6 Best Bandwidth and Traffic Pattern Analysis Tools

In order to keep networks running smoothly, we need to keep an eye on things. Unfortunately, networks are not the easiest of things to examine. Network traffic moves within cables and wires–or through the air–and it does so at a speed that would prevent us to see anything, even if it were possible. To see what’s going on on your network, you need the proper tools. This is exactly what this article is about. We’ve searched the market looking for the best bandwidth and traffic pattern analysis tools. We’ve found quite a few. Some are combined tools that will provide both bandwidth and traffic pattern analysis while other will only do one or the other. We’ll leave it up to you to choose whether you want to use a combined tool or if you prefer one type of tool over the other.

And to make it easier for you to pick the best tool for your specific needs, we’ll start off with some theory about bandwidth and traffic pattern analysis. We’ll try to explain what each is, how it works and how they differ from each other. When we’re done with this theory, we’ll review the best tools we could find. We’ll first discuss the combined tools or bundles that offer both functionalities and then, we’ll introduce the best bandwidth analysis tools followed by the best traffic patterns analysis tools.

Bandwidth Analysis — What It Is

In one sentence, bandwidth analysis is the process of measuring the bandwidth utilization of network circuits. Let’s explain. Imagine a LAN circuit with a 1 Gbps capacity. This figure means it can carry up to 1 Gigabit of data per second. But that doesn’t mean it IS carrying that much data. You could compare it to a highway. A four-lane highway with a speed limit of 55 miles per hour can carry a certain number of cars per hour. If you want to know, at any given time, how many cars go by, you have to count them. This is what these rubber hoses that are sometimes stretched across roads are used for. Similarly, if you want to know how much network traffic there is at a given point and time, you need some tool to measure it.

Bandwidth monitors are exactly that, tools that measure the actual utilization of network circuits. They typically measure the bandwidth usage at different points on a network at frequent time intervals–such as every five minutes–and plot it on a graph that shows its evolution in time. This is quite useful as it allows you to see the evolution of the utilization as well as to gain some knowledge of the times when there are utilization peaks. This is an invaluable tool for capacity planning.

How it Works – SNMP In A Nutshell

The Simple Network Management Protocol, or SNMPis the basis of most network bandwidth analysis tools. The protocol was invented to manage networking devices but its most common use is monitoring. An SNMP-enabled device has several parameters or variables–called OID for Object Identifier–that can be read by SNMP monitoring tools. Of particular interest when monitoring bandwidth are two parameters that are available for each interface of a networking device, the bytes in and bytes out counters. They are simply counters that are incremented each time a byte is received or transmitted on an interface.

If a bandwidth monitoring tool read these counters at a regular and known interval (five minutes is a common figure), using simple math, the average bandwidth utilization per five-minute period can be calculated. It’s just a matter of subtracting the previous counter value from the current one to get the number of bytes in five minutes, multiplying it by eight to get the number of bits and dividing that by 300 to get the number of bits per second. Most tools will save the counter values in some sort of database or file and plot the utilization values on graphs or use them to build tables.

How About Traffic Patterns?

While bandwidth analysis tools are great to measure the utilization of a network segment, they don’t tell us much about the nature of that utilization. Sometimes, it would be very useful to know what type of traffic or what users are utilizing the available bandwidth. This is where network traffic pattern analysis comes in.

Analyzing network patterns can provide useful information such as the distribution of traffic by type. For instance, while SNMP monitoring would tell you that a given circuit is used at 90% of its capacity (a figure that is way too high and shall be avoided at all costs), traffic pattern analysis could tell you that 50% of that traffic is web browsing and that 10% is email. But it doesn’t stop at traffic types. Traffic could also be reported by source and/or destination IP address. And by adding some extra intelligence and connecting the monitoring tool to other components of the infrastructure such as the AD domain controllers, traffic can also be sorted by user.

So, while SNMP monitoring gives you details about the quantity of traffic on a circuit or segment, traffic pattern analysis will give you qualitative details about the traffic. This feat is accomplished using different flow analysis protocols, the main one being the NetFlow protocol, originally from Cisco but now present on devices from multiple vendors.

A Real Quick NetFlow Primer

Without going too technical, let’s try to explain how NetFlow works. Contrary to SNMP where the devices only keep counters and the monitoring tools do much of the hard work, much of the burden of NetFlow is on the devices themselves. NetFlow-enabled equipment runs some built-in software integrated into the operating system that generates flow data about each traffic flow that goes through it.

It is the equipment’s NetFlow process’ job to recognize flows and to assemble details about each one. Flow data is not kept on the devices. As soon as a flow terminates, its data is sent to a NetFlow collector. The collector’s job is to receive flow data from multiple devices and store it in an orderly fashion. The next component in the chain, the NetFlow analyzer, read the flow data from the collector and displays it in a meaningful way, typically using graphs. In most instances, the NetFlow collector and analyzer are two components of the same software.

The Best All-in-one Or Combined Tools

The first type of tool we’re looking at is all-in-one or combined tools. These are tools that offer both bandwidth monitoring via SNMP and traffic pattern analysis using NetFlow. One tool on our list is a true combined tool while the other is actually a bundle of two separate tools that are purchased together.

1. SolarWinds Network Bandwidth Analyzer Pack (FREE TRIAL)

SolarWinds is a common name in the field of network administration tools. It’s been around since 1999 and has produced some of the best free tools targeting specific tasks of network administrators. But SolarWinds reputation stems mostly from making some of the best bandwidth monitoring tools and the best NetFlow collectors and analyzers. Respectively called the SolarWinds Network Performance Monitor and the NetFlow Traffic Analyzer, the two tools can be purchased together as the SolarWinds Network Bandwidth Analyzer Pack, the first entry on our list.

SolarWinds NPM Network Summary

The first component, the Network Performance Monitor or NPM is a feature-rich SNMP network monitoring system. It boasts an easy to use web-based dashboard, it is easy to set up and configure and, more importantly, it does an excellent job. The tool’s customizable alerting features will notify you whenever specific metrics exceed a predefined value.

NPM can also build intelligent maps of your network and can display the critical path between any two points, facilitating the troubleshooting process. The software has wireless network monitoring and management built right into it. Another great feature is called Network Insights. It is available for Cisco Nexus and ASA devices as well as F5 load balancers. This module provides advanced monitoring of several parameters that are specific to these devices.

The second component of this bundle is the NetFlow Traffic Analyzer or NTA. Using the Netflow protocol, this tool provides more detailed information about traffic flows on your network. Instead of just showing bandwidth usage in bits per second, it can provide detailed information on what the observed traffic is. It can, for instance, report on what type of traffic is more frequent or what user is using the most bandwidth. Several different views are available on the tool’s dashboard such as top applications, top protocols or top talkers, for instance.

SolarWinds NetFlow Traffic Analyzer Dashboard

The NTA relies on the NetFlow protocol to gather detailed usage information from your network devices. Although NetFlow is originally from Cisco, it is now included in equipment from many vendors. It may have a different name such as J-Flow on Juniper devices but all variants are supported by the NTA. In recent years, the NetFlow protocol has been standardized by the IETF as IPFIX, or IP Flow Information Exchange. IPFIX, of course, is also supported by the NTA.

Prices for the SolarWinds Network Bandwidth Analyzer Pack start $4 910 for monitoring up to 100 elements. Other options are available allowing more devices with top tier having unlimited devices. For those who’d prefer to try the product before buying it, a free 30-day trial can be downloaded from SolarWinds.

FREE TRIAL: SOLARWINDS NETWORK BANDWIDTH ANALYZER PACK

2. Paessler Router Traffic Grapher

The Paessler Router Traffic Grapher, or PRTG, is another tool that combines SNMP bandwidth monitoring with NetFlow collection and analysis features. According to Paessler, PRTG is one of the easiest and fastest tools to set up. The company claims you could be up and running within minutes. This might be somewhat of an overstatement but it is true that setting up the product is impressively fast. This is partly due to its auto-discovery feature in which PRTG scans your network and automatically adds the components it finds.

