skills
• Knowledge of Linux System Administration
• Experience with Puppet/Chef/Ansible/CFEngine/SaltStack would be desirable
• Scripting skills in Bash, PHP, Ruby or Python
• Ability to work under Source Control (git)
• Experience in consuming (REST) APIs
• Experience with OpenStack and OpenStack Networking
• Appreciation of Software Defined Networking (SDN)
• Knowledge of Agile Methodologies
• Knowledge of Test-Driven Development
• Ability to write Unit and Integration Tests

Appendix A: Relevent Open Source Projects

• OpenStack
• Open vSwitch
• OpenDaylight

Appendix B: Tools of the Trade

• Git
• IRC (FreeNode)

Appendix C: Further Reading

Kyle Mestery (@mestery) pointed me to a great slide deck that show his thoughts on this topic. This is definately worth a look!

NETCONF, YANG, RESTCONF and NetOps in SDN World

Courtesy - Dave Tucker


What is NETCONF

NETCONF is defined in RFC 6241 which describes it as follows:

The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs).

It's not a new technology, as work started on this approximately 10 years ago, but what it gives us is an extensible and robust mechanism for managing network devices.

NETCONF understands the difference between configuration data and state data. As somebody who has been bitten by trying to perform a create operation and faced validation issues as I've mistakenly sent (or worse, edited) a read-only field in a request, I feel this is really valuable.

Another great thing from an operations perspective is the ability to test/validate configuration before it's applied to the device. NETCONF allows you to set at test-option for an edit-config operation that will either test only, or test then set the configuration.

Being XML-based, we can also validate our NETCONF against an XML Schema Document (XSD).

NETCONF supports devices with multiple config datastores e.g running/startup or candidate/running/startup.

Furthermore, we can also subscribe to notifications or perform other Remote Procedure Calls (RPCs) using NETCONF.

What is YANG

YANG is defined in RFC 6020 which describes it as follows:

YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications.

I am going to make a bold assertion here

Machines love XML

Human's do not love XML.
-- Dave Tucker

Unfortunately it's humans that write standards, and standards dictate data models. Therefore it's in our interest to have a modeling language that people unfamiliar with XML can use and this is where YANG really shines.

YANG is hierarchical (like XML) and supports all of the niceties of a programming language like re-usable types and groupings and more importantly, extensibility. It has a powerful feature called "Augmentation" that allow you to extend an existing tree with some additional information. As it's designed for NETCONF, it allows you to model NETCONF-specific items like additional RPC's and the contents of notifications.

YANG is supported by some awesome open source tooling like pyang.


NETCONF <3 font="" yang="">

NETCONF is XML-based, which means that somebody (your network vendor) needs to model their configuration structure appropriately (unless they cheat and use a CLI format). Yang is the perfect way to do this, and also acts as good user documentation when parsed through pyang.

Consider the following yang snippet:

It doesn't take too much brain power to work out that this is a list of interfaces, the unique key is interface-name, and each interface has a speed and duplex. The accompanying XML would then be:

My hope for NETCONF and YANG is that the IETF and other SDO's standardize as many data models as they can. In this way, we can have a standard set of models that can be used for true multi-vendor network management. We don't want hundreds of proprietary MIB files, and I hope that the ease of modeling in Yang will encourage this.

So what has this got to do with SDN?

Even in SDN, we still have persistent state on network devices. OpenFlow doesn't automatically configure itself which is why OF-Config, which uses NETCONF, was developed. Open vSwitch, the de-facto standard for virtual switching, uses Open vSwitch Database Management Protocol (OVSDB) defined in informational RFC7047 which uses JSON-RPC.

Where I see NETCONF adding value is that we have a single protocol for managing configuration for both the traditional, and software defined network. I also don't want to get in to an Open Source vs Open Standards debate, but when interoperability is concerned open standards are essential, and having a standard set of Yang models would be advantageous.

It also has one other benefit, enabled by RESTCONF. Device-level Northbound API standardization.

What is RESTCONF you say? RESTCONF is currently an IETF Draft.

This document describes a REST-like protocol that provides a programmatic interface over HTTP for accessing data defined in YANG, using the datastores defined in NETCONF.

Now device-level NBI's aren't exactly SDN in my book, but they are pretty useful to Network DevOps. What RESTCONF does, is enable simple Yang models to be accessed over HTTP using RESTful-ish style.

Why is this so awesome?

NETCONF is really powerful, but it's a little cumbersome for small tasks. RESTCONF is the more nimble cousin which allow people that are already well-versed in a little REST-API work to perform small tasks without needing to learn an entirely new skill set. That's a real win for DevOps in my book.

Incremental SDN: Automating Network Device Configuration

Courtesy - TechWorld

Automation is a logical next step in the SDN migration journey.

The definition of Software Defined Networking (SDN) continues to broaden, today including functions such as configuration automation and orchestration. While these tasks aren't strictly SDN, the fact is software is used to define some aspect of the network infrastructure in both cases, so vendors have stretched the definition of SDN to bring configuration automation and orchestration platforms into the mix.

In fairness, the line gets blurry, as some modern orchestration systems use programmatic interfaces to provision the network instead of traditional configuration tools such as SSH or SNMP.

In many organisations, automating the configuration of network devices is where "SDN" is initially gaining traction. The impetus for this is straightforward: configuring network devices is woefully complicated. As vendors build more features into their routers, switches, firewalls and application delivery controllers, the command line syntax required to configure those devices becomes increasingly loaded with options and syntactic choices. Web-based GUIs are often a CLI alternative, but are slow to navigate. Web GUIs also have a way of obfuscating functions by hiding them in unlikely pages, making access to them a series of annoying clicks.

The point of commonality in traditional network device configuration is humans -- whether they use a CLI or a GUI -- and, for all our considerable merits, we aren't as competent as computers at syntax, perfectly inputting long strings of data, or remembering each step of a complex task. In my experience, humans are the No. 1 cause of network outages in the form of network engineers making an honest mistake.

Asking a human to a make a change to a production network is akin to asking a human to change the air filter on a car. While the car's engine is running. And the car is traveling down the highway at 70 miles per hour.

Can it be done? Yes. Should it be done? Hmm. Seems a little risky. And yet, organisations take exactly these risks every day, often mitigating that risk with scheduled maintenance windows. However, even those windows don't change the fact that a modern network is expected to be up 100% of the time.

For years now, server administrators have been automating repeatable and complex tasks with several different tools. Network devices are not servers, but of late, several tools from the server world are being used by the network community. These tools are addressing the issue of complexity and human error in device configuration. These tools could also be considered an incremental step on the SDN journey. While configuration automation isn't pure SDN, it certainly moves an organisation closer. Let's take a look at a few tools to introduce this emerging trend.

