Network Discovery & Analyses Tool Kit

I have just started to work with a network of 35 computers, 3 serves, 1 firewall, 20 printers  and some other network devices aside, this all has been abandoned by the previous IT guy, I was wondering if any of you can post here some ideas and personal experiences/suggestions on how to listen and learn the network in the best informative way using any network tools, including discovery, monitoring and etc... Anything that could help me, not only to catalog, but address issues like poor transfer speeds, high latency, database disconnections, internet connection being very slow at times, read and writing speed rates to the servers disks array, any snmp alerts that could be retrieved or customized tests that could help me get to speed for the overall network health status. I'm sure about some expensive software out there, but any personal suggestions and trials or freeware will be appreciated.

Thank you all.
-JD
LVL 1
jdffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
Netscan, spicworks, prtg, controlup. Enable snmp on the switches. If the switches aren't managed, go buy some Cisco sg500 or dell n1500 or at the very least some netgear smart switches.
0
pgm554Commented:
0
btanExec ConsultantCommented:
Looks like asset management and discovery of potential stop pit or point of failure requiring low RTO for high availability. Key for me at a start is spot on those strategic point of entry and exit requiring high availability and security...and the tiering architecture adopted.

Scanner discovery (mostly ppl tap on nmap) has been quite handy and if it can come with vulnerability management will be great. Nessus (more to identify host in network), PRTG and Solarwind are top pick for the time moment including spicework for overall oversight mgmt.

Specific to snmp really need to check out the MIB (simpleweb is one good place to check out) on the resource polling of health parameters such as CPU, power and network connectivity. It is best to leverage those software in built MIB unless device has specific MIB one.

We also run SIEMS together with GRC solution from a NOC perspective - meaning getting syslog, triaging security event piped, case mgmt of escalated cases from SIEMS, customised parser to gather log format from various key perimeter and tier devices. OSSIM (or likes of AlienVault USM)  is another candidate. We will always has to backup with xls for manual checkup list in case of downtime of backend mgmt system above. Always has contigences and the network diagram still largely is still in ground check to make sure thing are as what discover with separated mgmt vlan for discovery and log cum backup purposes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

nociSoftware EngineerCommented:
Then there are tools like on every system:
arp table (arp) , interface configuration (ifconfig / ipconfig), routing table: (netstat -rn)  services: tcp  (netstat -ant ),  udp; (netstat -anu).

And inspection of configuration on routers and switches. There is a lot of data there that cannot be gotten thru tooling easily.
0
btanExec ConsultantCommented:
Maybe worth to also sniff out traffic from those few perimeter network device and the signature/patch update servers which will be guarding most of the in and out traffic to host (or designated endpoint) which can in a way help map out the network segregation with the Architecture setup and in each segment, you can then discovery accordingly - some actually like prtg or ossim can have sensor planted and send back to central for the overall mapping...also not to forget any wireless segment. Overall, key protocol to focus for this effort in mapping is DNS, DHCP, ARP, ... see more

1.DHCP Information
2.Sniffing Network Traffic
3.ARP Broadcasting
4.Net View
5.DNS Zone Transfer
6.DNS Lookups
7.Domain Computer Accounts
8.Trace Route
9.Ping Scan Known Subnets
10.Port Scans Known Subnets
https://blog.netspi.com/10-techniques-for-blindly-mapping-internal-networks/
0
nociSoftware EngineerCommented:
another tool i forgot to mention: snort (and other passive traffic monitors) if you have linux based firewall can help a lot in both getting a view on traffic as well as thread management.
0
jdffAuthor Commented:
btan, is there any tool that can actually tell me how much traffic is groin through the network? I'm bit concerned on identifying peak operation time and performance degradation, bottleneck devices and some related performance monitor worth looking at? Any suggestions? Perhaps something that will be easy to read and identify.
0
btanExec ConsultantCommented:
PRTG my be preferred with its Network monitor, do see @ https://www.paessler.com/prtg

Typically for simple setup or staging, Wireshark may suffice but will be more driven towards manual inspection like going into its "Statistics" -> "Conversations" and there you check the tab labeled "IPv4" or "IPv6". The two rightmost coloumns give you bits per second in each direction between those IP addresses. If you want to have them sorted, simply click on the column's label - note the "Bytes" column sorted is not bandwidth but more of traffic volume only. But for long term trending of such information however may not be operationally suitable.

If it is Windows base, perfmon has some sort of Network Utilization on the NIC but need to do up some sum e.g. Nic Utilization = ((Total Bytes\Sec * 8)/current bandwidth) * 100

Otherwise, another free source is BandwidthD which can be standalone like prtg or with backend server
Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.
@ http://bandwidthd.sourceforge.net/
0
jdffAuthor Commented:
Could not figure how to use PRTG, very complicated in my opinion, I just wanted something to discover the network and to give me some readings as far as traffic flow and potential bottleneck issues.
0
btanExec ConsultantCommented:
maybe we can drill into PRTG IP sniffer instead but do see the suggestion

•If you just need a simple router bandwidth monitor that shows you how much bandwidth your organization is using as a whole, SNMP bandwidth monitoring should be enough. This monitoring method only gives you aggregated data, but uses up very little resources.

•If you are using NetFlow enabled Cisco devices, you can also use the NetFlow protocol to monitor network bandwidth. This technology gives you very detailed data, but keeps the load on your server quite low.
https://www.paessler.com/ip_packet_sniffer
0
jdffAuthor Commented:
btan, there is no cisco devies in this network.
0
btanExec ConsultantCommented:
then the best is have a sniffer (including wireshark as prev mentioned) or have the router and switch send the SNMP traps to a server to get those stats
0
jdffAuthor Commented:
Ended-up using PRTG, but there was a bit of learning and time involved.
0
Naomi GoldbergCommented:
You can read real user reviews for a variety of log management solutions on IT Central Station: https://www.itcentralstation.com/categories/log-management.

Users interested in log and network management tools also read reviews for LogRhythm on the IT Central Station website. This user writes, "It’s brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/logrhythm-review-36108-by-ryan-cossette
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.