At Interop ITX, troubleshooting expert Mike Pennacchi discussed the tools every network engineer needs.
Tracking down the cause of problems on the network is a form of art, requiring a combination of well-honed skills and indispensable tools. After much practice, network engineers bring a skilled eye to the troubleshooting process, aware of common pitfalls and remediation methods. They rely on powerful tools to help get to the root of network and application issues.
At Interop ITX in May, network troubleshooting expert Mike Pennacchi identified the essential toolkit for network engineers. These tools, most all freely available, do everything from helping measure throughput to capturing and analyzing packets, as well as presenting data in handy charts to provide a view into network health.
The open source collection includes popular tools such as iperf, Wireshark, nmap, and Snort. The tools fall into one of three platforms, as described by Pennacchi: laptop, centralized, and remote troubleshooting.
Capturing packets requires getting in their path, he said, adding that span ports are more economical than expensive fault-tolerant taps. The Netgear GS105E switch is an inexpensive tap option; it can be configured to mirror all the traffic on ports 1 to 4, he noted.
Pennacchi is owner and lead analyst at Network Protocol Specialists, a network analysis and training company based in Seattle, Wash. He's a longtime Interop instructor and perennial favorite at the conference.
Continue on to find out what troubleshooting tools he says every network engineer needs. You can also catch a live, condensed version of his Interop ITX presentation at 10 a.m. Pacific Time July 7 on YouTube. Don't worry if you can't make that date; you'll be able to view the recorded video anytime.
Networking pros can use this tool to measure throughput, packet loss, and jitter for troubleshooting bandwidth issues. It supports both TCP and UDP. Pennacchi recommends using UDP instead of TCP when testing a connection to gauge how VoIP will perform, checking the impact performance of streaming technologies, or to get packet loss and jitter measurements
Wi-Fi Explorer is a Mac utility for WiFi network discovery. The tool gathers information such as network name, BSSID, supported data rates, and channel, and provides a graphical visualization of the WLAN environment. It costs about $20 and requires OSX version 10.7 or higher.
With this tool, network engineers can trace a path through the network using TCP instead of ICMP. It's useful in tracking down firewalls that are blocking ports, and sends a SYN packet using a specified TCP port.
fprobe, nfcapd, and nfdump
fprobe is a tools that listens to an interface, collects network traffic data, and creates NetFlow records while nfdump reads and displays the NetFlow files stored by the nfcapd NetFlow capture daemon. Engineers can run nfcapd on the same machine as fprobe or on a different computer and use it to collects flows from multiple sources and put into directories. Nfdump can be used to create top N lists such as conversations and protocols.
Originally released in 1998, the popular Nmap utility is a free tool for network scanning and security auditing. Written by Gordon Lyon, also known as Fyodor Vaskovich, the tool can be run at the command line or using the Zenmap GUI. Network engineers can use Nmap to scan a single host, a subnet, or look for a specific port, among other scans.
With Cacti, networking pros can graph SNMP values over time. It's handy for utilization, UPS statistics, and work with most any SNMP-managed device. Devices can be added and monitored over long periods of time, and can track not only interface utilization, but availability and response time.
The open source SmokePing tool measures network latency, packet loss, and long-term changes in latency. The software sends multiple ping packets, usually 20, to the target host, then charts out the response times for each of the ping relies. The distribution gives you an idea of variations in response times.
OpenNMS is a free and open source platform for network device and service availability monitoring. Features include outage notifications, availability reports, and scalability. OpenNMS is available in two platforms, Meridian and Horizon; Meridian is designed more for enterprises who want stability while Horizon is designed for monitoring new technologies such as Docker.
This is a WiFi network security assessment tool that's handy for discovering nearby networks and clients. Network pros can use AirCrack-ng for packet capture and export the data to test files for additional processing by third-party tools.
This technique is commonly used for hacking, but network pros can use it to setup a quick man-in-the-middle packet capture for auditing purposes. It eliminates the need for a span or tap. Installing dsniff, a collection of network auditing and pen testing tools, will enable arpspoof and dnsspoof.
(Image: Maksim Kabakou/Shutterstock)
Snort is a well-known open source intrusion-detection and prevention system that uses a ruleset to analyze traffic, creates alerts, and stores problematic packets. Rules can be customized based on a company's specific needs. Snort was created by Martin Roesch, who founded Sourcefire, which sold a commercial version of the software. Cisco bought Sourcefire in 2013 and supports the open source Snort alongside a commercial version.
This tool is used in command lines or scripts to transfer data, usually to and from a server. In networking, it can be used to measure website response time.
Elasticsearch, Logstash, and Kibana (ELK)
The open source ELK stack enables data collection and search. Logstash collects data such as syslog and local log files, and formats and writes the data to Elasticsearch. Kibana provides an interface to visualize the stored data and creates dashboards.