A choice of tools

Python.  The Python programming language comes first in this list because it is widely available, popular, well-documented, and considered by many to be easy to use. In addition, some other tools that might be used for network configuration are written in Python. Therefore, Python is a flexible, multi-use tool that network engineers have been using to help them with network configuration either directly or indirectly.

The big idea behind using a programming language to create network device configurations is that a program both ensures a predictable result and can iterate through repetitive tasks. For example, let's say an organisation needs to build configurations for 100 switches, that are all configured identically except for details like the hostname and perhaps VLAN membership. A program could be written in Python to generate the required configuration over and over again, substituting in the unique elements of a specific switch per iteration. Rather than an engineer building each switch by hand, copying and pasting sections of configuration and making sure the unique bits get swapped out as needed, a program does all of that work.

Python is far from the only programming language that can do this sort of work. For simple tasks as described above, all sorts of options are available. But Python has the benefit of a powerful set of libraries to access network devices and otherwise make it relatively easy to not only create configurations, but also apply those configurations.

Notably, network vendors are writing APIs for their equipment with support for Python. Cisco onePK supports Python, for example, Arista's EOS-API can be accessed with Python, and Juniper has released a "PyEZ" library to enable access to Junos devices via Python.

Jinja2.  One example of Python's extensibility is Jinja2. Jinja2 is a Python library acting as a template engine. Templates are used for repeated bits of code, where perhaps just a few variables change from device to device. In network engineering, templates are useful for configuring big chunks of code that are identical on all devices of a certain class, such as a router, or for paragraphs of code in a device describing interfaces, VLANs, VRFs, and so on.

Jinja2 adds template functionality to Python, making it possible for a network engineer to iterate through all the interfaces on a device, adding unique descriptions and VLAN assignments for each one without having to manually configure each interface separately. As most data centers have a standard set of commands used on all of their interfaces, Jinja2 templates both save time and reduce potential errors when generating configuration with Python.

Puppet.  For those not wanting to learn a programming language, there are several configuration tools popular in the server world that could be considered for network device configuration. Puppet, Chef, Ansible and Salt are most frequently named. In the network community, Puppet and Ansible have the strongest followings.

Puppet is a model-driven configuration tool that relies on a client-server architecture to deliver configurations from the controlling server to the client device being configured.

In the network world, this is a challenge in that a Puppet server needs to talk to a Puppet agent running on the client system. The requirement for an agent has ruled out many network devices, as Puppet agents simply aren't available for most network gear. The initial drive for Puppet in the network space was to extend the functionality of a tool already deployed in many enterprises to manage servers. Why use a different tool for network device configuration if Puppet is available and already being used by the organisation?

Puppet uses its own human-friendly language that allows people to describe how they want a device configured. The Puppet server translates that manifest into a configuration suitable for that device, generating a catalog. The Puppet agent polls the Puppet server periodically to retrieve any new catalogs, and make the required changes.

Puppet can be used to configure a limited number of Cisco devices, as well as certain devices from Juniper, F5, Mellanox, Arista, and presumably others. Note that "Puppet support" does not mean that every network device function will necessarily be supported by Puppet. In fact, most network engineers find that the functions they can actually configure via Puppet are limited.

Puppet is available in both open source and commercial variants.

Ansible.  Similar to Puppet in overall scope, Ansible is growing in popularity in part because the design is an agentless push architecture. Ansible interacts with a remote network device via SSH, NETCONF, or other means as specified in the module written for the remote device. SSH is used frequently, although this is not something the Ansible consumer has to be overly concerned with. The module handles the work of getting the intended configuration to the remote device, whatever the means.

Network engineers describe what they would like the network configuration to be using playbooks. Playbooks are written in an easy-to-read language called YAML. Just like Puppet is limited in what specific network functions it supports, Ansible is limited by the functions described in a device's module.

In addition to its agentless nature, Ansible is gaining popularity due to reported ease of use and flexibility. Like Puppet, there are both open source and commercial flavors of Ansible.

A few other tools network engineers find useful as they look to automate their network configurations include:

Github, a free-to-use online repository for code that includes a versioning system. Of late, Github has been the go-to site to obtain code related to network configuration automation. Cisco, Arista, Juniper, Mellanox, and other network vendors maintain freely available code that supports configuration of their network devices or integration with cloud computing platforms such as OpenStack.

Vagrant, which is used to automate the creation of virtual machines. As many network devices are available as a virtual machine, Vagrant becomes useful as a way to automate the spinning up of network device VMs on VirtualBox, VMware and other hypervisors. Vagrant can also call to Ansible or Puppet to provision virtual machines once they have been instantiated.

What's next?

Network consumers interested in automating their network device configuration need to pay close attention to emerging technologies in the SDN space. APIs continue to grow in importance, providing access to SDN controllers, software modules that plug into controllers, and the network devices that sit underneath those controllers. The configuration work done by a home-grown Python program or Ansible playbook today could (and in some cases can) be done by a software defined application communicating network needs to a controller that provisions the network devices.

In fact, some SDN platforms take the network device configuration work out of the hands of human beings altogether. For example, about the only work a network engineer does on an NEC ProgrammableFlow switch is to point the switch to the controller's IP address. The rest of the configuration is done via the controller itself.Put another way, automating the configuration of network devices using tools as described in this article is truly incremental. Humans are still articulating the specifics of minutiae like VLAN numbers and routing configurations, but using better tools than the CLI or GUI to generate and install the required configuration.

Ultimately, SDN purports to take even those sorts of requirements away, allowing businesses to express their needs as policies related to security and application importance. Those abstract policy descriptions will result in software defined network device configurations that meet business needs and ensure user experience and regulatory compliance. The battle the industry is fighting now is about exactly how that complexity should be abstracted, expressed and programmatically implemented. For now, automating network configuration using powerful tools is a very good place for organisations to start.

ICMP Ping Request World Map & Hilbert map

World map showing the 460 Million IP addresses that responded to ICMP ping requests or port scans from June and October 2012. World map of 24 hour relative average utilization of IPv4 addresses observed using ICMP ping requests.

Hilbert Map

Hilbert map of 24 hour relative average utilization of IPv4 addresses observed using ICMP ping requests.

 

Is Enabling SNMP Worth the Security Risks?

Does SNMP open a hole? Well, kindof. Is it worth it? If it's configured right, YES!

