Routing issues, slow network applications, DNS resolution problems -- a network administrator has to deal with a host of network nuisances on a daily basis. How do you survive when you're constantly under the gun to fix the problems? Like any other professional, you need a solid set of tools.
Not surprisingly, plenty of options exist in the open source camp. Excellent open source software tools are available to help you keep a close watch over your network, as well as meet many other needs of the busy network manager. From monitoring, troubleshooting, and security analysis tools to utilities for keeping track of IP allocations, passwords, and router configurations, here are my top 10 picks of the most essential open source tools for our network admin toolbox -- all free for the downloading.
[ Also on InfoWorld: "The six immutable laws for troubleshooting IT" | "Everything you need to know about building solid, reliable networks" | "10 tips for boosting network performance" | "Killer open source monitoring tools ]
This is by no means an exhaustive list of open source networking utilities available, and I've merely touched on their capabilities. Are there other free open source tools that you use regularly but we didn't list here? Leave a comment and let us know!
1. Top free open source tools for network admins: Dig
DNS problems plague us all, and they're easily overlooked when troubleshooting, so you need a reliable tool that provides detailed information about how users' DNS queries are being resolved. Why not use the tool made by the Internet Systems Consortium, the same group that produces the BIND DNS server software running the majority of DNS servers worldwide? That tool is Dig.
At the heart of it, Dig is a command-line utility that performs DNS queries. That alone is helpful, but Dig can also tell you most everything about the queries and replies -- you'll sometimes need that extra information to determine why you're getting a strange reply from a DNS server. The default output of Dig provides you with all the data you'll require for troubleshooting: reply/error codes from the server, flags used in the query, a reiteration of your query, the answer to your query, how long the query took, which server it received the reply from, and how much data it received in the reply. Dig can be quite useful when you're trying to diagnose slow network applications, by determining how long it takes a computer to get DNS resolution for the application server's domain name.
Dig can ask for a typical name query, replying with an IP address when you give it a domain name. You can also do a reverse lookup: By using the -x switch and giving it an IP address, Dig it will return the corresponding domain name for that IP address. The -t switch lets you specify the type of query you're making, so you can ask for mail server records (MX), name server records (NS), text records (TXT), and more.
If you are sporadically getting incorrect replies to your DNS queries, it's possible that one of your DNS servers has a different set of DNS records than the others. With Dig, you can run the same query against each of your DNS servers to find out which one is providing the erroneous replies. Just give Dig the DNS server's address with the @ symbol in front:
dig @126.96.36.199 www.yourdomain.com
Are you troubleshooting DNS problems with servers that use transaction signatures? Dig lets you specify a TSIG key to use for your queries. Dig also lets you tailor IPv6-only queries to help you troubleshoot IPv6-specific problems.
Dig is a part of the client utilities of the BIND project. It is not generally installed by default, but is readily available on all Unix, Linux, and BSD variants, including Mac OS X. A Windows version is available too.
2. Top free open source tools for network admins: Nmap
Carrie Moss used it in "The Matrix Reloaded." Crackers, hackers, and network admins alike rely on it, and every networking consultant better have Nmap installed on his or her computer. Nmap is available for nearly every platform imaginable and is amazingly useful as a network and security analysis tool.
Nmap is a lightweight security scanner that's heavy on utility. Nmap can perform tasks as simple as a ping sweep to see which IP addresses are active and responding, as well as carry off complex scripts to scan your systems for known vulnerabilities. Another fun feature of Nmap is the ability to analyze the reply packets it receives from a host to determine which OS the host is running.
Nmap is most commonly used to see which services or ports are open or available on a host. It supports both TCP and UDP scanning. You can give it a single host to scan or a CIDR (Classless Inter-Domain Routing) block or an entire list of hosts and networks from a file. A dizzying range of options allows you to specify which types of packets to send out and to see which hosts are susceptible to various remote attacks. Additionally, Nmap provides several options to bypass firewalls and other network filters that would otherwise block your scans.
Nmap also includes the Nmap Scripting Engine (NSE), which combines custom scripts with existing Nmap functionality to perform more specific discovery and attack analyses than Nmap does by itself. Fyodor and David Fifield gave an excellent talk and demonstration on the NSE at the Black Hat conference in Las Vegas last year. In the demonstration, Fyodor showed the results of Nmap scans against Microsoft company computers that used some of the NSE's MS RPC discovery scripts. The scripts used rpcinfo to gather info such as share names and usernames from the Windows computers. There are 177 NSE scripts available from Nmap.org as of this writing, and because they are user contributed, the list of NSE scripts is expanding at an amazing pace.
If you're a longtime user of Nmap but haven't kept up with Nmap news and releases, you'll want to check out the Zenmap GUI's new network topology feature, which lets you create an interactive network map based on information gathered by Nmap. The map begins with localhost at the center and displays all discovered hosts in concentric rings around it, the rings indicating the number of hops away the hosts are. From there you can shift the focus to another host or get more info by clicking a host's icon in the map. The shape of the icon refers to the type of device, and the size indicates the number of open ports.
All this makes Nmap perfect for checking on IP address usage, scanning for security vulnerabilities, and ensuring your firewalls and routers are operating properly.
Next page: Open source password management