PRTG Screenshot

The user interface is another place where PRTG shines. In fact, there are several user interfaces to choose from. There’s a native Windows console, an Ajax-based web interface, and there are mobile apps for Android or iOS. One of the unique mobile apps features will let you scan a QR code affixed to your equipment to quickly view its status.

As far as monitoring goes, PRTG uses SNMP to monitor bandwidth utilization but it doesn’t stop there. Using a concept called sensors, PRTG can also use WMI for Windows hosts and NetFlow or Sflow for networking devices.

This tool’s pricing is based on the number of sensors you’re using where a sensor is any parameter or metric you need to monitor. For instance, each interface monitored via SNMP counts as one sensor. Similarly, each NetFlow data source is another sensor. PRTG is available in a full-featured free version which is limited to monitoring 100 sensors. For more sensors, paid licenses are available. Prices vary according to sensor capacity from $1 600 for 500 sensors to $14 500 for unlimited sensors. A free, sensor-unlimited 30-day trial is available for download. Once the trial period ends, it will revert back to the free version with a 100 sensors limit.

The Best Bandwidth Monitoring Tools

While integrated tools or software bundles are interesting, some might prefer to go with individual tools. For that reason, we’re including a few of the best bandwidth monitoring tools. Remember that both the SolarWinds Network Performance Monitor and PRTG from the previous list are among the best bandwidth monitoring tools as well.

3. ManageEngine Network Bandwidth Monitor

ManageEngine is another common name in the field. The company makes several products, both free and paid, for administering networks. The ManageEngine Network Bandwidth Monitor is a free tool which is part of ManageEngine’s OpUtils bundle, a huge pack of some 16 free network management utilities. The tool runs on both Windows and Linux and the free edition allows monitoring up to 10 devices and their interfaces.

ManageEngine Network Monitor

The tool has auto-discovery and once devices are discovered, their interface’s statuses and parameters can be viewed from the inventory tab. You can also display graphs of network speed and bandwidth usage. Reports on bandwidth usage over the past 12 hours to one month can also be generated for each interface. Furthermore, alerts by email or text message can be triggered whenever parameters are out of normal range.

With its 10 devices limit, the ManageEngine Network Bandwidth Monitor is not for everyone, though. For larger networks, there is also a paid version with no device limitation. It is available as a free 30-day evaluation version which will revert to a device-limited version once the trial period ends.

4. Cacti

Cacti is one of the most-used and of the oldest free and open-source monitoring platform. Not as feature-rich as many commercial products, it is still an excellent tool. The tool’s web-based user interface has a vintage feel to it but it is well laid out and easy to use. Cacti includes a fast poller, advanced graphing templates, and multiple acquisition methods. It mainly uses SNMP polling but custom scripts can be devised to get data from virtually any source.

This tool’s main strength is in polling devices and graphing the data on web pages. It’s very good at that but that’s about all it will do. But if you don’t need alerting or other extras, the product’s simplicity might be just what you need. Written entirely in PHP, the software is highly customizable and you can easily adapt it to our specific needs.

Cacti makes extensive use of templates to ease configuration. You have device templates for many common types of devices as well as graph templates. There’s also a huge online community that writes custom templates of all kinds and some equipment manufacturers offer downloadable Cacti templates.

The Best Traffic Pattern Analysis Tools

If traffic pattern analysis is what you’re looking for, our exploration has revealed a few interesting tools that provide NetFlow collection and analysis features.

5. ManageEngine NetFlow Analyzer

The ManageEngine NetFlow Analyzer provides a detailed view of traffic patterns. The product is controlled by a web-based interface and offers an impressive number of different views on your network. You can, for instance, view traffic by application, by conversation, or by protocol. You can also set alerts to warn you of potential issues. For example, you can set up a traffic threshold on an interface and be alerted whenever traffic exceeds it.

ManageEngine Netflow Analyzer

The tool comes with several very useful pre-built reports that are tailored for specific purposes such as troubleshooting or capacity planning. The tool also allows administrators to create custom reports to their liking. Its dashboard includes several pie charts with depicting data such as top applications, top protocols or top conversations. It can also display a heat map with the status of the monitored interfaces.

The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow (of course), IPFIX, J-flow, NetStream, and a few others. The Product comes in two versions. The free version is identical to the paid one for the first 30 days but it then gets limited to monitoring only two interfaces or flows. Paid licenses are available in several sizes from 100 to 2500 interfaces or flows with prices varying between about $600 to over $50K.

6. Scrutinizer

Our last entry for today is a product from Plixer called Scrutinizer. This is more than just a NetFlow Analyzer and many view it as a full incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, and IPFIX, you’re not limited to monitoring only Cisco devices.

Scrutinizer

Scrutinizer features a hierarchical design and offers streamlined and efficient data collection. It allows one to start small and easily scale way up to millions of flows per second. This tool can help you quickly find the real cause of most any network issues even if it has nothing to do with the network such as when a server responds slowly. It can operate reliably in physical and virtual environments and comes with advanced reporting features.

Scrutinizer is available in four license tiers from the basic free version to the full-fledged SCR. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any level of license for 30 days after which it will revert back to the free version.

Read 6 Best Bandwidth and Traffic Pattern Analysis Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

14 Best Network Security Tools For Safer Environments in 2018

Security is often one of the primary concerns of network administrators. And just like there are tools to assist us with pretty much all of our daily tasks, there are tools that will help us with securing our networks and the equipment they’re made of. And today, we’re bringing you some of the best network security tools we could think of.

Our list is by no means complete as there are hundreds of tools out there that can help you with securing your network. It also excludes anti-virus software which, despite being security-related, fall into a completely different category of tools. We’ve also excluded firewalls from our list. These are also in a different category. What we’ve included are vulnerability assessment tools and scanners, encryption tools, port scanners, etc. In fact, we had pretty much only one criterion for inclusion on our list, they had to be security-related tools. That is tools that can help you increase security or test and verify it.

We have so many tools to review that we won’t spend much time on theory. We’ll simply start off with some more details on the different categories of tools and follow through with reviewing the tools themselves.

Different Categories Of Tools

There are literally hundreds of different tools pertaining to network security. To make for an easier comparison of the different tools, it can be useful to categorize them. One of the types of tools we have on our list is event managers. Those are tools that will respond to various events happening on your network. They often detect those events by analyzing logs from your equipment.

Also useful are packet sniffers, they let you dig into traffic and decode packets to see the payload they contain. They will often be used to further investigate security events.

Another major category of tools is intrusion detection and prevention systems. They are different from antivirus or firewall software. They work at the perimeter of your network to detect any unauthorized access attempt and/or any malicious activity.

Our list also features some oddball tools that don’t really fit into a specific category but that we felt should be included as they are truly useful.

The Best Network Security Tools

When presenting such an extensive list of tools that serve vastly different purposes, it’s hard to list them in any order. All the tools reviewed here are very different and one is not objectively better than any other. So, we’ve decided to just list them in a random order.

1. SolarWinds Log And Event Manager (FREE TRIAL)

If you don’t already know SolarWinds, the company has been making some of the very best network administration tools for years. Its Network Performance Monitor or its NetFlow Traffic Analyzer are some of the best SNMP network monitoring and NetFlow collector and analyzer packages you can find. SolarWinds also makes some excellent free tools that address specific needs of network and system administrators such as an excellent subnet calculator and a very good TFTP server.

SolarWinds Log And Event Manager Screenshot

When it comes to network security tools, SolarWinds has a few good products for you. First and foremost is its Log and Event Manager (LEM). This tool is best described as entry-level Security Information and Event Management (SIEM) system. It is possibly one of the most competitive entry-level SIEM systems on the market. The SolarWinds product has most everything you can expect from a basic system. The tool has excellent log management and correlation features together with an impressive reporting engine.

The SolarWinds Log and Event Manager also boasts some excellent event response features. Its real-time system will react to any threat it detects. And the tool is based on behavior rather than signature making it great for protecting against zero-day exploits and unknown future threats without needing to constantly update the tool. The SolarWinds LEM and features an impressive dashboard which is possibly its best asset. Its simple design means you’ll have no trouble quickly identifying anomalies.

Pricing for the SolarWinds Log and Event Manager starts at $4 585. And if you want to try before you buy, a free fully functional 30-day trial version is available.