The data that can be collected from switches and routers via SNMP for monitoring and analysis is completely invaluable. Information such as port utilization, device connectivity, errors, packet drops, discards, and other critical network health statistics are available with SNMP, but only if it is enabled!
Most switches and routers these days (even the cheaper home networking ones) support SNMP.
However there is still the idea floating around out there that enabling it will make a network vulnerable to security attacks. Also, some published material out there in cyberspace makes the claim that enabling SNMP will make your network unsecure. It is true that enabling SNMP on switches and routers will open a door into their management, however, there are a couple ways that we can lock up SNMP pretty tight and get the full benefits of having monitoring on the network.

1. Community string with access list.

A community string is basically an SNMP password on SNMPv1/v2. By default it is the word “public” – be sure to change this to something else. Also, an access list can be used to restrict SNMP access to only the machines that are managing the switches. To do this on a Cisco switch or router, this is a basic command sequence:

 

switch(config)# access-list 11 permit 10.0.0.100
switch(config)# snmp-server community m0n1t0r ro 11

 

Be aware that with SNMP v1 and v2, if this management traffic is captured on the network by a packet analyzer, the community string can be easily decoded. If that situation is highly unlikely, or not too much of a concern to you, then proceed in using v1/v2 as several companies do.

2. SNMP v3.

 

The risks of data interception with v1 and v2 has moved many engineers to implement SNMP v3 on their networks. This version offers restricted user access, view configuration, and most importantly, data encryption in transit. However, v3 is more involved and requires more switch configuration. Below is a simple example.

 

switch(config)# access-list 11 permit 10.0.0.100
switch(config)# snmp-server group admins v3 auth read V3Read write V3Write
switch(config)# snmp-server user root admins v3 auth md5 m0n1t0r access 11
switch(config)# snmp-server view V3Read iso included
switch(config)# snmp-server view V3Write iso included

If SNMPv3 is configured on a switch, make sure to disable v1 and v2. If these are still enabled, they can still be used to access the switch, even if v3 is also enabled.

Either of these configurations will allow SNMP information to be accessed by several great analysis tools out there, both vendor supported and open source. Just make sure that the address of the analysis tool is a part of the access list.

So is SNMP worth the possible security hole? Yes, but only if it is properly configured.

 

12 free cloud storage options

 

With all the public cloud storage offerings on the market today, many vendors just want customers to sign up for their services. So, in return for a new account, many offer free cloud storage.

 

 

Using the following 12 public cloud storage options, you could theoretically get 112GB of free cloud storage. But not all services are the same. Some have their pros and cons related to how large a file can be uploaded, the pricing of additional cloud storage space, integrations with various operating systems and mobile apps, and of course security precautions the vendors take.

Related Content

Here are side-by-side comparisons of free cloud storage options.

 

 

Name: Amazon Cloud Drive

Free cloud storage: 5GB

Extra storage: 20GB, $10/year; 50GB, $25/year; 100GB, $50/year; 200GB, $100/year; 1TB, $500/year. Cloud Music player: 250 imported songs free; 250,000 imported songs, $24.99/year.

 

More info: Music purchased and downloaded from Amazon is automatically stored in Amazon Cloud Drive for free. Service also backs up Kindle-branded tablets. Since launching in March 2011, the service has come under criticism for its access policies, which states that Amazon is allowed to use access files stored in Amazon Cloud Drive.

 

 

Name: Apple iCloud

Free cloud storage: 5GB

Extra storage: 10GB (15GB total with 5GB free), $20/year; 50GB, $100/year.

 

 

More info: Automatically synchs files, photos, videos and even Web browsing tabs across Apple devices. Windows iCloud Control Panel is available. Apps such as Keynote, Pages and Numbers are used for document management/synchronization. Apple boasts a minimum 128-bit AES encryption for iCloud.

 

 

Name: Box

Free cloud storage: 5GB

Extra storage: Personal account, 25GB for $9.99/month; 50GB, $19.99/month. Business account: $15/user/month, 3 to 500 users; 1TB with password-protected sharing, access management and user administration. Enterprise edition: Custom pricing, unlimited storage, offers customer branding, group access controls.

 

More info: Provides SSL AES 256-bit encryption behind the firewall. For business and enterprise accounts, files are stored encrypted with automatic redundancy. File size limits: 100MB for the free accounts, 1GB for paid personal accounts; Business editions have 2GB file size limit. Box allows document editing in the cloud through third-party apps, such as Zoho.

 

 

 

Name: Dropbox

Free cloud storage: 5GB

Extra storage: "Pro" accounts range from 100GB, $9.99/month or $99/year, to 500GB for $49.99/month or $499/year. "Teams" account, 1TB for $795/year for 5 users and $125 for each additional user.

 

More info: One of the best-known public cloud storage offerings, Dropbox uses SSL AES 256-bit encryption for its Pro and Teams editions. No limit on file size when uploading from the desktop application, which works on Windows, OS X and Linux; 300MB limit when uploading from the Dropbox website. Get 500MB of extra free storage when friends register, up to 16GB. Dropbox does not allow editing of documents directly in the service.

 

 

Name: Google Drive

Free cloud storage: 5GB -- Google Docs and files converted to Google Docs do not count against storage limit. 1GB of free photo video storage in Picasa Web Albums, unlimited storage of photos and videos (up to 15-minute videos) in Google+.

Related Content

Extra storage: 25GB, $2.49/month; 100GB, $4.99/month; 200GB, $9.99/month; 1TB, $49.99/month; 16TB, $799.99/month.

 

More info: Google Drive allows users to store a lot more files in its cloud for free if the files are Google Docs. In many cases, files can be converted to this format simply by copying them into a Google document. Drive does have some file limits, including 2MB for converted files, or 10MB for non-Google Doc files. Spreadsheets have a 20MB limit, or 256 columns. Google Doc files can be edited in the application, but third-party apps are needed to edit non-Google Doc files, such as Microsoft Word files.

 

Name: MediaFire

Free cloud storage: 50GB

Extra storage: Pro edition features 250GB for $4.50/month, and Business edition offers 1TB for $49/month.

 

More info: Startup MediaFire offers a large amount of cloud storage, but it only has Windows, OS X and Linux desktop applications with no mobile apps yet. For $1.50/month, users can get 50GB of storage with no advertisements through the "personal" edition. MediaFire markets its content distribution package heavily. Pro edition allows 500GB/month of content distribution through 500 one-time links per day; enterprise edition allows 4TB/month of distribution with 5,000 links per day. The free edition has 200MB file size limit, while personal has a 1GB file size limit. Pro has a 4GB file size limit and business has a 10GB individual file size limit.

