Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Share tech news, updates, or what's on your mind.

Sign up to Post

The block of six octets of a MAC address represents a lot of challenges when it comes to reading, formatting, parsing, validation, and lookup of vendor information. The functions presented here let you read, generate, format, store, list, and report MAC addresses and derived BSSIDs for most tasks.
SIEM must examine concepts of normality and abnormality traffic/data flow patterns. SIEM need to constitute use of adaptive intelligence. Companies need to evaluate SIEM products based on their own objectives to determine the product that best meet their needs.

Expert Comment

by:Gökhan POLAT
Great article 👍

Expert Comment

by:Ahmed Ali Khan
Very detailed and insight information of SIEM solutions!
In short, I will be giving a guide on how to install UNMS on a virtual machine in hyper-v and change the default port for security (you don’t need to have a server, since Windows 10 supports hyper-v)
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
This article will show you step-by-step instructions to build your own NTP CentOS server. The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Use of TCL script on Cisco devices:
 - create file and merge it with running configuration to apply configuration changes
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona.

Thanks David, for your detailed and honest evaluation!

Author Comment

by:Kimberley from Paessler
Hi Ryan,

Thanks for your message.  I'll flesh it out a bit and then submit it again.

I have a related question:  If I have a topic/article/post that I only want to post to the Paessler Topics page, does it still go through independent review?  I tagged "paessler" on several articles, but haven't been asked to review or approve them.  Who decides what can appear on our topics page?

(um, to avoid confusion, yes, I'd like to post this article to several topics, after it meets the requirements for an article.  My question is more a hypothetical one, in case I have things to post only to the Paessler topics page at some point).

Thanks for your help!

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Join Greg Farro and Ethan Banks from Packet Pushers and Greg Ross from Paessler for a discussion about smart network monitoring with PRTG.  Ethan, Greg and Greg discuss strategies for monitoring your IT infrastructure, how to deal with the complexity of monitoring large networks, and how to glean actionable information from multiple data points.

Listen to the podcast to learn how network monitoring can identify issues in your network before they impact your users.

Please note that this podcast was sponsored by Paessler.
Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions around the world are already using the Internet.

Author Comment

by:Superb Internet Corporation
Understood. Will wait for your update tomorrow on the approvals for the articles. Thanks

Expert Comment

by:Joseph Chierotti
Great article with some useful information. Couldn't be more true - reviews are critical when evaluating a business, product or service.  

Thanks for sharing!
Is your computer hacked? learn how to detect and delete malware in your PC
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.

A concise guide to the settings required on both devices
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Transparency shows that a company is the kind of business that it wants people to think it is.
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchasing a cable test tool, or even a cabling tech if you're not sure where the issue lies.  That can be expensive, especially if you have to get someone to site quickly to help diagnose an issue.

Did you know that if you have a Cisco switch-based network you may well have a cable-test function already to hand?

Pretty-much any Enterprise-level Cisco switch made since the 2960 family includes a feature called the TDR test, and even some switches before (such as the 3560G) support this function.  It's only available for copper-based connections though as it's only a TDR and not an OTDR, so you can't test fiber-based links using this functionality.

This test will enable you to verify the length of a cable right from the switch to the other end, using the TDR (time-domain reflectometer) function.  This is essential in diagnosing faults as a break in the cable can be easily identified on a single wire within the cable, as well as shorts and crossed-pairs.

To use this test, simply issue the following command in privileged exec mode...

test cable-diagnostics tdr interface gi0/1

Open in new window

(substitute the gi0/1 interface with whichever one you need to test)

Note: Cisco recommend performing the test with the …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options:
A. Take one trip to the grocery store and get everything you need for the week, or
B. Take multiple trips, buying an item at a time, to achieve the same feat.
Obviously, unless you are purposefully trying to get out of the house you’d choose “A”. But why do we so often times choose “B” when it comes to our data transmission performance? The key metric here is efficiency.How many trips do you want to take?

MTU…says you need to buy Milk in 1 Gallon containers rather than by the ounce!

MTU is an acronym that stands for the Maximum Transmission Unit, which is the single largest physical packet size, measured in bytes, a network can transmit. If messages are larger than the specified MTU they are broken up into separate, smaller packets also known as packet fragmentation or “fragmented”, which slows the overall transmission speeds because instead of making one trip to the grocery store you are now making multiple trips to achieve the same feat. In other words, the maximum length of a data unit a protocol can send in one trip, without fragmentation occurring is dictated by the MTU value defined.