2. SolarWinds Network Configuration Manager (FREE TRIAL)

SolarWinds also make a few other tools related to network security. For instance, the SolarWinds Network Configuration Manager will allow you to ensure that all equipment configurations are standardized. It will let you push bulk configuration changes to thousands of network devices. From a security standpoint, it will detect unauthorized changes which could be a sign of malicious configuration tampering.

SolarWinds Network Configuraiton Manager Summary

The tool can help you quickly recover from failures by restoring previous configurations. You can also use its change management features to quickly identify what changed inside a configuration file and highlight the changes. Furthermore, this tool will allow you to demonstrate compliance and pass regulatory audits thanks to its built-in, industry-standard reports.

Pricing for the SolarWinds Network Configuration Manager starts at $2 895 and varies according to the number of managed nodes. A free fully-functional 30-day trial is available.

3. SolarWinds User Device Tracker (FREE TRIAL)

The SolarWinds User Device Tracker is another must-have network security tool. It can improve your IT security by detecting and tracking users and endpoint devices. It will identify which switch ports are in use and determine which ports are available in multiple VLANs.

SolarWinds User Device Tracker

When malicious activity is suspected with a specific endpoint device or a given user, the tool will allow you to quickly pinpoint the device’s or the user’s location. Searches can be based on hostnames, IP/MAC addresses, or usernames. The search can even be extended by looking into past connection activities of the suspected device or user.

The SolarWinds User Device Tracker is priced starting at $1 895 and varies by the number of ports to track. As with most SolarWinds products, a free 30-day full-features trial is available.

4. Wireshark

To say that Wireshark is just a network security tool is a gross understatement. It is by far the best packet capture and analysis package we can find these days. This is a tool that you can use to perform in-depth analysis of network traffic. It will let you capture traffic and decode each packet, showing you exactly what it contains.

Wireshark Screenshot

Wireshark has become the de-facto standard and most other tools tend to emulate it. This tool’s analysis capabilities are so powerful that many administrators will use Wireshark to analyze captures done using other tools. In fact, this is so common that upon startup, it will prompt you to either open an existing capture file or start capturing traffic. But the biggest strength of this tool is its filters. They will easily let you zero in on precisely the relevant data.

Despite its steep learning curve (I once attended a three-day class just on how to use it) Wireshark is well-worth learning. It will prove invaluable countless times. This is a free and open-source tool that has been ported to almost every operating system. It can be downloaded directly from Wireshark’s website.

5. Nessus Professional

Nessus Professional is one of the industry’s most widely deployed assessment solution for identifying vulnerabilities, configuration issues, and malware that attackers use to gain unauthorized access to networks. It is used by millions of cybersecurity professionals, giving them an outsider’s view of their network security. Nessus Professional also offers important guidance on how to improve network security.

Nessus Pro Screenshot

Nessus Professional has one of the broadest coverage of the threats scene. It possesses the latest intelligence and an easy-to-use interface. Rapid updates are also one of the tool’s excellent features. Nessus Professional provides an effective and comprehensive vulnerability scanning package.

Nessus Professional is subscription-based and will cost you $2 190/year. If you’d rather try the product before purchasing a subscription, a free trial can be obtained although it only lasts 7 days.

6. Snort

Snort is one of the best-known open-source intrusion detection system (IDS). It was created in 1998 and it has been owned by Cisco System since 2013. In 2009, Snort entered InfoWorld’s Open Source Hall of Fame as one of the “greatest open source software of all time“. This is how good it is.

Snort Screenshot

Snort has three modes of operation: sniffer, packet logger, and network intrusion detection. The sniffer mode is used to read network packets and display them on the screen. The packet logger mode is similar but the packets are logged to the disk. The intrusion detection mode is the most interesting. The tool monitors network traffic and analyzes it against a user-defined ruleset. Different actions can then be performed based on what threat has been identified.

Snort can be used to detect different types of probes or attacks, including operating system fingerprinting attempts, semantic URL attacks, buffer overflows, server message block probes, and stealth port scans. Snort can be downloaded from its own website.

7. TCPdump

Tcpdump is the original packet sniffer. First released in 1987, it has since been maintained and upgraded but remains essentially unchanged, at least it the way it is used. This open-source tool comes pre-installed in almost every *nix operating system and it has become the standard tool for a quick packet capture. It uses the libpcap library–also open-source–for the actual packet capture.

Tcpdump screenshot

By default. tcpdump captures all traffic on the specified interface and “dumps” it–hence the name–on the screen. This is similar to Snort’s sniffer mode. The dump can also be piped to a capture file–behaving like Snort’s packet logger mode–and analyzed later using any available tool. Wireshark is often used for that purpose.

Tcpdump’s key strength is the possibility to apply capture filters and to pipe its output to grep–another common Unix command-line utility–for even more filtering. Someone with a good knowledge of tcpdump, grep, and the command shell can easily capture precisely the right traffic for any debugging task.

8. Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for wireless LANs. It will work with any wireless card which supports raw monitoring mode and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The tool can run under Linux, FreeBSD, NetBSD, OpenBSD, and OS X. There is unfortunately very limited support for Windows mainly because only one wireless network adapter for Windows supports monitoring mode.

Kismet 2.7.1 Screenshot

This free software is released under the Gnu GPL License. It is different from other wireless network detectors in that it is working passively. The software can detect the presence of both wireless access points and clients without sending any loggable packet. And it will also associate them with each other. Furthermore, Kismet is the most widely used open source wireless monitoring tool.

Kismet also includes basic wireless intrusion detection features and can detect active wireless sniffing programs as well as a number of wireless network attacks.

9 Nikto

Nikto is an open-source web server scanner. It will perform a comprehensive array of tests against web servers, testing for multiple items including over 6700 potentially dangerous files and programs. The tool will check for outdated versions of over 1250 servers, and identify version-specific issues on over 270 servers. It can also check server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Nikto is designed for speed rather than stealth. It will test a web server in the quickest time possible but its passage will show up in log files and be detected by intrusion detection and prevention systems.

Nikto is released under the GNU GPL license and can be downloaded for free from its GitHub home.

10. OpenVAS

The Open Vulnerability Assessment System, or OpenVAS, is a toolset that offers comprehensive vulnerability scanning. Its underlying framework is part of Greenbone Networks’ vulnerability management solution. It is entirely free and most of its component are open-source although a few are proprietary. The product has over fifty thousand network vulnerability tests which are being updated on a regular basis.

OpenVAS 7 Software Architecture

There are two primary components to OpenVAS. First, there’s the scanner, which handles the actual scanning of target computers. The other component is the manager. It controls the scanner, consolidates results, and stores them in a central SQL database. The tool’s configuration parameters are stored in that database as well. An additional component is called the Network Vulnerability Tests database. It can be updated from either the fee Greenborne Community Feed or the Greenborne Security Feed. The latter is a paid subscription server while the community feed is free.

11. OSSEC

OSSEC, which stands for Open Source SECurity, is a host-based intrusion detection system. Contrary to network-based IDS, this one runs directly on the hosts it protects. The product is owned by Trend Micro, a trustworthy name in IT security.

OSSEC Dashboard Screenshot

The tool’s primary focus is log and configuration files on *nix hosts. On Windows, it watches the registry for unauthorized modifications and suspicious activities. Whenever something odd is detected, you are quickly alerted either through the tool’s console or by email.

The main drawback of OSSEC–or any host-based IDS–it that it must be installed on each computer you want to protect. Fortunately, this software will consolidate information from each protected computer in a centralized console, making its management much easier. OSSEC only runs on *nix. However, an agent is available to protect Windows hosts.

OSSEC is also distributed under the GNU GPL license and it can be downloaded from its own website.

12. Nexpose

Nexpose from Rapid7 is another top-rated vulnerability management tool. This is a vulnerability scanner which supports the entire vulnerability management lifecycle. It will handle discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. User interaction is handled via a web-based interface.

Nexpose Screenshot

Feature-wise, this is a very complete product. Some of its most interesting features include virtual scanning for VMware NSX and dynamic discovery for Amazon AWS. The product will scan most environments and can scale up to an unlimited number of IP addresses. Add to that its rapid deployment options and you have a winning product.

