NetCrunch by AdRem Software – REVIEW 2019

When it comes to monitoring networks, it seems like there are simply too many options to choose from. And while every vendor states that his product is better than its competitor’s for this and that reason, in the end, they are pretty much all the same. They all are different but the differences are usually in the minute details with most products essentially providing the same basic functionality.

The latest version of NetCrunch by AdRem Software is yet another network monitoring system. It has, however, some very interesting features and uncommon flexibility that set it apart from competing products. Keep reading to know more about this product, its features and what actually sets it apart from the rest of the crowd.

NetCrunch Nodes view

We’ll start off by having a look at what is required—or rather, expected—from a typical network monitoring tool. It will help us better understand how NetCrunch by AdRem Software can benefit you. We’ll then give you a quick introduction to the product, highlighting its best features. Our next order of business will be to discuss the product’s installation and initial setup, followed by a deeper look at the various types of monitoring that it offers. The software’s user interface and its alerting subsystem will then be discussed before we introduce its licensing and pricing structure.

About Monitoring Tools

We often compare network traffic to road traffic. This is actually a very good analogy and cars on a highway can be likened to packets on a network. But when it comes to monitoring, the analogy is not so great anymore. Whereas you can see highway traffic and easily spot when and if a problem happens somewhere, things are different on a network. Everything happens within cables or invisible radio carriers. In order to “see” network traffic, you need some special tool. This is where the network monitoring tool comes in handy.

At its base, a network monitoring tool will measure network traffic at various points on a network. To stick with the highway analogy, monitoring tools are the highway equivalent of these counting tubes you sometimes see stretched across a road. The latter counts passing cars while the former counts passing bits. Actually, monitoring tools don’t really count bits. It is the monitored devices that do the actual counting. Typical monitoring tools merely read the counters, compile the information and present it in a useful and meaningful way.

A tool like NetCrunch does way more than that, though. As we’re about to discover, there can be much more to network monitoring than simply reading traffic counters. Systems such as NetCrunch provide several types of monitoring and they allow you to keep a watchful eye on several important operational metrics of your network and the systems it comprises.

NetCrunch In A Nutshell

First and foremost, NetCrunch is a network monitoring system. It has, however, several features that set it apart from its competitors. AdRem Software claims it can monitor as many as a million metrics. This effectively means that the product scales up very well and will suit huge networks just as well as it will suit smaller ones. For optimal performance, the platform makes use of three databases. There’s a proprietary NoSQL database to store network performance metric history. There’s also an in-memory database which is used to store real-time statuses for quicker access, and there’s an embedded SQL database for storing alerts.

NetCrunch makes use of predefined monitoring packs which work by grouping common sets of performance monitors and alert conditions. In all, there are hundreds of these. They cover most types and brands of equipment. In addition to switches and routers from most major vendors, it will also monitor security devices from Cisco, Fortinet, Juniper and SonicWALL as well as NAS appliances from Buffalo, Netgear, Qnap and Synology. And if you need to monitor servers, there are even packs for Dell EMC iDRAC, Fujitsu iRMC, HP iLO and Lenovo IMM remote management controllers.

Customizability and flexibility are possibly the most unique characteristics of NetCrunch. Pretty much everything within the product can be customized. You can create live maps where you add widgets to show live data or status information. And with the console supporting multiple monitors, you’re not really limited in the size of your maps or the number widgets you add to them. Notification is another area that allows a lot of customization. The platform supports user profiles and groups and can even be integrated with Active Directory.

Installation And Discovery

The first step in using NetCrunch is installing it and setting it up and this is truly where the pleasure of using the product begins. The hardware requirements are relatively low. It will install on any 64 bit Windows server with at least two cores and 3.5 GB of RAM. The installation itself is easy and quick. When I say quick, I mean quick, really quick. We installed it on a Windows server, ran the discovery wizard and had a complete readout of our test network in about fifteen minutes. Granted our test network does not have thousands of components but it was still impressively fast. Furthermore, device identification was spot-on. The tool correctly identified all devices and systems including network devices, Windows servers and workstations, virtualization hosts, and even vintage Macintosh devices. And once the discovery was complete, monitoring started right away and alerted us that one system was running low on memory.

A Look At NetCrunch’s Monitoring Features

We’ve briefly touched the vast array of what can be monitored with NetCrunch. Let’s now have a more in-depth look at the various types of monitoring that are available and explain how each one works and what it can do for you. If you’re anything like me, you’ll be impressed at all that’s available.

SNMP Monitoring

SNMP stands for Simple Network Management Protocol. It is the most basic type of monitoring. The one that pretty much all monitoring tools use. One of the biggest advantages of using SNMP is that the client part or agent is built into most network-attached devices. All enterprise-class switches and routers—and even many home devices—support the protocol. Monitoring tools use it to read operational metrics from the devices they monitor as well as their interface counters. The use the data from these counters—which just count bytes in and out—to extrapolate the average bandwidth utilization of each interface.

NetCrunch has built-in support for all SNMP versions as well as support for SNMP version 3 traps. It can use SNMP to monitor routers, switches, printers, firewalls, sensors, and most SNMP-enabled devices. Using SNMP will let you monitor various metrics such as user activity, hardware utilization, network bandwidth, and more. The platform can use SNMP actively by reading performance counters, or passively by receiving SNMP Traps from networked devices. Thresholds can be set to notify administrators of potential issues.

Switch And Router Monitoring

When monitoring switches and routers, NetCrunch can monitor several aspects of their health, including the status of device interfaces and per-interface bandwidth usage. The tool will also display information about each switch port including VLANs, port status, and devices connected to each port. It will also discover and map physical layer 2 connections between switches and nodes and built topology maps. These physical maps can be automatically updated when new nodes are added or when connection changes are discovered. And if your network is made of Cisco devices, NetCrunch will also let you monitor Cisco IP SLA performance and operational parameters. This would, among others, enable you to monitor VOIP jitter.

Server And Operating System Monitoring

NetCrunch is not just a network device monitoring platform. It will also monitor your servers. Both physical and virtual servers are supported and, for virtual servers, their hosts’ operational metrics can also be monitored.

For Windows servers, there is not much that NetCrunch won’t monitor. It can monitor all performance counters, including, for example, disk counters. The actual list of what can be monitored largely depends on the specific system and its installed applications. You can, of course, set alert thresholds on performance counters using eight different types of trigger. The tool will also monitor Windows services and alert you if a required service stops running. Furthermore, NetCrunch can monitor applications running on servers. It can even monitor files and folders, potentially alerting you of a missing file or, if you prefer, of an unplanned change to any given file.


NetCrunch Server monitoring

But not all servers are running Windows. If your environment includes other operating systems, you’re covered just as well. On Linux, for instance, NetCrunch will track more than 100 performance counters to determine the health of servers running kernel 2.4 or newer. Administrators managing BSD, Solaris or Mac OS servers are covered as well with operating system-specific monitoring packs.

Another strength of NetCrunch is its monitoring of VMware ESX. The platform supports ESXi version 5.5, 6 and 6.5 and connects directly to the ESX servers, without the need for vSphere to be installed. It comes with pre-configured Automatic Monitoring Packs that make monitoring virtual hosts a breeze. The monitoring packs will allow you to easily monitor the hardware, the ESX software as well as the guest virtual machines running on your hosts.

