5. Top free open source tools for network admins: Tcpdump and Wireshark
When things get really hairy and you can't figure out what's going wrong on your network, it's time to pull out Tcpdump. This utility lets you capture the network traffic on a network card and view the packets and frames in real time.
If you're wondering why a browser can't find the Web server, you can fire up Tcpdump and see what's happening. Is the computer sending out DNS queries? Is it receiving a valid reply from the correct DNS server? By viewing the query and reply packets with Tcpdump, you can determine if the DNS server is replying with NXDomain for what should be a perfectly valid domain name or if the user changed the DNS server settings because he thinks that Google's DNS servers "must be faster" than your company's own servers. Or maybe the DNS queries and replies are fine, but the remote Web server is not responding. Then you would see the HTTP request packet leave the computer, but no replies from the Web server.
Tcpdump is a great tool by itself, but pair it with Wireshark, and you have an unbeatable system for troubleshooting network application issues. You can save your Tcpdump packet captures to files and open them in Wireshark for easier analysis. Wireshark gives you a GUI to examine Tcpdump captures and sort the data for more thorough analysis. You can compare time stamps on individual packets to see how long it's taking for a reply to be returned after a request has been made. And if you've synced the system clocks on client and server computers, you can see how long it takes for packets to travel between the two.
If you have a slow internal Web application, you can use Tcpdump and Wireshark to locate the bottleneck. If you see a long delay in the DNS lookup requests and replies but the actual HTTP requests and replies are fast, then you know the trouble lies with the DNS system or the network links to the DNS servers. If the DNS process is working normally, then you'll want to examine how long it takes for client requests to reach the server and how long it takes for the server to reply back. Wherever your network problem lies, Tcpdump and Wireshark can help you put your finger on it.
Books have been written about Tcpdump and Wireshark. Read them and learn all about these two utilities. You'll certainly improve your network troubleshooting game.
6. Top free open source tools for network admins: RANCID
We've all had that horrible sinking feeling in the pit of our stomachs when we've copied and pasted a new config into a router or switch and it stops responding. Did I remember to back up my old config before I uploaded the new one? How late will I be staying up tonight to fix this mess?
RANCID (Really Awesome New Cisco confIg Differ) is a versioning system for your switch and router configs. It uses either CVS or Subversion to store each new version of your configuration files. As it gathers and stores the configs for each of your devices, it runs a diff against the previous version to see what, if any, changes have been made. When it detects a change, it sends out an email with the details of that change to an address of your choosing. With RANCID, you'll know whenever a change has been made by your NOC team.
Because RANCID runs via a crontab entry, you can control how often it logs in and checks your configurations. If you are a stable shop and rarely make changes, you might have RANCID check once a day. If you are a more dynamic NOC and make changes frequently, you can set RANCID to check hourly or as often as is appropriate for your company.
One of the neat features of RANCID is that it includes a looking-glass server. You can take a quick peek at all the routes in your organization and search for any elements that are out of sorts when you suspect a routing problem on your network.
RANCID supports gear from most of the big networking vendors, including Cisco, HP ProCurve, Juniper, Foundry, and several others. It is known to work on Linux, BSDs, Mac OS X, and Solaris.
7. Top free open source tools for network admins: OpenNMS and Cacti
OpenNMS has a place in every enterprise. It's a highly scalable network monitoring system that is completely open source software. A single server can monitor hundreds of thousands of network interfaces and produce nice graphs for metrics such as bandwidth usage, CPU, memory, and more.
You can set thresholds that indicate when a device is busy or down and receive a notification via email, SMS, IM, and so on. Of course you can have separate logins for each of your NOC team, and you can set up an on-call schedule so that notifications go only to on-duty team members. OpenNMS also has an escalation handler, so if the level-one NOC techs don't take care of an issue right away, an engineer or manager can be notified to oversee issue resolution.
The Cacti graphing solution makes a good complement to OpenNMS. Although OpenNMS has the same graphing capabilities, Cacti's more intuitive Web UI allows nontechnical staff to build and manage collections of graphs that are interesting to them. For example, you could configure Cacti to graph data from your (SNMP-capable) HVAC controllers, and your facility maintenance team members could log in to Cacti and build custom views that display only the data they need to see. If one is watching fan rotation speed and another is tracking electrical power draw, they wouldn't have to view each other's data.
You can organize Cacti's graphs into trees, similar to the old Microsoft file system viewers used to display files in a directory structure. And with individual logins for each staff member, everyone gets their own view settings saved under their login.
Next page: Get a 10,000 foot overview of network traffic