The product is available in a free community edition with a reduced feature set. There are also commercial versions which start at $2,000 per user per year. For downloads and more information, visit the Nexpose homepage.

13. GFI LanGuard

GFI Languard claims to be “The ultimate IT security solution for business”. This is a tool that can help you scan networks for vulnerabilities, automate patching, and achieve compliance. The software not only supports desktop and server operating systems but also Android or iOS. GFI Languard performs sixty thousand vulnerability tests and ensures your devices are updated with the latest patches and updates.

GFI Languard Screenshot

GFI Languard’s intuitive reporting dashboard very well made and so is its virus definition update management which works with all major antivirus vendors. This tool will not only patch operating systems but also web browsers and several other third-party applications. It also has a very powerful web reporting engine and great scalability. GFI Languard will assess vulnerabilities in computers but also in a wide range of networked devices such as switches, routers, access points, and printers.

The pricing structure for GFI Languard is quite complex. The software is subscription-based and must be renewed annually. For users who prefer to try the tool before buying it, a free trial version is available.

14. Retina

The Retina Network Security Scanner from AboveTrust is another one of the best-known vulnerability scanners. This is a fully-featured product that can be used to perform an assessment of missing patches, zero-day vulnerabilities, non-secure configuration, and other vulnerabilities. The tool boasts an intuitive user interface. Furthermore. user profiles matching various job functions simplify the operation of the system.

Retina Network Security Scanner

The Retina scanner uses an extensive database of network vulnerabilities, configuration issues, and missing patches. The database is automatically updated and it covers a wide range of operating systems, devices, applications, and virtual environments. The product’s full product of VMware environments includes online and offline virtual image scanning, virtual application scanning, and integration with vCenter.

The Retina scanner is only available as a subscription at a cost of $1 870/year for an unlimited IP addresses count. A free 30-day trial version can also be obtained.

 

Read 14 Best Network Security Tools For Safer Environments in 2018 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

10 Best Tools For Monitoring Local Area Networks

Monitoring local area networks, or LANs, in one of the most important tasks of any network administrator. Monitoring allows one to verify that all is running smoothly. But monitoring is not just a matter of looking at the network, at least not with the naked eye. Network traffic happens at a subatomic level within electrical or optical conductors. And it’s not only small, it’s also blazingly fast. So, to monitor LANs, you need the proper tools. The good thing about this is that there are lots of tools available. On the other hand, the main drawback is that there are lots of tools available. Having so many tools to choose from can turn what should be a simple selection process into a terrible ordeal. We’ve done the initial work of weeding out what available and we’re glad to present the ten best tools for monitoring local area networks.

Before revealing what out top ten tools are, we’ll sidetrack briefly to discuss network monitoring. We’ll do our best to explain what it is and its benefits are. And if you’re of the curious type, we’ll also talk about how it works. Knowing how a tool works often makes it easier to choose the one that best suits your needs. And finally, we’ll reveal what the ten best tools are. For each one, we’ve done a mini review of its most important features.

The Benefits Of Network Monitoring Tools

Other than just knowing what’s going on with our networks, monitoring tools have several benefits. For instance, they are an invaluable troubleshooting tool. Its, not uncommon for such tools to be deployed in such a way that every single segment of a local area network, every single switch port is monitored. This makes it super easy to pinpoint sources of heavier than usual traffic, a common source of problems.

There’s also a huge benefit from a capacity planning standpoint. Most, if not all, monitoring tools keep historical data. In fact, they usually plot graphs depicting the evolution of bandwidth usage. This makes it easy to see trends. One can, therefore, evaluate which segments of a local area network has a utilization growth pattern that warrants upgrading it. It can also come in handy as a concrete proof of the need to upgrade to help with justifying the expense.

Another major benefit of local area network monitoring tools lies in their alerting capabilities. Many such tools have alerting and notification features. Alerts can be triggered whenever certain thresholds are reached or exceeded, notify the administrators of an abnormal situation often before it becomes a service-impacting issue.

How Network Monitoring Tools Work

Network monitoring tools typically rely on the Simple Network Management Protocol, or SNMP to accomplish their feat. Despite its misleading name, SNMP is a relatively complex protocol. Devised some 30 years ago, it is a communication protocol that lets network administrators manage networking equipment and monitor and diagnose them from a remote location. For the sake of this discussion, we’ll ignore the management capabilities of the protocol but let’s see, in a not-too-technical way, how the monitoring works.

Every SNMP-enabled device exposes a certain number of its operational parameters. These are accessible by a suitably configured SNMP monitoring or management system. Some parameters can only be read while others can be modified. For monitoring, only the read-only ones are interesting. Those parameters are referred to as OIDs, an acronym for Object IDentifiers. In the context of monitoring local area networks, some OIDs are specifically interesting. SNMP-enabled networking devices have a pair of OIDs for each interface that counts the bytes in and the bytes out.

Monitoring tools use these counters to measure each interface’s traffic in bits per second. Here’s how they do it. A typical tool will poll each device at known intervals–5 minutes is a standard value, read the value of the bytes in and out counters, and store them in some form of database. The rest is just mathematics. The previous value of the counter is subtracted from the current one, giving the total number of bytes in five minutes. This number is then multiplied by eight to get the number of bits and divided by 300–the number of seconds in five minutes–to obtain the average bandwidth utilization over the last five minutes in bits per second. This information is also stored in a database and used to plot graphs or tables of its evolution in time.

Our Top 10 Best Tools For Monitoring Local Area Networks

We’ve searched the market for the best tools for monitoring local area networks and we’re glad to present our top ten products. Our list features a combination of paid and free tools. Some have more features than others but don’t assume than less-featured products are not as good. It really depends on your needs. If, for instance, all you want is to keep historical utilization data, you won’t mind a product with limited alerting capabilities–or even no alerting at all.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

First on our list is a product from SolarWinds, one of the best-known names in the field of network and system administration tools. With over 30 full-featured tools, it has something for pretty much every need. In particular, SolarWinds is known to make one of the best NetFlow collectors and analyzers and one of the best bandwidth monitoring tools, the SolarWinds Network Performance Monitor. SolarWinds is also known to make some great free tools that address specific needs such as a subnet calculator or a TFTP server.

SolarWinds NPM Summary

The SolarWinds Network Performance Monitor, or NPM as it is often called, is packed with many excellent features. One of the primary features of this product is its simplicity. We don’t mean simple as incomplete; we mean simple as easy. Furthermore, the product is highly flexible and its dashboard, views, and charts can be customized at will. Setup requires little effort and you can start monitoring within minutes. NPM is also totally scalable and will monitor networks of almost any size from the smallest ones to huge corporate networks spanning multiple sites.

FREE TRIAL: SolarWinds Network Performance Monitor

The SolarWinds Network Performance Monitor periodically polls your networking equipment to read their interface counters, computes the bandwidth utilization, and displays it as graphs showing its evolution over time. Configuring this tool is easy and only requires that you specify a device’s IP address and then pick which parameter you want to monitor. An auto-discovery engine makes initial setup super easy. NPM has many advanced features. It can, for instance, built network maps. It can also display the critical path between two devices, a handy feature when troubleshooting slowdowns.

Prices for the SolarWinds Network Performance Monitor start at $2 995 and vary according to the number of monitored elements. Should you prefer to try the product before buying it, a free 30-day trial version can be downloaded from SolarWinds.

2. PRTG

The Paessler Router Traffic Grapher, or PRTG, is one of the easiest and fastest to set up. According to Paessler, you could be up and running within minutes. Part of the speed and ease of setting up the product is its auto-discovery feature. Upon installation, PRTG will scan your network and automatically add the components it finds.

PRTG Screenshot

PRTG comes with a choice of user interfaces. This is another one of the tool’s strength. You can choose between a native Windows console, an Ajax-based web interface or mobile apps for Android or iOS. The mobile apps exploit their platform’s capabilities and will, for example, let you scan a QR code printed on a label by the software and affixed to your equipment to quickly view its status. PRTG can monitor several parameters–not just bandwidth utilization–using SNMP, WMI, NetFlow, and Sflow.