 

 

Name: Microsoft SkyDrive

Free cloud storage: 7GB

Extra storage: 20GB, $10/year; 50GB, $25/year; 100GB, $50/year.

 

More info: Microsoft SkyDrive, which has a Windows 8-style interface, offers users one of the largest initial free storage accounts of the major cloud offerings. It does limit uploads to 300MB files via the Web browser and it has a 2GB limit via the desktop application, which can be run in Windows and OS X. It also supports iOS, Android and Windows phone apps. It includes a "forgot something" feature that allows users to remotely retrieve a file on their PC that has not uploaded to the cloud.

 

 

Name: MiMedia

Free cloud storage: 7GB

Extra storage: 100GB, $4.99/month; 500GB, $20/month or $199/year; 1TB, $35/month or $325/year.

 

 

More info: MiMedia offers one of the higher amounts of free cloud storage in the market. It bills itself as being a backup repository and cloud-access tool specifically for media, although it works the same with documents. For large uploads, the company will send a hard drive onto which you can upload an initial dump of information, then send it back to the company for uploading to MiMedia's cloud. Files are encrypted during upload transmission but not while stored on MiMedia servers. MiMedia does not yet support Mac OS X. It does have iOS and Android apps.

 

 

Name: SpiderOak

Free cloud storage: 2GB

Extra storage: $10 per month or $100 per year for each additional 100GB increment.

 

More info: SpiderOak presents itself as the secure public cloud storage option. Boasting a "zero-knowledge" policy, SpiderOak's program does not store passwords of customers, and all customer data is encrypted both in transmission and while in storage, using salted hashes and a combination of 2048-bit RSA and 256-bit AES encryption. For developers of the crowd, the company has also begun open sourcing some of the code used to create the product. SpiderOak offers personal, business and partner/reseller versions of its cloud service.

 

Name: SugarSync

Free cloud storage: 5GB

Extra storage: 30GB, $4.99/month or $49.99/year; 60GB, $9.99/month or $99.99/year; 500GB, $39.99/month or $399.99/year. Business account offers 100GB for three users for $29.99/month or $299.99/year.

 

More info: Up to 32GB of free additional storage available if you recommend others that sign up for the service. SugarSync has mobile apps available on iOS, Android, BlackBerry, Symbian and WinMobile platforms.

 

 

Name: Symform

Free cloud storage: Up to 10GB

 

Extra storage: Symform offers by far the largest amount of potentially free storage, but there's a catch. Its public cloud uses storage space donated by users, meaning other customers' encrypted data will be stored on your system when you contribute to the Symform cloud. The amount of storage each user gets is based on how much storage they contribute back to the Symform public cloud network. So, for example, if you contribute 2TB of storage, you can get 1TB of storage for free. Common use cases for this is around disaster recovery and backup. Customers can pay for the storage instead of contributing back excess storage space as well. Symform encrypts files using 256-bit AES, then divides files stored in the cloud into 64 blocks which are distributed throughout the Symform cloud network so that no one single user has access to a customer's complete set of encrypted data.

 

 

Name: Syncplicity

Free cloud storage: 2GB

Extra storage: 50GB, $15/month for personal edition.

 

More info: Syncplicity is owned by EMC. Pricing for business edition, which includes central access controls, start at $45/month with tiered pricing for up to unlimited storage. No file size limit or number of files. AES 256-bit encryption is used in transmission and at rest.

Top 10 Best Network Monitoring Software Tools

 The network monitoring tools used to monitor the entire network devices and services constantly and it notifies the Network Administrators if any network devices or services effected (any Node or Links down and services affected with high utilization).

Now most of the organizations from the smallest office to the largest enterprises looking for some kind of network monitoring tools to help them analyze performance issues, alert them to threats, and provide reports on the health of the network environment. For any organization it is highly crucial to invest on Network Monitoring Tools. This below list comprises of some free and some paid but all desirable Network monitoring tools, you can find customized package or an open source code tool as per your requirements.

Cacti

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Check More On Cacti

PRTG Network Monitor

PRTG monitors system availability using a variety of methods from simple ping through SNMP and WMI protocols to specific tasks such as HTTP, DNS, and Remote Desktop availability using various sensors. Using specific sensors for specific machines, an administrator can monitor service availability–including Exchange and SQL–and be notified instantly of problems. Also, PRTG comes with some bandwidth monitoring sensors, so you can ensure that malware designed to do DoS, “phone home”, and other overload activities are not operating on your network.
PRTG supports all Windows versions, XP/2003 or later.

 Check More on PRTG

Nagios

Nagios is a system and network monitoring application. Nagios XI extends on proven, enterprise-class Open Source components to deliver the best monitoring solution for today’s demanding organizational requirements. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method

 Check More On Nagios

Orion Network Performance Monitor

Orion Network Performance Monitor is the ticket for large, complex network environments. Stand-out features are the Web interface, an integrated Wireless Poller to monitor wireless devices, and easily customizable reports.

Check More on Orion Network Performance Monitor

Colasoft packet graphing

Colasoft software includes a Diagnosis console that lists events separated by OSI layers and enables sorting by severity, source address or event type to help speed recovery. A special Matrix view is available, too, that depicts connections at-a-glance, further enhancing diagnosis.
Supported operating systems are Windows-only: Windows XP (32- and 64-bit versions), Windows Server 2003 (32- and 64-bit versions), Windows Vista (32- and 64-bit versions), Windows 2008 (32- and 64-bit versions) and Windows 7 (32- and 64-bit versions).
Update: Capsa 7.2.1 no longer supports Windows 2000.

 
Check More on Colasoft Packet Graphing

Munin

Munin is an open source application that enables the administrator to monitor and collect data for networks, PCs, SANS, and even applications. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work.

Munin is available for UNIX and UNIX-like operating systems including: Linux, FreeBSD, NetBSD, Solaris, AIX, OS X / Darwin supported in trunk, and HP-UX.

 
Check More On Munin

 

Zenoss

Zenoss provides insight and unified operations for large-scale physical, virtual and cloud-based IT environments. Zenoss is available for a number of operating systems. You can install packages built for most flavours of Linux and Mac OS X, or build it from source on any other system where there are no packages pre-built. Also available are virtual appliances for VMware.

 
Check More On Zenoss

Zabbix

Zabbix is an enterprise-class open source distributed monitoring solution that has Advanced cache module for much better performance.

 

Check More On Zabbix

collectd

collectd gathers statistics about the system it is running on and stores this information. Those statistics can then be used to find current performance bottlenecks (i.e. performance analysis) and predict future system load (i.e. capacity planning).