Do I Really need to Manually Correct the MTU Value?

The correct MTU value will help you select the correct shopping cart size in order to be the most efficient in your grocery shopping so that you don’t have to take multiple trips. Shouldn’t I just leave…

Expert Comment

by:Jason Shaw
Would changing the MTU on on-side of VPN tunnel cause any issues with VPN ?
LVL 32

Author Comment

by:Blue Street Tech
Hi Jason, I assume you are only changing it on one side of a VPN tunnel. If I am correct, then it would only benefit one side of the connection. So if that connection is having the issues then it may remedy the problem, however for greater efficacy I'd do both ends (they most likely will not have the same MTU).
This article is in response to a question here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses as input, PING each of the IP addresses in the list, and send an email via SMTP to a support group when the PING is not successful on an IP address.

The method presented in this article requires AutoHotkey, an excellent (free!) programming/scripting language. The quick explanation for installing AutoHotkey is to visit its website and click the big blue Download button. A more comprehensive explanation is to read my EE article, AutoHotkey - Getting Started. After installation, AutoHotkey will own the AHK file type, supporting the solution discussed in the remainder of this article.

The utility takes as input a plain text file with each IP address on a separate line, such as:

The utility reads the file with the list of IP addresses and PINGs each one. It redirects the output of the PING command to a text file (via the command line ">" operator). It then looks for the five most common PING errors anywhere in the PING output, namely:

Destination Host Unreachable
Ping request could not find host
Request Timed Out
TTL Expired in Transit
Unknown Host

If the utility finds any of these, it sends an email via SMTP with PING Error Notification as the Subject and with an email Body
LVL 29

Expert Comment

by:Fred Marshall
Hi Joe,

For what it may be worth:
Here is a .bat file code that I've been running for some time.  It includes a method to adjust the ping interval - assuming one would like to ping rapidly.  Also, it skips single failed pings (which happen a lot in some situations but aren't a "failure") -  in favor of contiguous failures of a specified number.
Then, if there's a failure, it logs a trace route so one might find where the failure occurred.
"Single ping delay" is based on a workstation-specific empirical number derived from my article on delay times:

SET drive_letter=%1
IF "%1"=="" (SET drive_letter=c:)
echo Drive letter = %drive_letter%
REM ***************************SETUP***********************
SET Machine=%2
IF "%2"=="" (SET Machine=
echo Machine = %Machine%
SET testname=%~n0
echo %testname%
SET /a faillimit=3
SET pinginterval=750
SET pingtimeout=100
SET single_ping_delay=28
REM ***************No changes below*****
SET /a pingdelays=%pinginterval%/%single_ping_delay%
@Echo pingdelays = %pingdelays%
SET fileloc=%drive_letter%\Users\public\probes\ping
SET pinglog=%fileloc%\%testname%_pinglog.txt
SET tracelog=%fileloc%\%testname%_tracelog.txt
SET pingtemp=%fileloc%\%testname%_pingtemp.txt
REM testname_temptxt.txt was unused
SET temptxt=%fileloc%\%testname%_temptxt.txt
REM **************************END SETUP********************
cd \
cd \
md users
cd users
md public
cd public
md probes
cd probes
md ping
cd ping

REM initialize counts and limits
SET /a pingcount=0
REM Zeros the contiguous ping failure count
SET /a failcount=0
REM Initializing TRACE then return to :PING
goto :TRACE

REM Add original tracelog to the end of new temptxt
type %tracelog% >> %temptxt%  

REM Replace tracelog with new temptxt
type %temptxt% > %tracelog%

REM echo %time%
REM Delay between pings using ping -w [blank]
for /L %%a In (0 1 %pingdelays%) do (
ping -n 1 -w > nul
REM ran ping delay
REM @ECHO add ping output to %pingtemp%
ping -w %pingtimeout% -n 1 %Machine% >%pingtemp%
REM ran ping

REM @ECHO Find "reply" and reset fail counter
(find /I "reply"   %pingtemp%>%pinglog%) && (set /a failcount=0 & goto :PING)

REM @ECHO Finding "request timed out" and increment fail counter
(find /I "request" %pingtemp%>%pinglog%) && set /a failcount=%failcount%+1

REM @ECHO Finding "unreachable" and increment fail counter
(find /I "unreachable" %pingtemp%>%pinglog%) && set /a failcount=%failcount%+1