3. ManageEngine OpManager

The ManageEngine OpManager allows you to monitor routers, switches, firewalls, servers, and VMs for fault and performance. Network devices’ performance is monitored in real time and can be viewed on live dashboards and graphs. In addition to bandwidth utilization, critical metrics such as packet loss, errors, and discards are monitored. The tool will also monitor physical and virtual servers’ performance metrics like availability, CPU, disk space, and memory utilization.

ManageEngine OpManager Dashboard

With more than 100 built-in reports that can be scheduled, customized, and exported as needed, reporting is one for OpManager’s best features. The software is available in three versions: Free, Essential and Enterprise. They differ in the number of devices they can monitor–from 10 or the Free version to 10 000 for the Enterprise–and their feature set, with higher versions sporting additional advanced features.

4. Cacti

Cacti is one of the most-used and of the oldest free and open-source monitoring platform. And while it might not be as feature-rich as some commercial products, it is still an excellent tool. The tool’s web-based user interface has a definite vintage feel but it is well laid out and easy to use. It mainly uses SNMP polling but custom scripts can be devised to get data from virtually any source.

Cacti Screenshot

Cacti’s tool’s main strength is polling devices and graphing the data on web pages. It does that really well but that’s about all it will do. Then again, if you don’t need alerting or other extras, the product’s simplicity might be just what you need. And since the software is open-source and almost entirely written in the PHP language, it is highly customizable and you could adapt it to our specific needs.

One of Cacti’s strongest features is its templates. There is, for example, a built-in template for Cisco switches that already includes most of the elements you might want to monitor on such a device. And there are not only device templates, there are also graph templates and data source templates. Together, they make configuring the tool easier. You can also build device-specific templates yourself if they don’t already exist. There are also many device-specific templates that can be downloaded either from each device manufacturer’s website or from community-driven Cacti forums.

5. Observium

Observium is a monitoring platform featuring low-maintenance and auto-discovery. It supports a wide range of device types, platforms, and operating systems from multiple vendors including, among others, Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, and NetApp. The product’s primary focus is providing a beautiful, intuitive, and simple yet powerful user interface showing the health and status of your network.

Observium Screenshots

Observium offers way more than just bandwidth monitoring. For instance, there’s an accounting system that will measure total monthly bandwidth usage in the 95th percentile or in total transferred bytes. It also has an alerting function with user-defined thresholds.

Observium is only available for Linux. It is easy to set up and it almost configures itself. The main drawback is obtaining the software which can be a challenge. Instead of having a download page on Observium’s website, what you’ll find are detailed installation instructions for several Linux distributions that do include the links to get the package. In a way, it makes sense as it guides you into downloading the right package for your distro.

6. Nagios

Two versions of Nagios are available. There’s a free, open-source version that can be downloaded and used by anyone and there’s a commercial product called Nagios XI. The commercial product has more features but even the free edition is a very potent tool, within its limitations. Nagios’ and original purpose was up or down monitoring but it can also monitor several operational parameters.

Nagios XI Dashboard

One of the best features of Nagios–especially the open-source version–is its community support. Several community-developed plugins, front ends, and add-ons are available directly from the Nagios website. If you want even more functionality, including bandwidth monitoring, you’ll have to go for Nagios XI which has bandwidth usage monitoring and many more useful features. A free trial of Nagios XI is available if you want to see for yourself what this tool can do for you.

7. WhatsUp Gold

WhatsUp Gold from Ipswitch has been around for a while. This tool’s primary function used to be monitoring system availability rather than operational parameters. As its name implies WhatsUp Gold will tell you what’s up and what’s not. It has one of the best alerting systems and can be configured to transmit alerts using a multitude of ways including email and SMS.

WhatsUp Gold Dashboard

Today, WhatsUp Gold lo longer only monitors devices up and down status, it can also measure bandwidth usage and check that services are responding. It can, for instance, monitor the availability of Exchange and SQL servers, Active Directory, IIS and Apache Web services. And if your server farm is cloud-based, WhatsUp Gold will also monitor AWS or Azure installations.

8. Zabbix

Another open-source product, Zabbix has a highly professional look and feel, much like you’d expect from a commercial product. But it doesn’t just have a good-looking web-based interface, it also has an impressive feature set. Zabbix will monitor most network-attached devices, not just networking equipment. It would be a good option if you also want to monitor servers, for instance.

Zabbix Dashboard

Zabbix uses SNMP as well as the Intelligent Platform Monitoring Interface (IMPI) for monitoring devices. You can use the software to monitor bandwidth, device CPU and memory utilization, general device health as well as configuration changes. Zabbix also features an impressive and completely customizable alerting system. It will not only send email or SMS alerts but also run local scripts which could be used to fix some issues automatically.

9. Icinga

Icinga is yet another open source monitoring platform. It’s got a simple and clean user interface and a feature set that rivals a few commercial products. Like most bandwidth monitoring systems, Icinga uses SNMP to gather usage data from devices. One of the areas where Icinga particularly shines is its use of plugins. There are thousands of community-developed plugins to perform various monitoring tasks and extend the product’s functionality. And if you can’t find the right plugin for your needs, you can write one yourself and contribute it to the community.

Icinga Tactical Overview

Alerting and notification also among Icinga’s best features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features segmented alerting. This means that you can send some alerts to some users and other alerts to different people. This is a great feature when you have different systems managed by different groups.

10. Zenoss Core

Last on our list is Zenoss Core. This might not be the best-known monitoring tool but it certainly deserves a spot on our list, thanks to its feature set and professional aspect. This tool can monitor many things such as traffic flows or services like HTTP and FTP. It’s got a clean and simple interface and its alerting system is excellent. We particularly loved the multiple alerting mechanisms that will alert a second person if the first one does not respond within a predefined delay.

Zenoss Core Dashboard

Unfortunately, Zenoss Core is one of the most complicated systems to install and set up. The process is entirely command-line driven. When used to GUI installers, configurations wizards, and auto-discovery engines, this may seem a bit archaic. However, there is ample documentation available, eliminating much of the guesswork.

In Conclusion

With so many products available, this list of the best tools for monitoring local area networks could be dozens of items long. We’ve tried to give you a good sample of what the best available tools are. Each has its strengths and weaknesses but they are all excellent products and we’re comfortable recommending any one of them. As always, the main determining factor in choosing a monitoring tool should be its feature set.

Read 10 Best Tools For Monitoring Local Area Networks by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

What Is Throughput? 6 Best Tools to Measure Throughput

Throughput–or more precisely network throughput as this is what we’re going to be talking about–is a measure of a circuit’s capacity to transport data. It is usually expressed in bits per second and it gives an idea of the amount of data that can be transmitted by unit of time. Today, we’re reviewing the best tools to measure throughput. Some of you may be wondering why anyone would need such a tool. After all, isn’t a 100 Mbps circuit’s throughput 100 Mbps? Well, not always, hence the need for tools to measure it.

We’ll start our exploration by having an in-depth look at throughput. We’ll tell you what it is and what it is not. We’ll then try to address the common confusion between bandwidth and throughput. They are related but not the same. Then we’ll talk about factors having an adverse effect on throughput. Our next order of business will be to make sure everyone is on the same page about bits and bytes and that we all understand what Throughput figures really mean. With all this behind us, we’ll reveal some of the best Throughput measuring tools we could find, followed by a brief discussion on the specific tools used to measure Internet Throughput.

What is Throughput?

According to Wikipedia, “throughput is the maximum rate of production or the maximum rate at which something can be processed”. This is a bit generic, though, and what we’re really interested in is network throughput. So, referring back to the popular online encyclopedia, it is further defined, in the context of telecommunications, as “the rate of successful message delivery over a communication channel”. We’re getting closer to our goal of defining throughput.

In computer networking terms, throughput usually refers to a circuit or a link’s maximum capacity to move data. Its value is expressed in bits per second (bps), often using multipliers such as kilo, mega, or giga. Throughput is what you’re often paying for. For instance, you expect a 100 Mbps LAN interface to have a throughput of 100 Mbps. Similarly, if you have a 20 Mbps connection to the Internet, you expect its throughput to be 20 Mbps.