Application Monitoring

Although not an application monitoring platform, NetCrunch comes bundled with a ton of application-specific monitoring packs. One such pack, for example, will monitor most virus protection packages and ensure they are running in good order. Other packs are available to monitor most server-based Microsoft applications. You have, for example, packs for Exchange, IIS, ISA, MS Project, MS SQL, and SharePoint.

The software will also monitor major applications from various third-party vendors. For example, monitoring packs are available for ARCserve, Avaya Modular Messaging Server, Blackberry Enterprise Service, CiscoWorks, Citrix Xen App server, Lotus Domino server, Oracle and Squid, just to name a few.

Traffic Monitoring

NetCrunch supports flow analysis for traffic monitoring. Flow analysis is a type of monitoring which relies on the monitored network devices to capture data about the various data flows they transport and send the, to an external analyzer and collector. It includes a NetFlow collection and analysis module which is able to process flow data from a range of network devices using all popular flow analysis protocols such as NetFlow (v5 and v9), IPFix, sFlow, JFlow, netStream, cFlow, AppFlow, and rFlow.

NetCrunch Flow dashboard

NetCrunch integrates flow data within its monitoring database, ensuring that traffic is measured properly per device instead of per IP address, letting you analyze traffic using various criteria. Furthermore, it also allows you to create custom application definitions and it supports Cisco NBAR technology for application monitoring. NetCrunch collects performance trends on summary traffic data as well as specific node data, letting you create reports or set alerting thresholds on these parameters.

Remote Probes

One of the newest features of NetCruch is the possibility to use remote probes. Remote probes can be installed in external locations to extend the monitoring capabilities of the platform. They can be thought of as satellite instances of the product under centralized control. This is a brand-new feature of version 10.6 and it permits the monitoring of remote resources using any of the available sensors including not only SNMP but also WMI, SQL and several more. And to make things even better, remote probes also support network discovery.

NetCrunch remote probes are perfect for remote locations where no network administration staff is present. Alerts can be set on the remote probe node and a notification can be issued if and when the probe connection goes down. So, not only will it monitor remote locations, but it will also notify you if it ever stops working for whatever reason. Talk about robustness.

Log Monitoring

Log collecting monitoring systems are rarely built into monitoring tools. This is different with NetCrunch which includes that functionality. The tool offers many predefined event log views and it lets you create custom ones using an intuitive query builder. The created views can then be saved and used for any node group. And for each event in the event log, this product offers a details view containing all alert details and parameters. For instance, if an alert was triggered on a performance counter value, the tool will display a chart showing metric values at the time of the alert.

The NetCrunch file sensor is used to monitor text log files which it can fetch through FTP/s or HTTP/s, Windows/SMB and SSH/Bash. This sensor can even process logs remotely without having to download them. The product come built-in with parsers for common log formats and it allows you to write own parsing expressions using various methods such as regexp, Javascript, for example.

Wait! There More!

So far, we’ve covered a lot of what NetCrunch can monitor but, even if we’re going to look like an infomercial, there’s way more than what we’ve mentioned. In fact, there is so much monitoring power packed into this tool that it’s simply impossible to cover it all in detail.

For instance, NetCrunch can be used to monitor Apache web servers. Its Apache sensor will let you monitor various performance metrics. There’s also an advanced web page sensor which can load and render dynamic web pages containing Javascript as if a browser loaded them. It even allows you to check pages requiring a login while supporting both standard HTML or custom login forms.

For even greater flexibility, NetCrunch can read data using multiple protocols such as FTP/S, HTTP/S, SSH/Bash, SFTP, or Windows/SMB. It supports various formats including JSON and XML and also allows creating custom data parsers for specific data.

NetCrunch’s User Interface

It’s one thing to collect data but what good is it if you don’t make it available. The user interface is another place where NetCrunch really shines. The main element of the NetCrunch console is called the Atlas and it presents a highly customizable, colour-coded overview of all monitored devices. It lets you see at a glance which devices have issues or which ones are down and automatically presents you with views based on the content selected in the left pane. The “Smart Pages” functionality takes this to the next level. The Atlas and the console offer full search facilities, making it easy to find a device of interest.

NetCrunch Network Atlas

To make things even more interesting, custom pages can be easily created and selecting a network segment in the left pane will bring up a Layer 2 map with real-time views of network traffic passing between each node. This is one of the monitoring tools that makes the best use of the visual presentation.

Alerting in NetCrunch

OK, now we have a tool that can monitor just about anything computer-related. We also have a tool that can display various monitored parameters in highly customizable ways. There’s only one problem left. You probably don’t want to have someone sit at the tool’s console twenty-four hours a day just in case it detects something odd worth closer inspection. This is where alerting comes in. Most monitoring tools do include some form of alerting but NetCrunch brings it one step—or should I say one leap—further. It has one of the most flexible and configurable alerting systems.

NetCrunch supports both internal and external alerts. Internal ones are triggered whenever a monitored parameter reaches or exceeds a given threshold. As for external alerts, they are received from external sources such as SNMP traps, syslog or Windows events. The tool even supports conditional alerting that can, for example, only notify you when a combination of alerts is raised or when an alert has been raised a certain number of times within a time frame. Several more conditions are available making this a very flexible tool.

NetCrunch Pending Alerts

Alerts in NetCrunch trigger actions. As a response to an alert, this tool can execute a sequence of actions. You can choose between a number of actions such as notification, logging, control actions and remote script execution. Notifications can be controlled by user profiles and groups, and they can be combined with a node group membership, making it possible to send notifications to different groups based on network node location or some other relationship.

Actions in NetCrunch can be executed immediately or after a specified delay. For example, you could configure the tool to send a notification to some person and then, after some time, execute a server restart operation. Alternatively, you could opt to send the next notification to a different person. This all makes for one of the most flexible systems.

Licensing And Pricing

NetCrunch is available in several flavours with increasing functionality. The most basic level is the NetCrunch for SNMP Devices. It includes SNMP monitoring with SNMPv3 support, SNMP traps, a MIB compiler, and the monitoring more than 70 network services. It full-featured and has dashboards, graphical maps, and event database.

The next level is NetCrunch for Network Infrastructure. It is also primarily based on SNMP monitoring and it contains all the SNMP features and adds layer 2 mapping and monitoring, VLAN support and flow analysis with Cisco NBAR2 support.

Next up is NetCrunch Performance Monitor, a comprehensive package for monitoring anything on your network. It supports SNMP devices, logs, servers, operating system, VMware, WMI, IPMI, Web, Cloud, and other applications.

At the top is the NetCrunch Monitoring Suite. This is a complete all-in-one package with all advanced features necessary for managing a high number of monitored elements. It is the most scalable NetCrunch option with the ability to manage thousands of nodes and metrics.

NetCrunch is licensed per-node or per-interface, depending on which of the two numbers is greater, and all purchases come with 1 Year upgrade subscription, maintenance, and support. Prices are not readily available but can easily be obtained from AdRem Software by requesting a quote. If you want to give the tool a try before purchasing it, a 30-day trial version can be downloaded from AdRem’s website.