REM @ECHO Check failcount
REM if %failcount% geq 1 echo failcount %failcount% Pings have failed  %date% %time%
if %failcount% geq 2 echo failcount %failcount% Pings have failed  %date% %time%>>%temptxt%
if %failcount% geq %faillimit% goto :TRACE
goto :PING


REM @ECHO Reset failcount to zero
REM @ECHO failcount %failcount% Pings have failed - Starting trace route
set /a failcount=0

ECHO Trace Started %testname% %DATE% %TIME%

REM Overwrite start to temptxt
@ECHO Trace Started %testname% %DATE% %TIME% > %temptxt%

REM Append trace to temptxt
TRACERT -d -h 30 %machine% >>%temptxt%

REM Append Ended to temptxt
@ECHO **Trace ended %DATE% %TIME% %testname% >> %temptxt%
@ECHO. >> %temptxt%
@ECHO Trace ended %testname% %DATE% %TIME%

REM This GOTO cuts out the pathping

ECHO pathping
@ECHO %DATE%>>%temptxt%
@ECHO %TIME%>>%temptxt%
pathping %machine% >>%temptxt%
REM ECHO Trace ended >>%temptxt%
ECHO pathping ended
@ECHO %DATE%>>%temptxt%
@ECHO %TIME%>>%temptxt%



REM Program will loop until CTRL+C is pressed or window is closed.


Open in new window

LVL 69

Author Comment

by:Joe Winograd
Hi Fred,
Thanks for sharing your script! Always a pleasure when members provide excellent feedback on articles and videos here at EE. Thanks, too, for the link to your article on delay times — reading it is now on my to-do list. :)  Regards, Joe
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable.


SonicOS separates Service Objects into three different views or groupings: “All Services”, “Custom Services” & “Default Services”. Within each view there are two sections called “Service Groups” & “Services”. Service Groups are simply just Services grouped together for related purposes. Default Services are a list of system-created, commonly used, services that you can utilize to create many different networking policies and rules. They are not only created for convenience but they also play a key role in how default Access Rules function, which I’ll discuss later. For all intents and purposes Default Services Objects and Default Services are synonymous here and I’ll be focusing this discussion on the “Ping” Service Group within Default Services. Ping is just an example, but this bug occurs when renaming any Default Service Object.
Image showing Default Services.Some customers of SonicWALL security appliances will rename Default Services under the Service Groups section like Ping and rename it to “Ping Group” or “Group: Ping”, etc. to denote that it is in fact a group, which actually includes both Ping 0 (ICMP - reply) and Ping 8 (ICMP - request) rather than a single Service Object, e.g. Ping 8 (ICMP - request).

When …
LVL 32

Author Comment

by:Blue Street Tech
New update: SonicWALL just got back to me and is handling this based on the amount of affected user reports. It missed the 5.9 release but is schedule to be included for the subsequent release.

Expert Comment

by:Peter Wilson
Very helpful. Thank you!
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them.
Similar to having multiple certificates installed on a server, each sub-domain containing the certificate needs its own IP as well.  Wildcard SSL’s do not work like Wildcard DNS – you will have to specifically install the certificate on each sub-domain. Following are two methods to set up a Wildcard SSL for a domain.

Multiple Accounts

In a case where you have each sub-domain hosted as a separate cPanel account, and each cPanel account has its own IP address, then follow these steps:
•      Generate the Certificate Signing Request (CSR) in WHM, using *
•      There are two ways to change a site’s IP address:
               i.            Via WHM:
Go to WHM > Change site’s IP Address, select the account, then select the IP
              ii.      Via Command Line:
/usr/local/cpanel/bin/setsiteip -u $user $ip
When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *
•      The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from * to the target sub-domain
•      Click install to install the certificate

One Account

This method may be best for users that are not resellers…
How would you tell what computer was using up all of your Internet bandwidth ?

If you cannot answer this question, this article is for you.  

The solutions below should work with just about anything using established standards rather than proprietary software. Some commercial firewall appliances will already tell you this info. For this Article, I do refer to Sonicwall, but the suggestions will provide valuable information regardless. The resulting information is extremely valuable to have when there are problems (either real, or just perceived by your users).

Now, if budget was not a problem and there was a pressing need to just purchase something, I would probably purchase the PRTG Network Monitor ($380) or Solarwinds Orion NPM ($2475) because they will work with just about anything and aren't tied to Sonicwall.  They can even collect usage from packet sniffing so will work with ANYTHING.  