The exact definition of Throughput is not exactly clear but, for the purpose of our discussion, we’ll assume that it is the true measure of a network circuit’s capacity to carry data. In simpler terms, it is the maximum achievable bandwidth of a circuit. If we compare the circuit to a highway–as we often do–the throughput is the number of cars it can carry per hour.

Are Throughput and Bandwidth The Same?

So, considering our attempted definition of throughput, you might jump to the conclusion that throughput and bandwidth are one and the same. And if we look at definitions of network bandwidth and network throughput, you’ll see many similarities. In fact, the bandwidth definition of one person can be the throughput definition of another and this can make it seem like the terms are loosely interchangeable.

We don’t think they are interchangeable. But in reality, what we think doesn’t really matter. Or at least, it should not matter much to you. What matters is that we agree on what will be called what in this article. So, for the remainder of our discussion, we’ll refer to throughput as the MAXIMUM data carrying capacity of a circuit and we’ll refer to bandwidth as the CURRENT rate of data that a circuit carries. So, the measured bandwidth of a circuit with a 100 Mbps throughput could be as low as 1 Mbps. In fact, it could be zero.

Factors Affecting Throughput

So, if throughput is the maximum carrying capacity of a circuit, it shouldn’t vary, right? Well, it actually does vary. In fact, it is important to distinguish between maximum throughput and actual throughput. Let’s explain. We’ll take as an example the throughput of a data path between a server in one data center and another server in another data center. Obviously, we’d be tempted to believe that the path’s throughput will be that of the segment of the path with the lowest throughput. But while it is true that it will never be higher than that, it could be lower. Each and every device between the source and the destination can add some delays that will, in turn, adversely affect throughput.

Network overutilization and the resulting congestion can also affect throughput. If we go back to the highway analogy, we all know that a busy highway runs much slower that one with little traffic. The same is true of congested networks.

Don’t confuse Bits And Bytes

Knowing the maximum throughput of a circuit or path to a destination should enable one to calculate how much time will be needed to transfer a file of a given size. But you have to be careful that you get your apples and oranges straight.

Throughput is typically measured in bits per second (bps), kilobits per second (kbps), megabits per second (Mbps) and gigabits per second (Gbps). And there is some confusion as to what the kilo, mega and giga prefixes mean. Under the S.I. standard, these prefixes indicate multiplication by 1,000 (kilo), 1,000,000 (mega), and 1,000,000,000 (giga).

As for file sizes, they are typically measured in bytes, kilobytes, megabytes, and gigabytes, where a byte is eight bits. Nowadays, the kilo, mega, and giga prefixes have the same S.I. standard meanings which are in accordance with the 1998 International Electrotechnical Commission (IEC) standards. However, many still use the older binary convention which defines a kilobyte is as 1 024 bytes. Consequently, a file size of 1 megabyte is 1 024 × 1 024 (or 1 048 579) bytes, and 1 gigabyte is 1 024 × 1 024 × 1 024 (or 1 073 741 824) bytes.

The important thing to note here is that the difference between the S.I. gigabyte and the old-school binary gigabyte is almost 74 megabytes. So, when trying to compute the time required to transfer any amount of data, you have to know if the file size and throughput figures are using S.I. or binary prefixes.

Getting Your Numbers Straight

It’s not unusual for people to abbreviate commonly used expressions. For instance, we’ll often refer to a 64 kilobytes file as a 64 k file or refer to a 100 megabytes file as a 100 meg file. We also often do the same when talking about circuit throughput. So, we’ll refer to a 256 kilobits per second circuit as a 256 k circuit or a 2 Mbps circuit as a 2 meg circuit. Of course, this means you have to be careful when computing transfer times as file sizes are measured in bytes while a circuit’s throughput is measured in bits.

If we take, for example, a 64 k file. It is actually 64 × 1,024 (assuming we’re using binary multipliers) × 8 bits in size for a total of 524 288 bits. Likewise, a 64 k circuit will transmit bits at a rate of 64 × 1,000 or 64 000 bps. Therefore, the amount of time taken to transmit a 64 k file over the 64 k circuit will be at least 524 288/64 000 or 8.192 seconds. Many people wrongfully assume that a “k” is always the same and will conclude that a 64 k file will take 1 second to transmit over a 64 k circuit.

The Best Tools To Measure Throughput

Among all the tools that are available to monitor and measure network performance, some are dedicated to measuring throughput. Those are the tools we’re about to review. The tools below use different methods to measure throughput. Some will use analysis protocols such as SNMP or NetFlow while others will perform stress tests.

1. SolarWinds Network Bandwidth Analyzer Pack (FREE TRIAL)

SolarWinds has gained a solid reputation for making some of the best network monitoring tools. The US-based company is also famous for its many free tools which address specific needs of network administrators such as a TFTP server or a subnet calculator.

The company also has a solution for throughput analysis in its Network Bandwidth Analyzer Pack. This is not a stand-alone product, though, but rather an add-on to either the SolarWinds Network Performance Monitor, one of the best SNMP monitoring tools or the SolarWinds NetFlow Traffic Analyzer, an excellent NetFlow collector and analyzer.

SolarWinds NPM Network Summary

So, let’s see what the Network Bandwidth Analyzer pack has to offer. The product offers comprehensive network throughput analysis and performance monitoring. It will thus monitor and analyze network performance and throughput. It will also help find network faults and monitor the availability and performance of devices and collect flow data for throughput measurement.

The software can also help you identify bandwidth-hogging users and applications, determine which users, applications, or network protocols are using the most bandwidth, validate network traffic prioritization policies and measure the effectiveness of QoS policies.

The SolarWinds Network Bandwidth Pack is licensed based on the largest number of nodes, interfaces, or volumes. You must contact SolarWinds to get a quote. Since it’s an add-on to either NPM or NTA, you’ll have to factor in the cost of one of these as well. If you’d prefer to try the product before purchasing it, a free trial is available.

2. Iperf3

The iperf series of tools can be used to determine the maximum throughput of IP networks. It features various tunable parameters related to timing, protocols, and buffers, allowing you to customize the job to your exact needs. For each test, iperf3 reports the measured throughput, loss, and other parameters.

Iperf3 offers many improvements over previous versions and it now incorporates a number of features found in other tools such as nuttcp and netperf. These useful features were missing from the previous iperf. For example, this version has a zero-copy mode and an optional JSON output. Note that iperf3 is not backward compatible with the original iperf.

Iperf3 Screenshot

Iperf3 is mainly developed by ESnet / Lawrence Berkeley National Laboratory. It is released under a three-clause BSD license. Primarily developed on CentOS Linux, FreeBSD, and OS X, these are the only officially supported platforms. There have been, however, some reports of success with OpenBSD, Android, and other Linux distributions.

Note that the previous version of iperf, iperf2, is still actively developed by another organization. If you want the best functionality, though, you should use iperf3 which can be downloaded from its GitHub home.

3. TotuSoft LAN Speed Test

Despite its name, LAN Speed Test won’t only test Local Area Networks. It was designed from the ground up to be a simple but powerful tool for measuring file transfer, hard drive, USB Drive, and LAN speeds. The tool works by calculating the time requires to move a known amount of data. If you select a local hard drive or USB storage devices as its destination, it will measure that device’s throughput. On the other hand, if you select a remote storage location, it will measure the network throughput.

TotuSoft LAN Speed Test Screenshot

LAN Speed Test builds the test file in memory then transfers it both ways (without the adverse effects of Windows/Mac file caching) while keeping track of the time required to complete the transfer. It then does all the calculations for you.

There is also an option to transfer the file to a remote computer running the LAN Speed Test Server. This can be useful as it ascertains that what you are measuring is really the LAN throughput and that any latency in the remote host storage subsystem is ignored. Just like the LAN Speed Test tool, the LAN Speed Test Server will store the received data in memory rather than to disk.

LAN Speed Test is available in a feature-reduced free version or in a paid version starting at $10 for a single license with volume discounts for multiple copies.

4. NetStress

NetStress is a tool that specializes in measuring throughput on wireless networks. It is a two-component tool with a client and a server and it will effectively measure throughput between the two. So, it can be used for wired networks as well.

