12 killer (and free) tools for network engineers 1. Wireshark: Packet analyzer The Wireshark analysis tool is a free and open-source program primarily used to capture and analyze packets of data moving through a network. Wireshark was created back in 1998 by Gerald Combs, but don’t let the age of Wireshark fool you, because it’s just as useful today as when it was created. Wireshark enables network engineers to put network interface controllers (NICs) into promiscuous mode to observe most traffic, even Unicast traffic which is not sent to a controller’s MAC address. All versions of Wireshark and the source code are fully open source and can be downloaded for free. 2. Nmap: Network mapping Nmap, short for Network Mapping, is a free and open source tool used for vulnerability checking, port scanning and network mapping. It’s a powerful tool that is often able to discover hidden vulnerabilities in networks that are missed by other programs. There is a large community that supports Nmap today, including the original developer, Gordon Lyon. The tool, which anyone can get for free, is downloaded several thousand times every week according to the community that maintains it. It’s available for Windows, Mac and Linux. 3. Infection Monkey: Penetration testing Infection Monkey is a continuous penetration testing tool designed for any size network. It comes loaded with many advanced exploits and the ability to check for common security mistakes, such as weak passwords. It can be deployed to hunt for general cybersecurity issues, and recently gained the ability to examine whether zero-trust networking is configured correctly in enterprises that have implemented it. The Infection Monkey program is available as a free download and the source code can be found on GitHub. Anyone is free to modify the code for their own purposes. 4. iperf: Tests network connections The iperf tool is designed to measure and test network connections across an entire enterprise. It can act as both a client or a server, creating streams of data to test the throughput between two points. The data streams generated can either be Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). It’s free to download and the source code is also available. It works with Linux, Unix and Windows networks. [ Attend Virtual Summit on November 8 - CIO's Future of Cloud Summit: Mastering Complexity & Digital Innovation – Register Today! ] 5. fprobe: Performance testing The fprobe tool is generally used to sit at a specific point on a network and record data about traffic moving through that point. It can be used to help locate functions that are eating up too much bandwidth or even shadow IT that is generating traffic or performing functions that are not supposed to be allowed on the network. 6. Cacti: Visualization tool The Cacti tool was created as part of The Cacti Project by Ian Berry in 2001. It has two main functions. First, Cacti provides a fully distributed and fault tolerant data collection framework. But it’s claim to fame is its highly useful graphing component that can help users visualize complex data sets so that they can easily see everything from traffic spikes to the times of day when cooling fans are running the hardest. Cacti can be used both as a network monitoring tool or as a companion to other tools by providing a graphical interface for their data. 7. Snort: Intrusion prevention Snort is one of the best-known free networking tools available. Created in 1998 by Martin Roesch, development has since been taken over by Cisco. Snort is a complete Intrusion Prevention System (IPS) that uses rules to helps users define malicious network activity. Snort then uses those rules to find packets that match those definitions and generates alerts when it does. Snort, which is currently up to version three, can even be used to stop malicious packets, adding an automation component which is extremely advanced for a free tool. 8. Aircrack-ng: For wireless networks In addition to wired networks, technicians these days also need to make sure that wireless networks are properly functioning, and Aircrack-ng is a tool to help with that. It’s actually a suite of tools including a wireless detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and an analysis tool for 802.11 wireless LANs. It can be used to detect what wireless networks are operating in the vicinity, who is using them, and how well they are protected. It can be downloaded for free. 9. OpenNMS: Network monitoring OpenNMS is an open-source network monitoring platform that helps network engineers visualize and monitor an enterprise of both local and distributed networks. OpenNMS offers comprehensive fault, performance, traffic monitoring and alarm generation. And it is highly customizable and scalable. There are two versions of the platform. Meridian is a paid product that comes with a subscription service to help configure and run the tool, while Horizon is the free, community-based platform that anyone can download and use. Horizon has all the features of the paid platform, but users will need to configure and use it to work within their network. 10. SmokePing: Measures latency SmokePing is an interesting tool that is designed to measure network latency and packet loss over time. It does this by sending out pings at intervals and recording response times. It then places that data into an interactive graph that shows latency patterns. Users can click anywhere on the graph to get information about what was happening at that point in time, which can be helpful if users know their network is having intermittent trouble, but not exactly when it is happening or why. It can be downloaded for free. 11. DBOT: Monitors the Slack app Many network engineers use Slack to communicate with one another, or to get requests and orders from users and administrators. It’s one of the most popular instant communication platforms being used today, especially by technical people. But it’s important that Slack not become a vulnerability itself. To watch over it, the DBOT tool, which is technically a bot, scans all URLs, files and IP addresses within a Slack installation looking for malicious content. DBOT then directly warns users when it finds something like a file being served from an IP with known malware. It is a free and open source tool that can be quickly added to any Slack installation to provide an extra layer of protection. 12. Senzing: Data matching The Senzing tool is somewhat peripheral to networking and security, but is useful enough in certain situations. Senzing is able to find similarities and relationships within disparate databases. When used for cybersecurity, it can find exposed personal information sitting on a network where it’s not supposed to be, or it may be able to uncover multiple accounts owned by the same user by linking otherwise disparate pieces of information contained in multiple places. Senzing is deployed as an API for most major platforms, and is free to download and use to analyze up to 100,000 records. Users can then pay to analyze more records if needed.