 Check More On collectd

Observium

Observium is an autodiscovering PHP/MySQL/SNMP based network monitoring system focused primarily on Cisco and Linux networks but includes support for a wide range of network hardware and operating systems.

 Check More On Observium

Argus

Argus is a system and network monitoring application. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. It will monitor nearly any applications like TCP + UDP applications, IP connectivity, SNMP OIDS, Programs, Databases, etc. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Check More On Argus

Ganglia

Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids. It is based on a hierarchical design targeted at federations of clusters. It leverages widely used technologies such as XML for data representation, XDR for compact, portable data transport, and RRDtool for data storage and visualization.

 Check More On Ganglia

Monit

Monit is a free open source utility for managing and monitoring, processes, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

 Check More On Monit
 

Splunk

Splunk allows you to index, search, alert, and report on both live and archived IT data. Splunk is a modular Web-based tool that allows you to add or subtract apps to match your needs. There are both free and enterprise versions available for Windows, Linux, Mac, AIX, Solaris, and BSD.
Splunk collects data from multiple sources on your network and analyzes that data in one, centralized, Web-based location.

Check More On Splunk

LogicMonitor

LogicMonitor allows you to add an agent to a machine and have it monitored from your own, personalized dashboard that can be reached from anywhere using a web browser. It will keep you apprised of the status of your network, network equipment, cloud, databases, applications, power infrastructure, and more.

Check More on Logic Monitor

Network Manager's Free Toolkit

10 great free downloads for your network.

Got a small network, home network, medium-size network -- even an enterprise network -- and want to get the most out of it? Then I've got good news for you: 10 free pieces of software that can make your network easier to use, troubleshoot and maintain. These freebies will help everyone from networking pros to networking newbies and everyone in between.

There's plenty here for you -- great free tools for keeping your network secure; creating a quick, navigable network map; scanning networks and putting together a list of all connected devices; checking to see if your servers are up and running; even designing networks and more.

Note that I'm leaving out extremely popular and well-known free downloads, such as the Ethereal network protocol analyser or WireShark and am concentrating instead on lesser-known downloads.
And as a bonus, I'm including a review of an extra, for-pay, try-before-you-buy download that can help your network as well.

Network Magic

If you're looking for a simple, free, all-in-one network management tool for a small peer-to-peer network, this is the one to get. It handles all the basic network chores, including adding new devices to the network, fixing broken network connections, setting up wireless encryption and protection, sharing printers and folders, reporting on the state of the security of each PC, and much more.

Wizards guide you through all these tasks and others. If you've got network experience, the wizards may or may not be useful, but those with moderate or less network experience will certainly find them helpful. But even if you're a network pro, there's a lot in this simple program you'll find worthwhile.

For example, the network map, pictured nearby, displays every device connected to your network, shows whether it's online or offline, and displays details about each, including the computer name, IP address, MAC address, operating system being used, shared folders, and system information such as its processor and RAM. It also lets you change the machine name, and it displays alerts about each device, such as if it isn't protected properly. Overall, it's far superior to Windows Vista's Network Map.

The software's Status Centre is also useful. It displays overall information about your network, such as whether there are any problems with overall security or with an individual PC. It also lets you troubleshoot connections, shows whether there are any intruders on the network, and displays information about wireless protection.

Parents will appreciate some of Network Magic's features. For example, the software can monitor the use of any individual PC on the network for the websites it visits, the times the computer is online and which programs are being used, and then mail a daily report about it to an email address. So it's ideal for parents who want to keep track of their kids' computer use. There's much more as well, including a bandwidth tester to show you your current Internet broadband speed.

Note that there are both paid and free versions of the software. The free version includes most basic features, such as repairing broken connections, issuing security alerts, monitoring network activity and the Network Map. The paid version, which costs from $24 to $40 (depending on how many PCs are on your network), delivers daily reports of Internet activity, supports remote access to your network's files and includes other advanced features.

When you install this program, you may need to tell your firewall to let this application access your network and the Internet.

Spiceworks IT Desktop

This freebie can help small or one-person shops with small and medium-size networks, although the complexity of its interface and some anomalies don't make it particularly useful for home networks. It's an all-in-one network inventory and management tool with a surprising number of features for a free piece of software.

The program will inventory your network and provide information about each device on it. It goes further than Network Magic and provides a significant amount of detail about each PC and device, including free and used disk space, antivirus software being used, problems on the device (such as server connection errors), and other information, as you can see in the nearby figure.

It will even provide an inventory of the software installed on each PC, in quite a bit of detail, finding not just popular applications such as Microsoft Office and Adobe Reader, but lesser-known ones such as the FileZilla FTP client. I discovered, however, that it had a more difficult time than Network Magic finding all of my network devices; you may need to fine-tune permissions and log-ins to get it to work properly.

Note that when you install this program, you may need to tell your firewall to let this application access your network and the Internet.

The program includes a variety of other tools, such as easy access to ping and traceroute functions.

And it attempts to be a help desk application as well. You can create help tickets with it, assign the ticket to others or yourself, and include due dates, priorities and so on. It's certainly no replacement for a full-blown help-desk application, but for a small office with a small IT staff, you can't argue with free.

Because the program doesn't always easily find all devices attached to the network, and it has some anomalies (some antivirus software may flag one of this software's components as a virus, for example), this isn't a perfect application. But it's free and simple to set up -- and for that reason alone, it's worth the download.

NetLimiter Monitor

There are also for-pay versions of this software available. NetLimiter Lite costs $8.95 to $16.95, depending on the number of licenses; and NetLimiter Pro costs $14.95 to $29.95, depending on the number of licenses.

What's the biggest problem on many small networks? Bandwidth hogs -- applications that suck up all or most of the available Internet and network bandwidth. Typically, it's tough or impossible to track down which applications or PCs are using all that bandwidth and harder still to do anything about it.

That's where NetLimiter comes in. It monitors bandwidth use so that you can identify the hogs. The free version of the software, though, won't let you actually set bandwidth limits. For that, you'll need to buy one of the paid versions. The paid versions let you set bandwidth limits, including total amount of data downloaded or uploaded, on a per-application or per-connection basis. You can fine-tune it quite a bit, for example, by setting different limits for uploading and downloading.

There's a lot more to this application as well, including a firewall, bandwidth monitor and other functions. This isn't the easiest program to use -- at first, it seems as if there's no way to limit the bandwidth for any application. To do it, you need to click the Grants tab at the bottom of the screen and then, for the application you want to limit, click the Grant column, enter a value for the bandwidth limit, and click the check box.

There are three different versions of this program, starting with the free version, which only monitors network use and won't let you limit bandwidth use. The Lite version will let you set limits but won't do much more, and the Pro version adds a slew of features, including a firewall, scheduler and more.

Network Notepad

Designing a network, or keeping a clear record of one you already have, can be an exceedingly frustrating task. Most drawing programs don't have adequate tools for creating network diagrams. And as for pencil and paper, the less said about them, the better.

If you're looking for a tool to help you design your network or keep visual track of one you already have, you'll want to get Network Notepad. With it, you can design your network and draw schematics that are more than flat documents -- they're live and include links so that you could, for example,

Telnet into any device on your network just by clicking on a button on the diagram.

It comes with a palette of icons for routers, servers, printers, boxes, hubs, modems and other network devices. To design your network, choose graphics from the palette and drag them onto your diagram, and connect the devices using a set of drawing tools. You then define the properties of each device such as giving them names and IP addresses. You can also import a host file, and Network Notepad will automatically populate the devices with the right IP addresses.

You can also program five buttons to launch programs when a device is clicked upon that will then act on the device. So you could click on a device to ping it, for example. Your diagram becomes a live, interactive drawing.

Advanced IP Scanner

This little free utility is a great way to get a quick list of all the devices connected to your network, listed by IP address, along with information about each. It does a lightning-fast scan of all IP addresses in a range that you specify, then specifies whether a device is present at each address. For each device, it lists the status, the machine name, NetBIOS information, ping information and MAC address.

The program will do more than just scan your network. It also gives you a set of tools that lets you shut down PCs remotely, use the "Wake on LAN" feature for any PC whose network card supports that capability, and connect to remote PCs via RAdmin, if it's installed. You can also apply some operations, such as shutting down remote PCs, to a group of computers, not just individual ones.

Advanced Net Tools (ANT)

Here's the Swiss Army Knife of network utilities, and you won't have to pay a penny for it. This freebie puts a whole suite of tools at your fingertips, including ones for conducting ports scans, DNS lookups and pings, and scanning for network shares, checking on routing tables and more.

The security modules are especially useful for quick-and-dirty network scans. There's a network port scanner that can scan all computers on your network and report on their open ports, and a share scanner that reports on all the shared drives on your network.

The information modules are also useful. With them, you can examine your routing table and add and delete entries in it. You can also find out what IP addresses are available to be assigned on your network. Other modules do advanced DNS lookups, let you view all the network adapters connected to computers on the network and add and remove their IP addresses, and more.

DreamSys Server Monitor

Want to know if your servers are up and running? Then get this utility that will monitor whether your servers are alive and, if they're not, take a variety of actions that you can choose. At a specified interval, it will check your servers to see if they're still running. You can also check the servers manually at any time.

You can also tell the program to take a variety of actions when it identifies a problem server, including sending an e-mail, rebooting the machine, starting a service, playing a sound or running a command. It can also play a sound or run a command when the server is running.

Be aware that it can be a bit confusing setting up the program to monitor a server. If you're going to monitor a server via TCP/IP, when you add a new server to monitor, make sure to click the Options tab and type in the TCP port you want to monitor. If you don't, you'll get an error message.

NetBrute Scanner

A network is only as secure as its weakest link, and in many cases that's shared folders or mistakenly open ports. Trying to find all the shared folders and open ports on a network -- even a small one -- can be a difficult, time-consuming task.

This free suite of three simple security tools will put your network through a basic security check, looking for shared resources and open ports. As a bonus, you can also use it to test the security of any webservers on your network.

You can check for shared folders and resources, as well as open ports, on any individual PC on the network by using its network name or IP address. You can also scan an entire range of IP addresses, although I found that feature to be somewhat flaky; it didn't find all the PCs on my network. However, scanning individual PCs worked fine.

The program lists all shared resources and, better yet, lets you connect to those resources and browse them from the program as well. The program also scans the PCs on the network for open TCP ports, so you'll be able to find out what webservers, FTP servers, Telnet resources and the like are installed. More important, it will show you where your port vulnerabilities are.

The final utility in the suite checks the webservers on your network and sees whether it can break into them using a "dictionary attack" by trying combinations of usernames and passwords to gain access to the webmaster's account.

There are a variety of technical limitations to this program; before using it, it's a good idea to check out its details. Still, it's free, it's simple, and it's fast, and because of that, more than worth a try.

Technitium MAC Address Changer

There are plenty of ways to protect your home wireless network against intruders. One is to block anyone from connecting to your network except those who have network cards with specific MAC addresses. It's easy enough to set your router to block out intruders. But how do you know if it really works?

By checking it yourself. One of the best ways to do it is to spoof a MAC address, by giving one of your existing network cards a new address. You can do it with this software that lets you change your MAC address with a few simple clicks. Run the program, highlight the network card that you want to give a spoofed MAC address, click Random MAC Address, and then click the Change Now! button. That's all it takes. To restore to your original MAC address, highlight it and click Original MAC.

This program has other uses as well. It's a great way to show all the details about your network cards, including the manufacturer name; MAC address; and IP, Gateway and DNS information associated with each of your network cards. It includes other useful utilities, such as releasing and renewing an IP address for a card, which can help fix broken network connections.

RogueScanner

Here's an even better way to find out whether your network has any intruders on it: Run this program. Before you run it, put together a list of every PC and device on your network. Once you have that in hand, run RogueScanner. It lists every device on your network, including routers, printers, PCs and others. For each device, it lists the IP and MAC addresses. In addition, it peers deeper and tries to find other information, such as whether the device is a workstation, printer, server, router or PC, as well as the manufacturer and model number.

Compare what the program finds with the list of devices that you know are safe and secure. If you find a device on the network that's not on the list you drew up, you've got an intruder.

NetPeek

This one isn't free -- it's shareware, so it's free to try but costs $40 (£20) if you decide to keep it. It scans your network, identifies every device on it -- including computers, servers, printers and more -- and gives vital information about each. For every device, it tries to identify the IP address, the DNS name, the Ethernet address, the server software, the manufacturer of its network card, the user who's currently logged on, ping response and more, such as open ports. For each device, it also includes useful weblinks, such as a link to the network card manufacturer to get patches and firmware updates.

It's a pretty bare-bones program, and its best features aren't easy to access. For example, it's tough to know, at first, how you can scan a network range. To do it, you need to choose Scan Range from the File menu and fill in the form. Make sure you click "Log results to file" to create a log file so you always can refer back to the results. You can also use the program's Cache Manager tool to see information about all the devices on your network.

Be aware that this program takes its time going about its work, so if you have a lot of devices to scan, be prepared to wait. You'll be able to use NetPeek for free for 30 days or 500 scans, whichever comes first. After that, you'll have to pony up for the registration fee.

Network Engineers Favourite Free Network Tools

From sniffing to mapping and monitoring, these ten utilities perform surprisingly sophisticated tasks.


Wireshark

To be fair, Wireshark was mentioned in the original article as one of those tools that's so popular that including it in the original top 10 network tools would be essentially repeating old news. Some readers believed, however, that Wireshark is so good it deserved a mention.

Wireshark is a network protocol analyzer or sniffer and is the continuation of the well-known Ethereal project. A protocol analyzer "listens" to a network, records all of the packets seen on the connection and presents a detailed analysis of those captured packets. Properly placed, a good sniffer can provide reams of data invaluable for network troubleshooting and monitoring.

The problem is in the presentation of the information. Simply producing a text file of raw packet output is difficult to analyze. A good protocol analyzer needs to be able to take that information and present it to a network administrator in a summary format, and Wireshark does that.

Wireshark can provide deep inspection of hundreds of protocols, and more are added with each release. It can also import traces from other programs (tcpdump, Cisco IDS, Microsoft Network Monitor and Network General to name a few) so analyzing information from other sources is a breeze. It runs on Windows, Linux, Mac OS and other operating systems.

If you are going to administer a network, big or small, a protocol analyzer is a necessary tool. Wireshark fits the bill.

The Dude

Knowing that services are available on your network is a good thing, but knowing when services go down as soon as (or better yet before) your users and customers do is essential. The Dude is a network management package that excels in so many facets it must be tried to be believed that so much can be offered by a freeware tool.

After installation, like many network management packages, The Dude begins with a network discovery process. You input the IP address range or network to discover plus the type of discovery (such as ping or services). This produces a basic network map from which you may customize types of monitoring. The colour of the network device's model changes from green to orange if a service goes down and red if all connectivity is lost.

Monitoring includes simple pings, services based on TCP port number, SNMP probes and the ability to log into machines to acquire more specific data. The Dude comes with a preconfigured services set so as to not overwhelm monitoring, but it's trivial to add user-customized services. While it can do so, The Dude isn't designed for discovering services offered by machines on your network. For that you'll want Nmap, which is discussed later.

Without decent notification attributes though, network management packages lose usefulness. This isn't a problem for The Dude. In addition to the map, you can configure a variety of notification modes, from pop-up windows to e-mail messages. In one test, I manually shut off access to MySQL on my Linux Snort IDS box. The Dude popped up a flag and sent me a customized e-mail within a few seconds. You may wish to tweak probe intervals because a lot of false positives would be a distraction.

The Dude comes as a standard client/server package. You can run the client and server on one computer, or run the server on one computer and connect to it from another machine. It also offers a Web interface (http and/or https) for remote access. Various accounts can be created, from a read-only version for help-desk type operations to full administrative access for network managers.

The Dude has so many features and is so versatile that it easily can fit into just about any network monitoring environment. With the ability to nearly instantaneously inform a network administrator of problems, it can be a very cost-effective support tool that your end users will be glad you implemented.

Nmap/Zenmap

Nmap is one of those programs that has been around so long it's virtually considered a staple of a networker's bag of tools. But even though the functionality of Nmap has remained strong, it has grown beyond a Linux-based command-line tool. Today's Nmap provides quick information using a crisp graphical user interface (GUI) called Zenmap.

Nmap's function is simple: discover what ports are open on a target machine or range of target machines. Knowing what ports are open is helpful for many reasons. Not sure how many Web servers are running in your environment? Worried the firewall configuration you pushed out with Group Policy isn't effective? Then run Nmap, concentrating on those ports you assume are blocked by your firewall. Concerned that your users' machines may be running a Trojan known to listen on TCP port 25192? Then perform an Nmap scan (behind firewalls) for that port on your entire address space.

Zenmap runs common Nmap scan commands and displays the actual command-line command in a window for verification. You can also modify the command manually or run Nmap completely from the command prompt. Although Zenmap is a great interface for Nmap, it doesn't replace the need for knowing what it is you are actually scanning for.

Nmap is one of those "initial probe" tools that hackers love to use to discover vulnerabilities on a target network. Use it on your network before they do, or you may be in reactive mode when you could have been proactive.

ZipTie

Admit it. You have many devices on your network, but no easy method of storing the configurations of your routers, switches and firewalls.

Maybe you do store configurations, but it's via a cumbersome file transfer process, cut and paste, or some other time-consuming method that is not only a drain on time but may not always work the way you would like it to.

Sure, some vendors have proprietary packages to manage the configurations of their equipment, but what about configuration management in a heterogeneous environment? How many networks out there are truly composed of a single vendor's equipment? Even in a single-vendor network, wouldn't it be wonderful to manage those configurations without paying the network vendor's licensing and maintenance fees for their packages?

ZipTie is an open-source, no-cost product designed to provide multivendor network equipment configuration management. It allows for discovery of network devices, backup and restoration of configurations, and comparison of configurations among devices or over time (to track changes). As a bonus feature, it also contains several basic network design and management tools, including a subnet calculator (who doesn't need one of those?).

There is nothing magic about ZipTie. It is, at the core, a nice front end to communication protocols (SNMP, Secure Shell (SSH), Telnet, HTTP, Trivial File Transfer Protocol and so on). But it uses those, and other protocols, to discover and consolidate information on network devices. Do you manage your network devices with HTTP running on a non-standard port? No problem; just create another protocol entry and specify the desired port.

One drawback is that ZipTie only supports a small number of network vendors in its core release. However, being open source, a large and growing database of user-submitted add-on modules extends the functionality of ZipTie significantly. These add-ons provide SNMP Management Information Base (MIB) data so that ZipTie can recognize the devices.

Installing ZipTie is somewhat more complicated than installing some of the other reviewed tools. Read the prerequisites page before downloading and installing. Links are provided for the Sun Java Development Kit and Perl for the server, and Sun Java Runtime for the client. Install these first. Be sure to change the default administrator password before using it on your production network. It's not intuitive how to do so but read the documentation; it requires that a command be run at the command line interface on the server.

ZipTie does operate in a true client/server model, so you can allow one source for your configuration management and still have multiple clients manage it via the client piece. It's definitely worth looking into. If a particular module doesn't exist for one of your network devices, consider submitting a module yourself. That is after all the backbone of open source.

NetStumbler

If you manage wireless networks and have never used NetStumbler, you need to. NetStumbler is, at the core, an interface between what your 802.11 wireless card "sees" and what you see. It presents all of the wireless networks found in different formats, including individual transmitter signal strength or aggregate information grouped by Service Set Identifier channel or whether the network is secured or "open."