NetStress Screenshot

The recommended usage for this tool is to first use it to establish a benchmark of a network’s performance. Then, when issues are reported and you suspect that performance has degraded, you run it again and compare the results to the benchmark. This will tell you if there’s actually an issue with throughput and indicate the steps required to fix it. This actually where the tool’s wireless specialization comes in.

NetStress is loaded with features. First, there’s only one tool that can be either the server or the client. It will also support both TCP and UDP data transfers with variable segment size and it will support multiple data streams. It also has several advanced parameters that can be adjusted to your liking. For instance, you can choose the display units to be in bits or bytes per second.

Netstress can be downloaded for free from nutsaboutnets.com, its publisher’s website.

5. TamoSoft Throughput Test

The TamoSoft Throughput Test is the only tool on our list that is advertised as a throughput test tool. It is a freeware tool. This means that while it is available for free it is not open source. The tool works by continuously sending TCP and UDP data streams across your network and computing important metrics. It will, for instance, calculate upstream and downstream throughput values, packet loss, and round-trip time. The software displays the results in both numeric and chart formats.

TamoSoft Throughput Test Screenshot

The TamoSoft Throughput Test supports both IPv4 and IPv6 connections and allows the user to evaluate network performance depending on the Quality of Service (QoS) settings. Like a few other tools on our list, this is a two components tool with a server and a client.

Here’s how the tools work: The client part connects to the server part which is listening for connections. Once the connection is made, the client and server exchange data in both directions and the client part of the application then computes and displays the network metrics. This is rather simple but it does an excellent job of measuring actual throughput.

The TamoSoft Throughput Test is freeware and TamoSoft also offers a full-fledged solution for WLAN performance analysis that is called TamoGraph Site Survey.

6. IxChariot

Last on our list is IxChariot from Ixia, the software branch of Keysight, maker of some of the world’s most renown electronics test equipment. IxChariot is actually way more than just a throughput measurement tool, it is a complete network analysis solution with countless advanced features. It will measure throughput—it wouldn’t be on this list otherwise—but it will do much more.

Ixia IxChariot Throughput Screenshot

Here are some of the key features of the product. It will let you instantly assess network performance, including wireless performance and geo-location. Its performance Endpoints will run on mobile devices, PCs, Macs or in any hypervisor or cloud service and allow for central management of any platform. The software delivers full application emulation and key performance metrics, including throughput, packet loss, jitter, delay, MOS, and OTT videos like Netflix or YouTube.

This is a top-level product that carries a top-level price which can only be obtained by requesting a formal quote. And while a free trial version is not available, a free online demo is.

About Internet Throughput Testing

Before we end our discussion, there’s another popular type of network throughput measuring tool we’d like to talk about. They are Internet speed testing tools. These tools will let you measure quite accurately the maximum upload and download throughput you’re getting from your Internet Service provider.

There are several such tools available and Speedtest by Ookla is likely one of the most popular. It is used for over ten million unique tests every day. Since its founding in 2006, a total of more than 20 billion tests have been taken with Speedtest. What drives the company is a commitment to “providing transparency into the performance of networks”.

Speedtest is currently available as a web-based tool at Speedtest.net and as stand-alone applications that can be downloaded and installed on iOS, Android, OS X, Windows, Google Chrome, and Apple TV.

There are other similar tools that you can use for that purpose too. Most big Internet Service providers have one that their clients can use. However, I’d stay away from those and would normally prefer a third-party tool for its unbiased approach.

Read What Is Throughput? 6 Best Tools to Measure Throughput by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

8 Best Log Management Software for Faster Troubleshooting

Today’s systems are generating a lot of logging data. On many platforms, every single event, important or not, is logged somewhere. Typically, logs are stored locally. This makes sense as logs are linked to their source. But when trying to troubleshoot issues and find their root cause, that often means we have to look at multiple log files on numerous devices. Wouldn’t it be nice if all the logs from all devices were stored in one place? Log management is that and a lot more, as you’re about to find out. And today, we’re reviewing the top log management systems.

We’ll start off by trying to explain what log management is. As you’ll see, it can be a lot more than just centralizing log storage. Next, we’ll talk about logging protocols. It is rather important as log management wouldn’t likely exist without them. We’ll then try to differentiate syslog servers from log management systems. Unfortunately, there is no clear demarcation between them. We’ll follow with a discussion on Security Information and Event Management systems because this is another type of system that is often confused with log management, thanks to the somewhat unclear definition of each. And finally, we’ll review the top eight log management systems we could find.

Log Management – What It Is

Before we can talk about log management, let’s see what a log is. Simply defined, a log is the automatically-produced and time-stamped documentation of events relevant to a particular system. Whenever an event takes place on a system, a log is generated. Different systems will generate logs for different events and many systems give administrators some degree of control over what generates a log and what doesn’t.

When we’re talking about log management, we’re referring to the processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and eventual disposal of large volumes of log data. Log management implies a centralized system where logs from multiple sources are collected.

But log management is not just log collection. The management part is the most important. Log management systems typically have multiple functionalities, collecting logs being just one of them.

Once logs are received by the log management system, they need to be “translated” into a common format. Different systems format logs differently and include different data in their logs. Some start a log with the date and time, some start it with an event number. Some only include a log ID while other include a full textual description of the event. One of the purposes of log management systems is to ensure that all collected log entries are stored in a uniform format. This will make searching and event correlation much easier down the line.

Talking about searching and even correlation, this is another important function of many log management systems. Some of them feature a powerful search engine that allows administrators to zero-in on precisely what they need. Correlation functions will automatically group related events, even if they are from different sources. How—and how successfully—different log management system accomplish that is a major differentiating factor.

Logging Protocols

Log management would be much more difficult, if at all possible, if it were not for logging protocols. A few of them exist that define what data is to be included in logs, how that should be formatted and how they should be transmitted between systems.

Syslog is arguably the most-used logging protocol. Invented in the early eighties, it has become the de-facto standard for Unix-like systems. One of the greatest assets of the syslog protocol is how it separates the software that generates logs, the system that stores them, and the software that reports and analyzes them. Using the Syslog protocol makes log management much easier. Many non-Unix devices such as switches routers and other networking equipment from many vendors use a variant of the syslog protocol.

Microsoft Windows, as you may have guessed, uses a different logging system. It might have to do with the fact that Windows operating systems and applications have logs that typically contain much more information than syslog permit. Fortunately, the Windows Event Collector functions provide a mean for log management systems can use to receive events from Windows hosts.

No matter what logging protocol is used, an important part of log management is configuring devices to send their logs to the management system. This is different from other tools such as network monitoring systems, where the tool fetches data from the hosts.

Log Servers Vs Log Management

Since it has been available on every Unix-like system for a quite a while, Syslog if often used as a log server with one computer receiving syslog data from several others. While this centralized storage of logs has definite advantages, it is not log management.

To deserve the Log Management System name, a product must include at least some of the more advanced functions. According to Wikipedia, log management is comprised of the following functions: log collection, centralized log aggregation, long-term log storage and retention, log rotation, log analysis, log search, and reporting. Log servers often only offer the log collection and storage and rarely more than that. Each of the log management systems on our top list offers at least some of the more advanced functions.

How About SIEM Systems?

Another popular technology that is often associated with logs and confused with log management systems is Security Information and Event Management, or SIEM. This is quite different from log management although it is closely related. In fact, some products advertised as log management systems are actually SIEM systems while some basic SIEM systems are nothing more than log management systems.

The main reason for that confusion is that log management—or at least, log analysis—is an important component of SIEM systems. In fact, SIEM systems typically take log management to the next level by adding some intelligence to the process. These systems perform log analysis with the ultimate goal of identifying security issues. They will, for instance, look for signs of unsuccessful logins which would indicate an unauthorized intrusion attempt. These systems will automatically scan log entries looking for anything unusual.

SIEM systems have more to do with IT security than IT management and while some do include extensive log management features, many can also use an external log management systems and it’s not uncommon to see both systems running side by side.

