Freeware has long reigned as a go-to tool for network managers. Applications such as Ethereal, Multi Router traffic Grapher (MRTG) and Snort provide an inexpensive means to monitor devices, traffic and security in even the largest networks.
More recently, freeware’s community-supported cousins – open source applications – have emerged to tackle many network monitoring tasks at no cost. Such projects as Nagios and open source products from commercial vendors GroundWork Open Source, Hyperic and Splunk have been gaining ground in enterprise IT shops.
Here, a few network managers in the know share their latest free finds.
Network managers tracking down unauthorized IP addresses on their networks should check out this application developed by a member of Princeton University’s IT team.
DHCP_probe “attempts to discover DHCP and BootP servers on a directly attached Ethernet network,” according to its creator, Irwin Tillman of the Network Systems Group at Princeton University’s Office of Information Technology.
The application sends out requests to DHCP servers on a network, and if a non-authorized server answers the requests, the software will alert IT staff to the server’s existence.
Rick Beebe, manager of system and network engineering for ITS-Med, says the application addresses “a regular problem” at the Yale University School of Medicine in New Haven, Conn. “Someone will bring a Linksys or Netgear wireless access point or an Apple AirPort in and put it on the network so they can have wireless in the office. Only they plug it in backward and start sending IP addresses to a large part of the network,” Beebe says. “Usually [devices that] get those IP addresses appear broken, because the IPs aren’t actually usable, or someone attempting to share files on their machine checks the box that says ‘share my Internet connection,’ which produces the same result.”
Last updated in 2004, DHCP_probe was developed to run on Sun Solaris and was ported to also run on Linux. Beebe finds its function useful, but says he is surprised it hasn’t been updated to be less version-dependent and easier to deploy, considering the problem it solves.
“I find it hard to believe that we’re the only ones with this problem, so I’m surprised there hasn’t been more development of it,” he says.
2. Password Safe
For Craig Bush, managing and securing passwords got a lot easier when he downloaded Password Safe, an open source project originally developed by security technologist and author Bruce Schneier.
Bush, network administrator at Exactech in Gainesville, Fla., says he regularly browses SourceForge.net for applications that might address a nagging problem on his network. The fact that Password Safe has evolved to an open source project especially appeals to him. “I use the one-off [freeware] apps when I need them, but I’d much rather use an application that has a good support community behind it,” he says.
Password Safe was last updated in mid-February, currently in Version 3.0.6, and it lets users keep their passwords securely encrypted on their computers. The passwords can be unlocked with a single combination. The free Windows utility uses the Twofish encryption algorithm, a free alternative to Data Encryption Standard and features an intuitive interface that lets users set up their password databases.
3. Kiwi Syslog Daemon
This free tool makes collecting Syslog entries from multiple devices easier for James Kritcher, vice-president of IT at White Electronic Designs in Phoenix. The freeware (a licensed version with more features is also available) “receives, filters, logs, displays and forwards Syslog messages and SNMP traps from such hosts as routers, switches, Unix systems and other Syslog-enabled devices,” according to its keeper, Kiwi Enterprises.
Kritcher says the software features “a nice GUI for managing entries” and provides trending information. The software also can perform SNMP trap and Management Information Base parsing, and DNS caching of as many as 100 entries to enable fast lookups, the company says.
“It’s a great application that consolidates log entries from any Syslog-enabled devices. We use it to manage and monitor network devices such as routers and Cisco PIX firewalls,” he says.
For fans of such products as Ipswitch’s WhatsUp Gold or SolarWinds’ Orion, Argus represents a no-cost alternative.
The software application monitors systems, servers and routers to keep IT managers up to date on potential performance and availability problems. Longtime Argus user Kerry Miller, network engineer at First Victoria National Bank in Victoria, Tex., says he is updating his deployment to also monitor the gear supporting advanced IP applications, such as VoIP.
“We are still using Argus to monitor our systems, and we’ve been expanding it to routers and VoIP equipment at several new locations,” he says. “We also use MRTG to monitor traffic on some of our more critical routers.”
5. Zenoss Core
Bruce Meyer is taking advantage of the latest wave of open source software available from vendors for free. Customers can choose to pay for support packages from GroundWork, Hyperic, Splunk or Zenoss, but it costs nothing to use their freeware applications.
Meyer, director of network services at ProMedica Healthcare in Toledo, Ohio, says he has installed Zenoss Core 1.0 to update his network and systems monitoring, and to collect data to create historical and utilization graphs.
“We’ve been using an older version of Ipswitch’s WhatsUp Gold and Statseeker, but I’m exploring other options in my spare time,” Meyer says.
Zenoss Core 1.0 is software available under the Mozilla public licence that can be used to monitor network devices, operating systems, applications, servers, environment and power supplies for health and availability. The agentless system is available as a single download and uses industry standard protocols, such as SNMP and Syslog, to collect management data from devices. It also uses Windows Management Instrumentation to gather data from Windows systems.
6. Tera Term
ProMedica’s Meyer also recently tapped the Tera Term freeware application to aid in deployment of access points.
The free software for Windows lets its users perform such actions as emulation, telnet connection and serial port connection. It hasn’t been updated in quite some time (the Web site lists 1999), but that didn’t stop Meyer from making the most of it in his IT shop.
“Just recently I’ve used its macro language to upgrade and configure about 100 Cisco 1200 access points,” he says. “It’s a well-known serial/telnet/SSH client, and it’s pretty advanced.”
7. Splunk Server
Splunk last year made available a freeware version of its enterprise data indexing and troubleshooting software. The product runs on Linux, Unix (including Solaris) and Mac OS X, and the freeware version offers users as much as 500 MB of data indexing per day. Splunk Server searches for management data across logs, message queues, configuration files, SNMP traps and database transactions to more quickly correlate events that could be related to a failure, and that network managers would typically have to search manually. For Yale’s Beebe, it saves time parsing through logs.
“It takes all of our various logs and stuffs them into a MySQL database. The it provides a searchable, sortable Web interface to the data,” he says. “It is a lot easier than grepping through the log files by hand. And more importantly, it’ll give access to our non-Unix-savvy operators.”