The quick answer may be able to just download and configure Passler PRTG trial or free version or AdvancedRM to get what you need, if needed "now".  Both of these utilities rely on SNMP.  PRTG also can collect info a few different ways and is more versatile and comprehensive.  Free version is limited to 10 sensors but the commercial version isn't that expensive compared to enterprise consoles.  If you enable the SNMP services on each of the servers and user systems as well as the Sonicwall, you can compare charts and get what you need.  

Being budget concious, what I …
LVL 11

Expert Comment

by:J Spoor
Overall a really good document !

Expert Comment

by:Kimberley from Paessler
Hi cybervzhn_tech,

Yes, a good article!  I wonder if you could update the parts about PRTG, since there's been a significant change in our licensing since 2010.  In particular, the 100-sensor licence which was $380 is now free!  The first paid license is now the 500-sensor license ($1600).  Could you please update the price from $380 to $1600, and then later in the article, where you talk about 10 free sensors, update this part to 100 sensors?


Kimberley (from Paessler)
I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually.

Ever had this experience and just need to get the job done ASAP?  PSExec is a saviour in these cases.

Simply download PSTools from

PSExec is in here, all thanks to Mark Russinovich.  Although PSTools contains a load of tools, I really want to focus on PSExec right now.  This is the one tool I use more than any.

In summary, whatever you can run in the CMD prompt or script, you can do remotely with PSExec.

E.g. Get every machine in the domain to renew it’s IP Address:

psexec \\* ipconfig /renew

Open in new window

It’s that simple.

Ok, to get all Domain Controllers to restart their netlogon service:

for /F %i in (‘dsquery server -o rdn’) do psexec \\%i net stop netlogon & net start netlogon

Open in new window

Easy enough?

Ok, change the Primary DNS Server on all Domain Controllers:

for /F %i in (‘dsquery server -o rdn’) do psexec \\%i netsh interface ipv4 set dnsservers static primary

Open in new window

Perhaps you have a specific list of computers to run a command on.  Add them to a text file (like computers.txt).  Then place the text file in the directory you are running PSExec from and run the following:

PSExec @filename.txt CommandToRun (e.g. shutdown /r)

Open in new window

One issue I found which is really a pain is when having to use PSExec and run a command which interfaces with remote network resources.  e.g.

psexec \\server15 \\server\share\executable.exe

Open in new window

This won’t work unless you supply credentials.  Something like this:

psexec -u domain\user -p PasswordHere\\server15 \\server\share\executible.exe

Open in new window

LVL 26

Expert Comment

Be aware that the latest version of Symantec Endpoint Protection flags psexecsvc.exe as an attack and will block it. PSEXEC then gets stuck looping as it installs the service, the service gets deleted, and it lathers, rinses and repeats.
LVL 33

Expert Comment

Thanks for the bit about running an exe from a network share.
Setting up SSH Cisco

We are all told that you should not use Telent for connecting to devices because it is unsecure and all clear text. Much better is to use SSH, but it can seem a bit of a challenge setting it all up and especially in a small network you might not think it's worth the effort.

Below are the instructions to enable SSH on Cisco switches and routers, apply this to the VTY lines and use a client software to connect up.

You will need:

1)      A Cisco device running a IOS that supports SSH, this means any IOS with Crypto features. (if you have an IOS that is not crypto you can upgrade for free as long as you keep the same feature set, ask a Cisco reseller more about this if you need to get hold of one)

2)      A client that can support SSH such as Tera term or Putty.

First Step.  We need to generate some RSA Keys. These are used by the SSH session to encrypt the data. This requires first setting a hostname and a domain for the Device.

Any thing in bold is commands that need to be entered.

Router(config)#hostname test   (set a host name)
test(config)#ip domain-name  (sets the domain the keys will be used for, this does not have to be the same as your windows AD domain, although often it will be)

test(config)#crypto key generate rsa
The name for the keys will be:
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus

Expert Comment

by:Kumar Jadhav
Thanks, I'm wondering if there is a way to push out updates/ changing config on multiple Cisco devices at once. Not sure if cisco prime is able to handle this.

Expert Comment

by:Canli Canli
Really nice Thanks for sharing....
<a href="">OTDR</a>
<a href="">Splicing machine</a>

Network Management





Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.