The Best Log Management Software

Now that we have a common understanding of what log management is and what it is not, let’s have a look at what’s available. We’ve searched the market for some of the best log management systems. Our initial finding is that there are a lot of them and many of them very good. But we only have so much space so we’re about to review the eight most interesting ones we could find.

1. SolarWinds Papertrail

SolarWinds is a common name in the field of network administration tools. It’s been around for almost 20 years and has brought us one of the best bandwidth monitoring tools and one of the best NetFlow analyzers and collectors. The company is also well-known for publishing several free tools that address some specific needs of network administrators such as subnet calculator or a syslog server.

SolarWinds Papertrail Dashboard

A few years ago, SolarWinds acquired Papertrail, a popular log management system. It aggregates log files from a wide variety of popular products like Apache or MySQL as well as Ruby on Rails apps, different cloud hosting services and other standard text log files. Papertrail users can then use the web-based search interface or the command-line tools to search through these files to help diagnose bugs and performance issues. Papertrail also integrates with other SolarWinds products such as Librato and Geckoboard for graphing results.

Papertrail is a cloud-based, software as a service (SaaS) offering from SolarWinds. It is easy to implement, use, and understand. And it will give you instant visibility across all systems in minutes. The tool has a very effective search engine that can search both stored and streaming logs. And it is lightning fast.

Papertrail is available under several plans including a free plan. It is somewhat limited, though, and only allows 100 MB of logs each month. It will, however, allow 16 GB of logs in the first month which is equivalent to giving you a free 30-day trial. Paid plans start at $7/month for 1GB/month of logs, 1 year of archive and 1 week of index. Noise filtering allows the tool to preserve data by not saving useless logs.

2. SolarWinds Log & Event Manager (FREE TRIAL)

Our next entry is another product from SolarWinds called the SolarWinds Log & Event Manager. Contrary to our previous entry, this is a locally installed product. And it’s also much more than just a log management system. Many of the advanced features of this product put it in the SIEM range. It has real-time vent correlation and real-time remediation, for instance.

SolarWinds Log And Event Manager Screenshot

Here’s an overview of the SolarWinds Log & Event Manager’s main features. It eliminates threats quickly using instantaneous detection of suspicious activity and automated responses. It can also perform security event investigation and forensics for mitigation and compliance. And talking about compliance, the product will allow you to demonstrate it, thanks to its audit-proven reporting for HIPAA, PCI DSS, and SOX, among others. This tool also has file integrity monitoring and USB device monitoring, two features that are way above what we commonly see in log management systems.

Prices for the SolarWinds Log & Event Manager start at $4,585 for up to 30 monitored nodes. Licenses for up to 2500 nodes can be purchased making the product highly scalable. And if you want to verify hands-on that the product is right for you, a free, full-featured 30-day trial is available.

3. ipswitch Log Management Suite

The Log Management Suite is a tool from Ipswitch, the same company that brought us WhatsUp Gold, an immensely popular network monitoring tool. This is an automated tool which collects, stores, archives and saves system logs, Windows events, and W3C/IIC logs. Furthermore, its continuous log surveillance will alert you of any suspicious activity.

Ipswitch Log Management Suite

Frequently audited events such as access rights and file, folder and object privileges can be followed, generating alerts as needed and used to build compliance reports for HIPAA, SOX, FISMA, PCI, MiFID, or Basel II compliance. The tool can also help you transform your raw log data into meaningful data for managers or IT security teams, thanks to its automated filtering, correlating, reporting, and converting features.

Pricing information for the Log Management Suite is not readily available from Ipswitch. The product can be purchased either directly from the publisher or through Ipswitch’s reseller network. A free trial version is also available.

4. ManageEngine EventLog Analyzer

ManageEngine, another common name with network administrator, makes an excellent log management system called the ManageEngine EventLog Analyzer. The product will collect, manage, analyze, correlate, and search through the log data of over 700 sources using a combination or agentless and agent-based log collection as well as log import.

ManageEngine EventLog Analyzer

Speed is one of the ManageEngine EventLog Analyzer’s strength. It can processes log data at an impressive 25,000 logs/second and detect attacks in real time. It can also perform fast forensic analysis to reduce the impact of a breach. The system’s auditing capabilities extend to the network perimeter devices’ logs, user activities, server account changes, user accesses, and more, helping you meet security auditing needs.

The ManageEngine EventLog Analyzer is available in a feature-reduced free edition which only supports 5 log sources or in a premium edition which starts at $595 and varies according to the number of devices and applications. A free, full-featured 30-day trial version is also available.

5. Nagios Log Server

Nagios is best known for its excellent network monitoring software but its Log Server is possibly just as interesting. Aptly called the Nagios Log Server, it offers centralized log management, monitoring, and analysis. The Nagios Log Server simplifies the process of searching your log data. It also lets you set alerts to be notified of potential threats Furthermore, the software has high availability and fail-over built right in. Its easy source setup wizards will help you quickly configure servers to send all log data and start monitoring your logs in minutes.

Nagios Log Server Real-Time Data

The Nagios Log Server lets you easily correlate log events across all servers in just a few clicks. And it allows you to view log data in real-time, giving you the ability to analyze and solve problems as they occur. The product features impressive scalability and it will continue to meet your needs as your organization grows. Additional Nagios Log Server instances can be added to a monitoring cluster, allowing you to quickly add more power, speed, storage, and reliability.

The single-instance price for the Nagios Log Server is $3 995 and although a free trial doesn’t appear to be available, a free online demo is should you prefer to have a first-hand look at the product.

6. Alert Logic Log Manager

Alert Logic’s primary focus is security and compliance. And since log management is closely related to both, it’s no surprise that the company offer the Alert Logic Log Manager. This cloud-based tool offers automated and unified log management across all your environments. It will collect, aggregate, and search log data from the cloud, server, application, security, and network assets.

Alert Logic Log Manager

The Alert Logic Log Manager includes log monitoring and analysis as well as log review which is done live by human analyzers. Alert Logic’s experts will alert you of possible threat activity 365 days a year. The service will also help meet the log review requirements of SOC 2, HIPAA, and SOX and offload the burden of reviewing logs and following up on events, to comply with PCI/DSS 10.6, 10.6.1, 10.6.3

Pricing information for the Alert Logic Log Manager is not readily available from the web and you’ll need to contact Alert Logic sales to get a formal quote. A free trial is also not available but a free demo can be arranged by contacting Alert Logic.

7. LogDNA

Founded in 2015, LogDNA is the new kid on the block. The company claims that “LogDNA is the fastest, most intuitive, and cost-effective log management system”. It all starts with the installation which takes only a couple of minutes before you can start monitoring your logs. No matter how logs are generated and transmitted, hundreds of custom integration schemes are available to centralize logs into a single pane.

LogDNA Filters

LogDNA can be cloud-based or self-hosted, depending on your preference. It is highly scalable and can handle hundreds of thousands of logs per second and dozens of terabytes per customer, per day in total security with real-time log analysis. The company and its products are SOC2, PCI, and HIPAA compliant as well as Privacy Shield certified.

With its simple, pay-per-GB pricing model which eliminates contracts and fixed data buckets, the company has one of the lowest total cost of ownership. Several subscription plans are available with increasing features. The bottom-tier plan is free and paid plans vary from $1.50/GB/month to $3/GB/month depending on the retention duration and the number of users. A free, full-featured 14-day trial is also available.

8. Graylog

Last on our list is a product called Graylog. The product offers many interesting features. The tool will parse and enrich logs and event data from any data source. Its processing pipelines allow for some flexibility in routing, blacklisting, modifying and enriching messages in real-time. Graylog will search through terabytes of log data to discover and analyze important information. The powerful search syntax lets you find exactly what you are looking for.

Graylog Web Interface

With Graylog, you can create dashboards to visualize metrics and observe trends in one central location. You can use field statistics, quick values, and charts from the search results page to dive in for deeper analysis of your data. The system also has the option to trigger actions or issue notifications on events such as such as failed login attempts, exceptions or performance degradation.

Graylog is available either as a free and open-source, feature-limited version which also has limited support or as an enterprise version with extended features and unlimited support. A trial license can also be obtained by contacting Graylog sales.

Read 8 Best Log Management Software for Faster Troubleshooting by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter