There are a lot of computer tools that allow us to do all kinds of tasks. In this post, we will see the main and most useful tools that allow network administrators to debug, understand and configure networks. The goal is to make a small inventory of the essentials to have in its toolbox when we start to attack a debug or a network configuration.
Here is a list of tools that I do not separate when I put my network administrator cap:
Wireshark (formerly called Ethereal until the summer of 2006) is an awesome cross-platform open source tool, it is a network protocol analyzer (also called sniffer). It allows you to examine data from a live network or from a stored capture file. You can browse capture data interactively, explore all layers of packages, and see all of their contents – it’s a tool that’s as useful for attack as it is for defense, maintenance, or configuration. Wireshark has several interesting features, such as being able to apply to packets captured quantities of filters allowing for example to display only exchanges between indicated IPs, in a specified language.
Wireshark also has a “Follow TCP Stream” function which allows you to follow live the interaction and the TCP exchanges between two machines in a window, the contents of the packets being translated and formatted dynamically. Tools like Wireshark are numerous and each have a lot of features, both graphically and command line, for example tcpdump in CLI or tshark.
Putty is a very easy to use tool and also essential for any network administrator, it is the basic tool for the remote configuration of different elements. It can initiate SSH, telnet, or serial connections.
The strength of Putty is that it is a simple executable, portable that requires no installation and is very light. It has come several configuration tabs as it evolves but most are accessories and the tool can be used without using them. Some of these parameters nevertheless greatly increase the functions and possibilities of the tool. There are other tools that can approach Putty functions like TeraTerm and formerly HyperTerminal on older versions of Putty.
Traceroute, tool available on Windows, Linux , Mac OS and also on the active elements ( Cisco IOS for example) is a tool that will allow us to follow the path of a package throughout its adventure within a network.
It is a very practical debugging tool in the context of malfunctions and network configurations to know if our routing configurations for example are correctly applied within a network.
Supervision is more a tool suite than a tool itself but it is a process that is very used in network administration because it allows to be informed of the state of the machines and the active elements of the networks in real time and also receive alerts. It is a tool that quickly becomes essential for medium and large size networks. Among the most used tools, we note (free of course) Nagios and Shinken . There is proprietary PRTG mode that is also talked about.
Supervision and Metrology are to be differentiated, contrary to the supervision, the metrology will not make send alert or establishment of the state of a host or a service at the moment T but will have to main role is the graph plotting describing the metrics (values) of a flow, the use of a resource, etc …
Metrology allows the establishment of a “base-line” which is a reference line of the state of the network at a time T or during a so-called reference period. This in general makes it possible to detect abnormal behaviors that are out of the ordinary such as load peaks, performance losses, etc. Among the metrology tools we could note Cacti and Munin which are probably the best known in free mode .
Nmap is a free tool widely used in defense as in attack. As its name implies, nmap has the function of discovering and mapping networks via more or less thorough requests sent to a specific network or host, it is for example very useful to know which ports are open on a network. host and therefore know how it is seen from the outside but also know by which protocol we can go the manager for example (SSH? Telnet? …). Nmap is most often used on the command line but there is also a graphical version on Windows as on Linux.
Ping is one of the first commands that you learn to use when you start in computer science and its use is still common during years of practice. This is one of the first tests we do when we try to verify that a network link is operational between two hosts. Its use is very similar on all OS.