jdff
asked on
Network Discovery & Analyses Tool Kit
I have just started to work with a network of 35 computers, 3 serves, 1 firewall, 20 printers and some other network devices aside, this all has been abandoned by the previous IT guy, I was wondering if any of you can post here some ideas and personal experiences/suggestions on how to listen and learn the network in the best informative way using any network tools, including discovery, monitoring and etc... Anything that could help me, not only to catalog, but address issues like poor transfer speeds, high latency, database disconnections, internet connection being very slow at times, read and writing speed rates to the servers disks array, any snmp alerts that could be retrieved or customized tests that could help me get to speed for the overall network health status. I'm sure about some expensive software out there, but any personal suggestions and trials or freeware will be appreciated.
Thank you all.
-JD
Thank you all.
-JD
Aaron Tomosky
Netscan, spicworks, prtg, controlup. Enable snmp on the switches. If the switches aren't managed, go buy some Cisco sg500 or dell n1500 or at the very least some netgear smart switches.
Solarwinds makes some nice tools ,free and paid for.
http://www.solarwinds.com/?&CMP=KNC-TAD-GGL-NA_BRAND-X-DL&gclid=CICC7t_mksgCFQqGfgodfOQFdg
http://www.solarwinds.com/?&CMP=KNC-TAD-GGL-NA_BRAND-X-DL&gclid=CICC7t_mksgCFQqGfgodfOQFdg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then there are tools like on every system:
arp table (arp) , interface configuration (ifconfig / ipconfig), routing table: (netstat -rn) services: tcp (netstat -ant ), udp; (netstat -anu).
And inspection of configuration on routers and switches. There is a lot of data there that cannot be gotten thru tooling easily.
arp table (arp) , interface configuration (ifconfig / ipconfig), routing table: (netstat -rn) services: tcp (netstat -ant ), udp; (netstat -anu).
And inspection of configuration on routers and switches. There is a lot of data there that cannot be gotten thru tooling easily.
Maybe worth to also sniff out traffic from those few perimeter network device and the signature/patch update servers which will be guarding most of the in and out traffic to host (or designated endpoint) which can in a way help map out the network segregation with the Architecture setup and in each segment, you can then discovery accordingly - some actually like prtg or ossim can have sensor planted and send back to central for the overall mapping...also not to forget any wireless segment. Overall, key protocol to focus for this effort in mapping is DNS, DHCP, ARP, ... see more
https://blog.netspi.com/10-techniques-for-blindly-mapping-internal-networks/
1.DHCP Information
2.Sniffing Network Traffic
3.ARP Broadcasting
4.Net View
5.DNS Zone Transfer
6.DNS Lookups
7.Domain Computer Accounts
8.Trace Route
9.Ping Scan Known Subnets
10.Port Scans Known Subnets
another tool i forgot to mention: snort (and other passive traffic monitors) if you have linux based firewall can help a lot in both getting a view on traffic as well as thread management.
ASKER
btan, is there any tool that can actually tell me how much traffic is groin through the network? I'm bit concerned on identifying peak operation time and performance degradation, bottleneck devices and some related performance monitor worth looking at? Any suggestions? Perhaps something that will be easy to read and identify.
PRTG my be preferred with its Network monitor, do see @ https://www.paessler.com/prtg
Typically for simple setup or staging, Wireshark may suffice but will be more driven towards manual inspection like going into its "Statistics" -> "Conversations" and there you check the tab labeled "IPv4" or "IPv6". The two rightmost coloumns give you bits per second in each direction between those IP addresses. If you want to have them sorted, simply click on the column's label - note the "Bytes" column sorted is not bandwidth but more of traffic volume only. But for long term trending of such information however may not be operationally suitable.
If it is Windows base, perfmon has some sort of Network Utilization on the NIC but need to do up some sum e.g. Nic Utilization = ((Total Bytes\Sec * 8)/current bandwidth) * 100
Otherwise, another free source is BandwidthD which can be standalone like prtg or with backend server
Typically for simple setup or staging, Wireshark may suffice but will be more driven towards manual inspection like going into its "Statistics" -> "Conversations" and there you check the tab labeled "IPv4" or "IPv6". The two rightmost coloumns give you bits per second in each direction between those IP addresses. If you want to have them sorted, simply click on the column's label - note the "Bytes" column sorted is not bandwidth but more of traffic volume only. But for long term trending of such information however may not be operationally suitable.
If it is Windows base, perfmon has some sort of Network Utilization on the NIC but need to do up some sum e.g. Nic Utilization = ((Total Bytes\Sec * 8)/current bandwidth) * 100
Otherwise, another free source is BandwidthD which can be standalone like prtg or with backend server
Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.@ http://bandwidthd.sourceforge.net/
ASKER
Could not figure how to use PRTG, very complicated in my opinion, I just wanted something to discover the network and to give me some readings as far as traffic flow and potential bottleneck issues.
maybe we can drill into PRTG IP sniffer instead but do see the suggestion
https://www.paessler.com/ip_packet_sniffer
•If you just need a simple router bandwidth monitor that shows you how much bandwidth your organization is using as a whole, SNMP bandwidth monitoring should be enough. This monitoring method only gives you aggregated data, but uses up very little resources.
•If you are using NetFlow enabled Cisco devices, you can also use the NetFlow protocol to monitor network bandwidth. This technology gives you very detailed data, but keeps the load on your server quite low.
ASKER
btan, there is no cisco devies in this network.
then the best is have a sniffer (including wireshark as prev mentioned) or have the router and switch send the SNMP traps to a server to get those stats
ASKER
Ended-up using PRTG, but there was a bit of learning and time involved.
You can read real user reviews for a variety of log management solutions on IT Central Station: https://www.itcentralstation.com/categories/log-management.
Users interested in log and network management tools also read reviews for LogRhythm on the IT Central Station website. This user writes, "It’s brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/logrhythm-review-36108-by-ryan-cossette
Users interested in log and network management tools also read reviews for LogRhythm on the IT Central Station website. This user writes, "It’s brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/logrhythm-review-36108-by-ryan-cossette