NetStumbler is the de facto tool for war drivers, as it easily identifies networks within range of a client. War drivers look for open wireless networks, and a corporate network that has improperly configured and/or installed wireless access points is ripe for exploitation. NetStumbler is a cheap tool for conducting surveys to find these potential network entry points.

What about strength of signal surveys? Do you have one of those "regular" help desk callers who insists that the wireless network always becomes hard to use at a certain time of day? Take a laptop with NetStumbler and let it run unattended (in a secured location, of course) on site. You'll have a real-time log of signal strength data for troubleshooting. At least you can conclusively show if there is a drop in your access point's signal -- or a drop in connectivity from interference associated with that 2:30 p.m. nuking of a burrito in the local (and leaky) microwave.

There's a reason why NetStumbler has been around for so long. It works, and it's useful. Anyone who manages a wireless network, or even those looking for a Wi-Fi hot spot, needs NetStumbler.

Nessus

Nessus has been one of the staples of a networker's bag of free tools for years. With more than 20,000 vulnerability checks (plug-ins), Nessus is a powerhouse application no network or security administrator should be without.

Like Nmap, in the early days using Nessus with the command line was rather cumbersome and the output difficult to decipher. It also ran on Linux, so a Linux server was necessary for scanning. But this isn't your father's Nessus, as it installs and runs easily on Windows with a crisp GUI interface.

After installation, scanning can commence immediately or a regular download of updated scanning variables can be configured. There are two such plug-in feeds available: the Direct feed provides plug-ins as they become available and is available for a fee, while the Registered feed is free, but the plug-ins are available seven days after they are available for the Direct feed.

Updating your scans is important, and if you don't think that changes can occur in a short period of time, think again.

I went two weeks without updating my scan information and when I ran a new scan it found more than 7MB of new information I needed to download. So don't think that the free subscription database isn't kept up to date.

If your network infrastructure permits such, Nessus can run on anyone's machine. If you don't have the infrastructure to protect against scans, and if you have public access ports, beware; finding a vulnerability can be as easy as an intruder running Nessus on your net. The same advice applies here as for Nmap: run it before the hackers do.

PuTTY

It wasn't too long ago that managing network devices via Telnet was commonplace. Telnet, that venerable terminal emulation program, was the first main link between the old hard-wired terminals of the mainframe days and a distributed networked environment. Yet Telnet, in all its glory, has one major problem that makes it unsuitable to remote access today: it's unencrypted.

Enter PuTTY, a free SSH client for Windows platforms. It provides for encrypted command-line interface access to network equipment running an SSH server. For those older devices that will only respond to Telnet, there is a Telnet option as well.

PuTTY is a small program but big on options for secure access to your network equipment and servers running an SSH daemon.

As with many other terminal emulators, PuTTY allows for logging of sessions. You can save your session settings as well. Also available with the package is a secure FTP client for transferring files encrypted and an RSA and DSA key generation utility.

PuTTY is one of those rare small freeware packages with huge benefits. It should be the first tool on your networker's USB stick (everyone has one, right?) if you have a need for secure access to network equipment or secure file transfers, as you will use it often.
And a couple of the author's favourites

Our readers had several good suggestions for tools, but to round out your tool kit, here are a few more utilities I have found to be indispensable over the years.

Active Ports

Active Ports is a small utility designed to show - in real time - what processes have what ports open on a machine. The processes are linked by program, making this a very handy tool for discovering programs using network resources that might not be obvious.

There isn't much to Active Ports. Running it produces a window showing the active (open) TCP and UDP ports on the user's system. True, you can get most of this information via the netstat command, but the difference here is easily finding the program that opened the connection.

Active Ports does what many of these tools do: take information available elsewhere and present it in a format that is easily accessible and understandable - two important considerations for a network administrator tracking problems.

Suppose you performed an analysis on your network with Wireshark because your Internet connection usage had suddenly spiked, and Wireshark showed that 95 percent of your bandwidth was used by one machine on your network listening on a specific TCP port. Or perhaps you performed a proactive Nmap scan and found that several machines on your network were listening on a specific TCP port. You would need to know what process has opened that port to be able to solve the root cause of the problems. Running Active Ports on a machine provides that valuable information instantly.

Multi Router Traffic Grapher

I have written about Multi Router Traffic Grapher (MRTG) before, but it deserves mention here because it's such a useful program and is very popular among network administrators. There are other graphic monitor programs out there, but nothing beats this old standard.

MRTG, like most of these tools, is a program that provides a useful representation of data gleaned from standard sources. The most common MIB variable that is polled is interface traffic statistics, but any MIB variable can be graphed. MRTG requires a Web server, and default displays give one day, one week and one year statistics.

The methodology is simple: poll network devices every five minutes via SNMP for the desired variable(s) and then present data via a graph in a Web page covering three basic periods of time.
Using this data for traffic usage, for example, it's trivial to establish a baseline for "normal" traffic on your network and determine when perhaps you need to throw more money at bandwidth.

MRTG takes SNMP data and displays it graphically so baselines can be recorded, trends analyzed and anomalies detected not just in traffic flow but any aspect of a network device that has an SNMP MIB attribute.

Because MRTG presents SNMP data, any such data can be graphed. It's not uncommon to graph ambient temperature, CPU utilization or number of connected clients. The bottom line, if SNMP can report it, MRTG can graph it. Of course, because the data is displayed as an HTML page, it can be accessed from anywhere on the Internet, or standard controls such as .htaccess passwords can limit access to the data to authorized personnel.

SNMP Traffic Grapher

Like its big cousin, MRTG, SNMP Traffic Grapher (STG) takes SNMP data and presents it in a graph form. But it doesn't need a back-end Web server, nor does it need to be refreshed every time statistics are updated. Think of STG as a real-time MRTG application. In fact, it was developed to be a companion to MRTG.

STG can provide timely information just when you need it most. Think of when you want to make a network change and you're worried how it will affect traffic. Maybe you're loosening restrictions and afraid the egress bandwidth will spike. Or perhaps you're activating VPN on your firewall and are worried that CPU utilization will go up.

STG, like MRTG, can graph any SNMP MIB variable, but the difference is that information is displayed in real time. That's its main strength. STG is as configurable as it needs to be; enter the MIB value, the polling time and the display output. That's all.

Like MRTG, STG displays in a graphical format any SNMP MIB variable, such as inbound and outbound traffic as shown here.

STG is invaluable not so much for trending (use MRTG for that) but for checking in real time how network changes affect performance. We often have to make changes we don't want to in the middle of the business day. Knowing how that affects performance before the end user notices problems is essential.