Final Words

What more can be said about NetCrunch by AdRem Software? We’re dealing with one of the most complete all-in-one monitoring solutions you can find. It will support most—if not all—your networked devices and provide you with the peace of mind of knowing that no event or issue will go unnoticed. A large number of customization options can make setting up the tool a bit more involved than some other competing tools but this is highly compensated by the uncommon flexibility built right into the platform.

Read NetCrunch by AdRem Software – REVIEW 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

ManageEngine OpManager Review and Rating for 2019

We’re having an in-depth look at ManageEngine OpManager, an infrastructure monitoring and management platform. In a nutshell, this is a great all-in-one tool which can cover various IT management tasks such as infrastructure management, network monitoring and even Application Performance Management (APM) using the appropriate plugin.

It is often said that knowledge is power and when it comes to managing networks, this is possibly truer than anywhere else. Knowing what is happening on the network should be an administrator’s top priority and using the right tools is the key to success. ManageEngine—which is part of Zoho Corporation, an Indian software development company specializing in SaaS—offers a wide range of tools aimed at managing and monitoring your IT environment, including hardware, software and physical as well as virtual resources.

We’ll begin our exploration of this great tool by having a brief look at its most common and useful features. We’ll then have a look at the product’s installation. As you’ll soon discover, this is where a lot of the tool’s strength lies. We’ll follow by having a look at the OpManager’s user interface. We’ll see how its customizable dashboards let you adapt the interface to your needs. Then, we’re going to discuss the product’s plugin structure as well as its alerting and reporting capabilities which, like the rest of the product, are quite comprehensive. Before we conclude, we’ll explore the pros and cons of the ManageEngine OpManager as reported by its users before we explore the product’s pricing structure—which, by the way, is relatively straightforward and quite affordable.

The ManageEngine OpManager In A Nutshell

The ManageEngine OpManager offers comprehensive network management and monitoring capabilities. It can help you keep a watchful eye on network performance, it will help detect network faults in real time, assist in troubleshooting errors, and it can even prevent downtime by alerting you before the situation gets too problematic. This tool supports most environments from multiple vendors and can scale to fit your network, regardless of its size. It will let you monitor your devices and network and gain complete visibility and control over your entire network infrastructure. Installation and setup of this product are both quick and easy. You can get it running in under two minutes. It requires no complex installation procedures and comes bundled with databases and web servers.

The ManageEngine OpManager constantly displays your network’s performance in real time via its live dashboards and graphs. It monitors several critical operational metrics such as packet loss, errors and discards, etc. It will also evaluate performance metrics such as availability, CPU, disk space, and memory utilization across both physical and virtual servers. The tool will help you detect, identify, and troubleshoot network issues, thanks in part to its threshold-based alerts. It allows one to easily set multiple thresholds for every performance metric and get individual notifications for each threshold. But alerting is definitely not all there is to this tool. Reporting is just is another area where this tool shines. Its smart reports will give you detailed insights on your network’s performance and that of its various components. There are more than 100 built-in reports and you can customize, schedule and export these out-of-the-box reports as needed.

Installation-wise, ManageEngine claims the tool can be installed in less than two minutes. Once installed, it will automatically discover your devices without requiring any manual configuration steps. Furthermore, the system boasts a very intuitive and highly customizable graphical user interface where you’ll easily find all the information you may need about your network. Reports-wise, there is a full complement of excellent pre-built reports. That’s not all, though. You can also create custom reports that better suit your needs. Finally, the product’s alerting features are just as good as its other components.

Product Installation

The ManageEngine OpManager can be installed on either a Windows or a Linux server. Furthermore, it can be installed as easily on a physical machine as on a virtual one. No matter what your environment is made of, chances are you’ve got what’s needed. By default, the installation process will take care of installing a PostgreSQL database for the system’s usage. Alternatively, you can opt to use an existing SQL server of your choice, a useful option if you already have such servers.

A nice installation-related feature of the product is how ManageEngine includes batch files to assist you with hardware configuration. Let me explain with an example: There’s a sFlowEnable.bat file that you can run on an HP ProCurve switch to enable sFlow management and monitoring on the device. This makes the process much easier than having to look up commands in that documentation and enter them one by one.

At its core, the ManageEngine OpManager uses SNMP, WMI, and CLI for device monitoring and management. Other technologies can also be used and are available as additional plugins. Back to SNMP, the product has an auto-discovery feature that will scan your network for manageable devices and automatically add them to the tool and start monitoring them. It goes beyond that, though, and it will also find non-manageable devices and add them to the system’s dashboard and monitor their up or down status. Any device that responds to ping requests will be added by default. The only input the system needs from the user during the discovery process is the IP address range(s) to scan. The rest is all automated and it works rather well.

You can also use the platform to monitor services running on devices. You do that by selecting service monitors from a list of what is available on each specific device. What services can be monitored varies by device, as you would have imagined.

The Tool’s User Interface

The ManageEngine OpManager’s dashboard is one of the product’s best asset. It is both easy to use and highly configurable. It really has all the components needed to make it a pleasure to use. The default dashboard is loaded with widgets of all sorts. Some of them are there as a sample and they contain sample data. Their purpose is to give you an idea of what’s available. Of course, widgets can be added, removed, and rearranged at will. The dashboards use an intuitive drag and drop interface. You won’t have to read the documentation in order to learn how to get the most of them. Most of what is displayed on the dashboard can be clicked to reveal details about each object’s operation. Again, this is a very nice and highly intuitive feature.

The ManageEngine OpManager is not only a network monitoring tool. It will support most network-attached devices. Virtualization is, for example, another place where it really shines. It has built-in support for Cisco UCS, Citrix XenServer, Microsoft Hyper-V, and VMware vCenter. Virtual machine status is conveniently presented along with key information about its virtualization host. Alerts related to virtualization appear on the main dashboard to notify an administrator of any problems.

Let’s head back to network monitoring. After all, this is usually the primary use of these kinds of tools. Well, here again, using OpManager is a real pleasure. Every useful information about your network is neatly presented, right there on the dashboard. You can easily see the top bandwidth hogs down to the port level and then click through to see detailed port usage information on a secondary page.

Extending The Tool’s Functionality

Out of the box, the ManageEngine OpManager is a great platform. It’s even greater when you consider that it can be expanded through the use of installable add-ons and plugins. We’ve previously mentioned the NetFlow Analyzer add-on which gives you the ability to utilize flow information from any NetFlow-enabled device. NetFlow is a proprietary technology from Cisco which is available on most of the networking giant’s devices. It is also licensed to other manufacturers and a handful of vendors have developed their own flavour of NetFlow that the plugin will also support. There even an IETF standard version called IPFIX, also supported.

Another popular network-related add-on is the Network Configuration Management (NCM) module. It can be used to maintain, backup, restore, compare, and audit your networking devices configurations. This add-on can not only provide peace of mind but it can also come in very handy when it comes to demonstrating configuration compliance to various regulatory frameworks such as SOX or PCI-DSS.

Also popular is the IP Address Management (IPAM) plugin. This one, as its name implies can help you manage your devices IP addresses by not only keeping a database if IP address to device correspondences but also by integrating with your DNS and DHCP infrastructure, making it a seamless tool.

Last but not least to make an impression, is the Firewall Analyzer add-on. It provides a wide range of reports for external threat monitoring, change management and regulatory compliance, and supports an extensive array of perimeter security device logs which include firewalls, VPNs, IDS/IPS and proxy servers.

Alerting And Reporting

What good is a monitoring tool that just sits there and does nothing else? This is not the case with the ManageEngine OpManager. The product comes with what is referred to as threshold-based alerts. You are able to easily set multiple thresholds for every performance metric and get notifications whenever a threshold is reached. Overall, this alerting scheme is both flexible and efficient and it’s actually easier to use than our description lets it appear.

While alerting is important, reporting is just as much and this is another area where this tool shines. Intelligent reports will let you get detailed insights on network performance. There are more than 100 built-in reporting profiles. You can customize, schedule and export these out-of-the-box reports as needed. Once run, reports can be automatically emailed in either PDF or Microsoft Excel format. You’re not limited to built-in reports, though. Custom ones based on a wide range of monitored parameters can be quickly created right from the tool’s main page. The reporting capabilities of the ManageEngine OpManager are among the very best on the market.

Pros And Cons Of The ManageEngine OpManager

Since you don’t necessarily have to take our word for it, we’ve searched the web for user comments about the ManageEngine OpManager. We’ve compiled this list of some of the most important pros and cons as reported by OpManager users.


  • The most common comment about the ManageEngine OpManager is how easy it is to use while still providing a vast amount of data out of the default dashboards and graphs that they comprise.
  • We’ve also found several excellent comments about the vendor’s exceptional customer service. Although you won’t likely ever have to use it, It is reassuring to know that you’ll readily have access to some excellent support should you ever have a need for it.
  • Tons of praise about how the tool’s automation and its notification engine go hand-in-hand to keep administrators constantly aware of the state of their network


  • We’ve indicated how alerts could be created for most monitored parameters. This also means that, unfortunately, not all of them are available for creating specialized alerts. This could, at times, become a limiting factor.
  • Some users have complained about a lack of integration with the MIB library which could cause issues down the line if you require more information than what the basic SNMP OIDs provide.
  • Users of past versions complained that the latest version of the GUI was making it harder than before to find certain functions which had been relocated. This, however, shouldn’t be a problem if you’ve never used the product before.

Pricing Structure

The pricing structure for the ManageEngine OpManager is somewhat complex. It is available in several editions with an increasingly complete feature set and capacity. The Standard edition has the smallest feature set and can monitor up to a thousand devices. Prices vary according to the number of devices and start at $245. This version won’t support virtual infrastructure monitoring or application server monitoring.

For the full functionality, you need to use the Professional edition. It does include several more features and raises but still has the same 1000-device limitation. It will also keep the data for sixty days as opposed to only seven for the lower edition. It is only slightly more expensive than the Standard edition with prices starting at $345.

For larger organizations, an Enterprise edition is also available. Feature-wise, it is identical to the Professional editions. The main differences are that this version and scale up to ten thousand monitored devices and it will keep data for 180 days. It is, of course, the most expensive version with prices starting at $11,545.

A free edition limited to monitoring up to 3 devices can also be obtained. Feature-wise, it is identical to the Standard edition. This is barely enough for even just testing the product. Fortunately, all three editions can be downloaded as a thirty-day free trial from ManageEngine. This will let you run the product in your environment and thoroughly evaluate what it can do for you. And if you don’t fancy going through the product’s installation and initial configuration and still want to see it at work, a demo can be arranged with the vendor.

In Summary

With a very complete feature set, an easy-to-use user interface, a complete set of reports, and a top-notch alerting subsystem, a lot of good can be said of the ManageEngine OpManager. Is it the best available monitoring platform? This is, more than anything, a matter of personal taste and it has more to do with how the product fits your specific needs.

Considering the product’s broad feature set, it is more than likely a great fit for most network administrator’s need and it is right up there with all the other great monitoring tools. Given the fact that a free trial is available, perhaps your best bet would be to take advantage of it and see for yourself how it can be of use in your specific situation. Apart from a few hours of setup and configuration time, what have you got to lose? And chances are you won’t regret giving it a try.

Read ManageEngine OpManager Review and Rating for 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Top 7 Network Performance Testing Tools

Whenever you suspect something wrong with the performance of a network, your best course of action is to run some tests to confirm that there is indeed an issue and also to help you locate it and, eventually, fix it. There are many network performance testing tools available. So many that picking the one that is the best fit for your specific need can turn out to be a hefty challenge. Luckily, we’ve done some of the hard work for you and we’ve compiled a list of some of the best network performance testing tools and we’re about to review them, highlighting each product’s core features.

Before we begin, we’ll briefly discuss network performance in general. We’ll do our best to describe what it is. As you’ll see, it is, more than anything, a matter of perception. The factors affecting our perception of a network’s performance is going to be our next order of business. Next, we’ll discuss network performance testing, how it’s done and what it entails. We’ll also insist on the distinction between network performance testing and network performance monitoring, two related but different concepts. And once we’re all on the same page, we’ll proceed with reviewing the best network performance monitoring tools.

About Network Performance

As eloquently defined in once sentence on Wikipedia, “network performance refers to measures of service quality of a network as seen by the customer”. There are three essential elements to that definition. The first is the measures part. It established clearly that network performance is something one has to measure. The next important bit is the service quality of a network. Service quality is a generic concept but, as you’ll see, a few specific metrics are associated with it. The last important part is the customer. We’re not interested in network performance as a theoretical thing. What we need to measure is the true user experience.

Several different factors affect perceived network performance and are generally considered important. The first two are bandwidth and throughput but there is often some confusion between these two terms. Bandwidth refers to the carrying capacity of a network. As an analogy, think of it as the number of lanes in a highway. Throughput, on the other hand, refers to the actual usage of the available bandwidth. To keep our previous analogy, a four-lane highway has a bandwidth of 4 000 vehicles per hour but its current throughput could be only 400 vehicles per hours or 10% of its capacity.

Latency, delay, and jitter are more factor affecting the perceived performance of networks. Latency refers to the time data takes to travel from source to destination. It is mainly a function of the signal’s travel time and processing time at any nodes it traverses. It is a physical limitation that cannot be reduced. Delay, on the other hand, can sometimes be improved. It has to do with the time it takes for networking equipment to process, queue, and forward data. Faster, more powerful equipment will generally add less delay to the transmission. As for jitter, it refers to the variation in packet delay at the receiving end of the conversation. Real-time or near-real-time traffic is particularly affected by it as it can cause data packets to arrive out of sequence. In the case of voice over IP, for example, this could result in unintelligible speech.

Many other factors can also affect network performance. The error rate is one of them. It refers to the number of corrupted bits expressed as a percentage or fraction of the total sent.

Testing Network Performance

How does one go about measuring performance from a tue user’s perspective? Well, there is, of course, the possibility of having real users running tests but this can tend to be rather impractical. The next best thing is using a network performance testing system that uses probes deployed at strategic location throughout your network and that can run actual simulation tests between each other to measure true performance using specific types of traffic. This, however, can also tend to be impractical as it requires some preliminary setup. It won’t be of much assistance to help troubleshoot a sudden issue.

In these cases, what you need is a quick and dirty solution. A simple application that you can quickly deploy or install at either end of the segment you need to test and that will let you manually configure and run simulation tests.

Testing vs Monitoring

Another important distinction to be made is the one between performance monitoring and performance testing. These are two similar concepts but there are a few differences. The basic idea is the same: simulating real user traffic and measuring the actual performance of the network. Where it differs is in how and when it is done. Monitoring systems run constantly and perform recurring tests between preconfigured locations and using predefined simulation models. A dashboard will typically be available to display the latest test results and reports can often be generated for various purposes.

Testing is different in that it is typically an ad-hoc process that is run manually whenever a problem is reported or suspected. Tests are also typically run between two specific points on the network where one suspects a problem is. The test will often help identify and pinpoint the problem.

The Best Network Performance Testing Tools

We’ve searched the market for some of the best network performance testing tools. Here’s the result of our efforts. We hope it will help you pick the best tool for your specific needs. If your looking for performance monitoring tools, this is not what this post is about and we suggest you read some of our other posts on the subject. For now, let’s have a look at the features of the best tools we could find.

1. SolarWinds WAN Killer (Part Of The Engineer’s Toolset)

SolarWinds is a common name in the field of network administration. The company is famous for making some of the best network administration tools on the market. Its flagship product, the Network Performance Monitor is generally recognized as one of the best network bandwidth monitoring tools available. And as if it wasn’t enough, SolarWinds has also gifted us with several free tools, each addressing a specific need of network administrators. Such tools include the famous SolarWinds TFTP Server and the Advanced Subnet Calculator.

Although it’s not a network performance testing tool per se, the WAN Killer Network Traffic Generator can be very useful in combination with other tools. Its sole purpose is generating network traffic. It allows administrators to use other performance testing tools for testing performance under high traffic situations, something that not many tools do by themselves.

The tool, which is part of the SolarWinds Engineer’s Toolset, will let you easily set the IP address and hostname you want to send the random traffic to. It will also let you specify parameters such as port numbers, packet size, and percentage of bandwidth to use. It can even let you modify the Differentiated Services Code Point (DSCP) and Explicit Congest Notification (ECN) settings.

SolarWinds WAN Killer Screenshot

This tool’s primary use is for tasks such as testing traffic prioritization and load balancing. You can also use it to make sure that your network is correctly set up and that huge amounts of unimportant traffic—as generated by this tool—won’t have adverse effect critical traffic. The level of fine-tuning the tool allows will let you simulate almost any type of situation.

The SolarWinds WAN Killer Network Traffic Generator is part of the Engineer’s Toolset, a bundle of over 60 different tools. The toolset includes a mix of the most important free tools from SolarWinds combined with many exclusive tools that you won’t find elsewhere. And most of the included tools are integrated into a common dashboard from where they can be easily accessed.

The SolarWinds Engineer’s Toolset (including the WAN Killer Network Traffic Generator) sells for $1 495 per desktop installation. You’ll need one license for each user of the tool. But considering all the included tools, this is a very reasonable price. If you want to give the toolset a test-run, a 14-day trial version can be obtained from the SolarWinds website.

Other Components Of The SolarWinds Engineer’s Toolset

The SolarWinds Engineer’s Toolset includes several dedicated troubleshooting tools. Tools like Ping Sweep, DNS Analyzer and TraceRoute can be used to perform network diagnostics and help resolve complex network issues quickly. For the security-oriented administrators, some of the toolset’s tools can be used to simulate attacks and help identify vulnerabilities.

SolarWinds Engineer's Toolset - Home Screen

The toolset also features some excellent monitoring and alerting capabilities. Some of its tools will monitor your devices and raise alerts for availability or health issues. And finally, you can use some of the included tools for configuration management and log consolidation.

Here’s a list of some of the other tools you’ll find in the SolarWinds Engineer’s Toolset:

  • Port Scanner
  • Switch Port Mapper
  • SNMP sweep
  • IP Network Browser
  • MAC Address Discovery
  • Ping Sweep
  • Response Time Monitor
  • CPU Monitor
  • Memory Monitor
  • Interface Monitor
  • TraceRoute
  • Router Password Decryption
  • SNMP Brute Force Attack
  • SNMP Dictionary Attack
  • Config Compare, Downloader, Uploader, and Editor
  • SNMP trap editor and SNMP trap receiver
  • Subnet Calculator
  • DHCP Scope Monitor
  • DNS Structure Analyzer
  • DNS Audit
  • IP Address Management

With so many tools included in the SolarWinds Engineer’s Toolset, your best bet is most likely to give it a try and see for yourself what it can do for you. And with a free 14-day trial available, there is really no reason not to try it.

2. LAN Speed Test

LAN Speed Test from TotuSoft is a simple but powerful tool for measuring file transfer, hard drive, USB Drive, and network speeds. All you need to do is pick a destination on the server where you want to test the WAN connection. The tool will then build a file in memory and transfer it both ways while measuring the time it takes. It then does all the calculations for you and gives you an evaluation of the transfer’s performance.

LAN Speed Test Screenshot

You can also choose a computer running the LAN Speed Test Server instead of a shared folder as a destination. This effectively takes disk access component out of the equation, giving you a true measure of the network’s performance. The tool is initially set up in its Lite, feature-limited version. To access the advanced features of the standard version, you must purchase a license which is available for only ten dollars, with quantity discounts available. The tool is portable and will run on any Windows version since Windows 2000.

3. LAN Bench

Despite the fact that its developer’s site no longer exists, LAN Bench from Zack Saw is still readily available for download from several software download websites. It is a free and portable TCP network benchmarking utility. The tool is based on Winsock 2.2, a rather old framework but one with minimal CPU usage. That way, you can be reasonably sure that poor CPU performance won’t come and pollute your network performance test results. All the tool does is test the network performance between two computers but what it does, it does well.

LANBench Screenshot

You’ll need to run LAN Bench on two computers, at either end of the network segment you want to test. One instance runs as the server and the other one is the client. The server-side requires no configuration. All you need to do is click the Listen button. The tool’s testing configuration is all done on the client side, before starting the test. You will need to specify the server’s IP address and you can adjust several testing parameters such as the total duration of the test, the packet size used for testing, as well as the connection and transfer mode.

4. NetIO & NetIO-GUI

NetIO-GUI is actually a free front end for the multi-platform command line utility NetIO. Together, they form a very potent performance testing tool. It can be used to measures ICMP response times as well as network transfer speeds for different packet sizes and protocols. All the results are stored in an SQLite database and can easily be compared. This Windows tool is available either as an installable software or as a portable tool.

NetIO-GUI Screenshot

In order to run tests, you need two instances of the tool, one at either end. One side will run in client mode while the other will run in server mode. Using it is rather simple, once you have it running at both ends, you click the start button on the server (typically running at the far end) and, on the client, you simply enter the server’s IP address and pick the protocol (TCP or UDP) that you want to use to run the test. You start the test and let NetIO test the connectivity using various packet sizes before it returns the test results.

5. NetStress

Initially created as an internal tool by Nuts About Nets, NetStress has since started being offered to the public. It is yet another free and simple network benchmarking tool. Like most other similar products, you’ll have to run the tool on two computers at either end of the network that you need to test. It is somewhat easier to use than other tools because it can automatically find the receiver IP address.

NetStress Screenshot

Running a test with NetStress is very simple, although some might not find it self-explanatory. What you need to do is click on the next to Remote Received IP. You then select the IP address that is listed in the window and click OK. Doing that will enable the Start button. Once enabled, you simply click it and the tool starts testing and measuring the TCP and UDP throughput. An interesting option found in this tool the ability to modify the MTU size used for testing. Despite some quirks such as the inability to resize its full-screen window, NetStress is a pretty good tool.

6. Aida32

Aida32 is officially a discontinued product that has been replaced by Aida64 but this older version still very popular and easy to find. Aida is a hardware information and benchmarking tool that can perform many different tests. The reason this specific—and older—version has made it to our list is because it includes an excellent Network Benchmark tool which is no longer available in recent versions. Using the plugin is easy and it can be started from the tool’s Plugin Menu

Aida32 Screenshot

Aida32 tool is not very different in its operation from most others on this list and you’ll need to run it at both ends of the path you want to test. On one of the computers, you need to select Master from the drop-down list that you’ll find at the bottom of the tool’s window. You then go to the Bandwidth tab and click the Start button. On the other computer, you select Slave instead of Master and enter the IP address of the master. Just like you did on the master, you go to the Bandwidth tab and click Start. Once the test completes, the Save button can be used to conveniently save the bandwidth chart in bitmap format.

7. PerformanceTest

PassMark’s PerformanceTest is a complete PC performance benchmarking software. It made it to our list because it features a pretty decent advanced network testing tool that one can use to run network performance tests. The too can run tests on both IPv4 and IPv6 networks. Furthermore, it will let users set the data block size used for testing. It will also allow you to enable UDP bandwidth throttling if you so desire. The network module is well-hidden within the PerformanceTest application. You can access it by clicking advanced and then Network from the tool’s menu bar.

PassMark Advanced Network Test

This is a limited tool where the results are shown in the status area and display the amount of data sent to the server, the CPU load, and the average, minimum, and maximum transfer speeds. While this is not much, it should be enough to determine the consistency of the network’s performance. PerformanceTest is a paid shareware but can be used for free without any limitations for up to 30 days.

Read Top 7 Network Performance Testing Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Our Top 10 Linux Network Performance Tools

Every single network administrator wants to ensure that the performance of whatever they manage is optimal. It’s a simple matter of keeping the users happy. After all, they tend to be the first to notice even the slightest performance degradation. So, if you want to be able to respond to any performance complaint that you’re aware of it and working at fixing it, you need some performance tools. If you work in a Linux shop, this post is for you. We’re about to review some of the best Linux network performance tools.

Our Top 10 Linux Network Performance Tools

We’ll start off by briefly discussing network performance monitoring. Our goal is not to make you a subject matter experts but rather to ensure that we are all on the same page as we explore the different tools which are available. We’ll then jump right into the core of the matter end introduce some ten different Linux tools you can use to monitor, manage, and troubleshoot the performance of your network.

About Network Performance Monitoring And Testing

The thing with network performance monitoring and testing is that it seems like everyone has his own idea of what that means. For instance, we’re often seeing network bandwidth monitoring tools being referred to as performance monitoring. The same is true of traffic analysis tool or packet sniffers. This raises the following question: What is network performance monitoring and testing?

For the purpose of this post, let’s just leave that debate aside and accept that network performance monitoring tools are simply any tool that can be used to measure, assess, troubleshoot, or improve network performance. By using such an all-encompassing definition, we’ll be able to bring you the best assortment of tools and leave it up to you to pick those that can help you with your specific situation or issue.

The Best Network Performance Tools For Linux

So, we’ve compiled this list of some of the most-used Linux tools that can be used to test or monitor various metrics associated with network performance. They are available under most Linux distributions. Each one is useful to monitor and find the actual causes of performance issues. Among all the suggestions below, one is almost certain to fit your specific need.

1. Tcpdump

Tcpdump is the original packet sniffer. It is a tool that is used to dump—hence its name—the content of all the network traffic to the standard output. Through the magic of redirection and pipes, its output can, of course, be directed to any file or even to another process. Since its initial release, the tool went through some improvements and bug fixes but it remains essentially unchanged. It is available on virtually every Linux distribution and it has become the de-facto standard for a quick tool to capture packets. Tcpdump uses the libpcap library for the actual packet capture.

One of the drawbacks of a tool such as tcpdump is that it can collect a huge amount of data. So much so that it could be impossible to find exactly what one is looking for. Fortunately, one of the key’s to the tool’s strength and usefulness is the possibility to apply filters that will let you specify precisely what traffic to capture. You can also pipe the command’s output to grep—another common command-line utility—for further filtering. Someone mastering tcpdump, grep and the command shell can get it to capture precisely the right traffic for any debugging task.

Here’s an example of using tcpdump:

# tcpdump -i eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

22:08:59.617628 IP > P 2532133365:2532133481(116) ack 3561562349 win 9648

22:09:07.653466 IP > P 116:232(116) ack 1 win 9648

22:08:59.617916 IP > . ack 116 win 64347

You’ll certainly agree that such an output can be a bit cryptic. This is where a true network protocol analyzer can come in handy.

2. Wireshark

You can think of Wireshark as tcpdump on steroids but, in fact, it is much more than that. The reference in packet sniffers, it has become the de-facto standard and most other tools try to emulate it. This does way more than tcpdump, though. It will not only capture traffic. It is a network traffic analyzer as much as it is a packet capture tool. It’s so powerful than many administrators use other tools—such as tcpdump—to capture traffic to a file then load it into Wireshark for analysis. In fact, it is such a common way of using Wireshark that upon startup, you’re prompted to either open an existing capture file or start capturing traffic. Another strength of Wireshark is all the filters it incorporates which allow you to zero in on precisely the data you’re interested in.

Wireshark Screenshot

Wireshark has a steep learning curve but it is well worth learning. It will prove invaluable time and time again. And once you’ve learned it, you’ll be able to use it everywhere as it has been ported to almost every operating system. And to make it even better, it is open-source and available for free.

3. Netstat

One of the problems with troubleshooting TCP/IP connectivity issues comes from the huge number of connections and services typically running on any system. Netstat can be used to help identify the status of each connection and which process is servicing each one, helping you narrow down the search. Netstat, which is available on every Linux distribution, can quickly provide details about client services and TCP/IP communications. In its most basic form, the command displays all active connections on the local computer, both incoming an outgoing.

Netstat can also display listening ports on the computer where it’s run. In fact, the command accepts many options. However, the available options differ between platforms and some options work differently on different platforms. For instance, the -b option on Windows would display the name of the executable associated with each connection—the process servicing the connection—whereas, on Mac OS X or BSD, it is used in conjunction with -i to display statistics in bytes rather than bits. The best way to learn about all the available parameter of your specific version on Netstat is to run it with the -? option to display the tool’s help screen. On Linux, you can also display the Netstat man page to get basically the same information.

Here’s how a typical netstat command and its output look like:

# netstat -a | more

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:mysql *:* LISTEN

tcp 0 0 *:sunrpc *:* LISTEN

tcp 0 0 *:realm-rusd *:* LISTEN

tcp 0 0 *:ftp *:* LISTEN

tcp 0 0 localhost.localdomain:ipp *:* LISTEN

tcp 0 0 localhost.localdomain:smtp *:* LISTEN

tcp 0 0 localhost.localdomain:smtp localhost.localdomain:42709 TIME_WAIT

tcp 0 0 localhost.localdomain:smtp localhost.localdomain:42710 TIME_WAIT

tcp 0 0 *:http *:* LISTEN

tcp 0 0 *:ssh *:* LISTEN

tcp 0 0 *:https *:* LISTEN

4. IPTraf

IPTraf is a console-based network statistics utility for Linux. You can use the tool to gather a variety of information such as TCP connections packet and byte counts, interface statistics and activity indicators, TCP or UDP traffic breakdowns, and LAN station packet and byte counts. It features an IP traffic monitor that shows information about the IP traffic on your network, including TCP flag information, packet and byte counts, ICMP details, and OSPF packet types. With the most recent version dating back to 2005, it is somewhat of a dated tool yet it can provide a lot of useful information if you care to learn how to use it.

IPTraf Screenshot

Other features of IPTraf include general and detailed interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity, packet size counts. It also boasts a TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports. Furthermore, a built-in LAN statistics module discovers active hosts and shows statistics showing their data activity. Finally, the tool also has TCP, UDP, and other protocol display filters, allowing you to view only the traffic you’re interested in.

The tool which sports a full-screen, menu-driven operation, will handle most types of network interfaces and it uses the built-in raw socket interface of the Linux kernel. This allows it to be used over a wide range of supported network cards.

5. Nagios

Nagios is different from the previous tools in that it is a full-fledged network monitoring solution rather than a performance testing or assessment tool. It is available in two different versions, the free and open-source Nagios Core and the paid Nagios XI. Both share the same underlying engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds some features to the core.

Nagios Core Screenshot

Preserving this modular approach, the tool’s user interface is also modular and several different community-developed options are also available for download. The Nagios core, the plugins and the user interface combine to make a complete monitoring system. This, of course, can mean that setting up Nagios Core is not for the faint-hearted.

As for Nagios XI, it is a commercial product based on the same core engine. It is, however, a complete self-contained monitoring solution. No need to assemble it from various parts. The product targets a wide audience from small businesses to large corporations. As you would have guessed, it is much simpler to install and configure than Nagios Core, thanks in part to a configuration wizard and auto-discovery engine. The main drawback of Nagios XI is its price which starts at around $2 000 for a 100-node license.

RELATED READING: SolarWinds NPM vs Nagios

6. Observium

Observium is another all-encompassing monitoring platform. It supports a wide range of device types, platforms and operating systems including, among others, Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp. I doubt that you can find a network-connected device that’s not supported. The tool’s primary focus is providing a beautiful, intuitive, and simple yet powerful user interface visually depicting the health and status of your network.

Observium Screenshot

Although many think of Observium as a bandwidth monitoring tool, it has much more to offer. For instance, it features an accounting system that will measure total monthly bandwidth usage in the 95th percentile or in total transferred bytes. It also has an alerting function with user-defined thresholds. Furthermore, Observium integrates with other systems and can pull their information and display it within its interface.

Observium it is to set up and it almost configures itself through its auto-discovery process. Although there doesn’t appear to be a download section on Observium’s website, there are detailed installation instructions for several Linux distributions that do include the links to get the right package for each distribution. The instructions are very detailed so finding and installing the software should be easy.

This product is available in two versions. There’s the Observium Community is which available for free to everyone. This version receives updates and new features twice a year. There’s also Observium Professional which has additional features and comes with daily updates.

7. Icinga

Icinga is yet another open-source network monitoring platform. The tool is provided with a simple and clean user interface and a feature set that rivals some commercial products. Like most bandwidth monitoring systems, Icinga primarily uses SNMP to gather usage data from devices. However, one of the areas where the tool stands out is in its use of plugins. There are tons of community-developed plugins to perform various performance monitoring tasks and extend the product’s functionality. And if you can’t find the right plugin for your needs, you can write one yourself and contribute it to the community.

Icinga Tactical Overview

Alerting and notification are two of Icinga’s best features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features segmented alerting. With this feature, you can send some alerts to some users and other alerts to different people. This is a great feature when you have different systems managed by different groups. You could, for example, have all alerts related to server sent to the server administration team and all alerts related to networking sent to the network support team.

8. Zabbix

Zabbix is another free and open-source network performance monitoring tool. It’s got a highly professional look and feel, much like you’d expect from a commercial product. The good looks of its user interface are not its only asset, though. The product also boasts an impressive feature set. The platform can monitor most network-attached devices in addition to networking equipment. It is a perfect option for monitoring the performance of your whole infrastructure.

Zabbix Dashboard

Zabbix uses SNMP as well as the Intelligent Platform Monitoring Interface (IMPI) for monitoring devices. You can use the software to monitor bandwidth, device CPU and memory utilization, general device health and performance as well as configuration changes. The product also features an impressive and completely customizable alerting system. It will not only send email or SMS alerts but can also run local scripts which could be used, for instance, to fix some issues automatically.

9. Cacti

A post about Linux network performance tools wouldn’t be complete without a mention of Cacti, a free and open-source complete network performance monitoring tool. It’s been around for some fifteen years or so and, although it might not be the most sophisticated of tools, it is still actively developed—with the latest version just a month old—and it gets the job done quite efficiently. Its main components are a fast poller, advanced graph templates, and multiple data acquisition methods. Cacti features user access control built right into the product and the product also boasts an easy to use albeit antique-looking web-based user interface. The tool scales very well from the smallest single device installations up to complex networks with many different WAN sites.

Cacti Screenshot

Cacti, which, at its core is a front end to the RRDtools, uses SNMP to fetch data which it stores in a SQL database. It is written in PHP and can be modified to suit your needs. One of the product’s strongest features is its use of templates. There are built-in templates, for example, for Cisco routers that already includes most of the elements you might want to monitor on such devices. But there are not only device templates, there are also graph templates. Together, templates make configuring the software much easier. You can also build your own customized templates if suitable ones aren’t already available. Also, many device-specific templates can be downloaded from device vendor’s websites and several community-driven Cacti forums offer them for download.

10. Munin

Munin is yet another GUI front end to RRDtools, it is written in Perl and it is licensed under GPL. It is a good tool to use to monitor the performance of networks, systems, applications, and services. It works on all Unix-like operating systems and features an excellent plugin system with some 500 different plugins available to monitor almost anything you want on your network.

Munin Screenshot

Munin presents all the information it gathers in graphs on a web interface but its main strength is how it relies on comparative analysis to try to identify what has changed to cause a performance degradation. A notifications system is available to send messages to the administrator when there’s an error or when the error is resolved.

Read Our Top 10 Linux Network Performance Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Top 5 Open-Source SNMP Monitoring Tools

SNMP, which is built into virtually every networking device is by far the best way to go about monitoring bandwidth usage. Some of the best SNMP monitoring tools, however, can turn out to be rather expensive. Luckily, there are several free and open-source solutions available and we’re about to review a few of the best ones.

We’d all love to benefit from infinite network bandwidth, wouldn’t we? But the reality of very different. Most of the time, we have to do with the bare minimum as bandwidth is still quite expensive. Consequently, networks often suffer from congestion and other problems linked to insufficient bandwidth. At the same time, applications are handling more and more data and need to move it through the network. This puts an additional toll on network bandwidth. To stay out of trouble, you need to keep a close eye on your network and the evolution of its usage and one of the best ways of doing that is to use a bandwidth monitoring tool.

We’ll begin by discussing network monitoring. We’ll briefly explain what it is and the different types of monitoring that are typically available. We’ll then dig deeper into the Simple Network Management Protocol (SNMP) and tell you what’s important to know about it, how it works, and how monitoring tools use it to measure — or rather calculate — network bandwidth utilization. And once we’re all on the same page, we’ll get into the core of this post and review some of the best open-sou

rce SNMP monitoring tools. While some are quite rudimentary, others are very polished and professional tools.

About Bandwidth Monitoring

For a network administrator, congestion is the number one enemy. If you compare a network to a highway where traffic is the network’s data, network congestion is similar to traffic jams. But unlike automobile traffic—where congestion can easily be spotted by simply looking at the road—network traffic happens within cables, switches, and routers where it’s invisible. Furthermore, it all happens at blazing speeds. Even if it was visible, it would happen too fast for us to see it. This is why network monitoring tools are so important. They provide network administrators with the visibility they need to ensure things are running smoothly. They can identify congestion or other issues, allowing administrators to take the necessary measures to address the situation.

Another important benefit of network bandwidth monitoring tools is with capacity planning. There is no way around the fact that network usage always grows over time. Just like disk space, the more you have, the more you need. While the current bandwidth of your network might be sufficient now, it will eventually need to be increased. By monitoring bandwidth usage, you’ll be able to plan the bandwidth upgrade before over-utilization becomes a problem.

Different Ways Of Monitoring Bandwidth

There are several ways that can network utilization can be monitored. One way is to capture packets at a given point on the network. It will give you detailed visibility over what’s happening at this particular point but nowhere else. Another way, if your networking equipment supports it, is to have it send out flow data to a flow analyzer that will report on what users, devices, or applications are using the network. Finally, and this is often the preferred way of doing it, you can use SNMP—which, as we said, is built into almost every networking device—to periodically poll devices and read their interface counters which they use to calculate and graph bandwidth utilization. Let’s briefly examine how each type of monitoring works.

Packet Capture

Packet capture is mostly used to troubleshoot specific network issues once you’re aware of them but it’s rarely used for usage monitoring. With packet capture, every data packet in and/or out of a specific device’s interface is captured and decoded. So, while it’s clear that packet capture tools are an invaluable tool for network administrators, they are not the best to just keep an eye on things to ensure all is running smoothly.

Flow Analysis

Cisco Network’s NetFlow technology is and its multiple variants such as J-flow, IPFIX, or sFlow, is a network flow analysis system. Devices that support flow analysis collect information about each data flow—hence the name—which they then sent to a flow collector and analyzer. It gives you detailed qualitative information about your network’s utilization but, if all you want is to monitor bandwidth utilization, it might be more than you need. And if you factor in the efforts required to put it in place, you’ll quickly realize it might not be the best tool for this specific task.


The Simple Network Management Protocol (SNMP) is a complex—despite its somewhat misleading name—system that can be used to remotely monitor, configure and control many different types of networking equipment. Fortunately, you don’t have to know everything about SNMP to use it to monitor a network’s bandwidth utilization. For now, let’s just state that SNMP is used by monitoring tools to read a device’s interface counters and use that data to compute the bandwidth usage and graph its evolution over time. In the next section, we’ll go into more details the inner workings of the Simple Network Management Protocol, ensuring you have enough information to configure and use any SNMP network monitoring tool.

SNMP In A Nutshell

Many SNMP tutorials will be rather technical tell you about MIBs and OIDs. We don’t feel, however, that you have to know everything about SNMP to use it. It’s somewhat like a car. You don’t have to know all about how the engine works to drive one. So, our goal today is to give you just enough information so that you can understand, use, and configure SNMP network monitoring tools, not to make you an SNMP expert, which is something that will come with experience.

First things first, how does one connect and authenticate to an SNMP-enabled device? It is very simple albeit not very secure. On each SNMP device, parameters called community strings are set. You can think of community strings as SNMP passwords. There are typically two community strings configured on each device. One of them is used for read-only access while the other will let one modify some parameters. They can have any value you want and their respective defaults are often set to “public” and “private”. While this is a simple and efficient authentication scheme, it is not secure at all as the community strings are transmitted in clear text over the network and could be intercepted and compromised. This is one reason why many administrators don’t configure read/write community strings on the devices they manage.

So, let’s say that an SNMP network monitoring system connects to a network device using the read-only community string. There are many different operational parameters that can be remotely read. Of particular interest when it comes to bandwidth monitoring are a few metrics called interface byte counters. There’s a pair of them—one for input and one for output—for each network interface. They are simply incremented by the device as bits are received and transmitted on an interface. By reading these values periodically at know intervals—every five minutes is typical, the monitoring tool can compute the number of bits per unit of time–usually per second–which is exactly how bandwidth is expressed.

Concretely, here’s how it’s done: The monitoring tool will poll a device and read its counters. Then, five minutes later, it will read the same counters again. By subtracting the previous value of the counters from the current one, the total number of bytes transferred in and out over the past five minutes is obtained. It is then a simple matter to multiply these numbers by 8–the number of bits in a byte–then divide the results by 300–the number of seconds in five minutes–to get the bits per second bandwidth utilization figures. Those figures are typically stored in some sort of database and used to plot graphs of utilization over time.

A few other SNMP values can be of interest in network monitoring. For example, there are interface input and output error counters. Similar to what’s being done with bytes in and out, these values can be used to compute the number of errors per second, a figure that tells you a lot about the general health of a network link. Other interesting metrics include CPU and memory utilization gauges.

The Best Open-Source SNMP Monitoring Tools

The SNMP monitoring tools market is huge. Big players such as SolarWinds, Paessler A.G. and ManageEngine all have some excellent product to offer. But what about open-source tools? Well, there are probably even more open-source tools than there are commercial ones. In fact, MRTG, the first tool on our list, is likely the ancestor of every other monitoring tool and it is still available today. So, let’s see what the best tools are.


As we just said, the Multi Router Traffic Grapher, or MRTG, can almost be considered the granddaddy of SNMP monitoring tools. Still in widespread usage, it’s been around since 1995. There’s a reason for this longevity: it gets the job done and it is a totally free and open-source platform. Of course, it might not be the fanciest and the prettiest and its user interface shows signs of age but it’s possibly the most flexible tool. MRTG can monitor many parameters besides bandwidth. In fact, it can monitor, log, and graph any SNMP parameter, and more. While it might not be the most user-friendly monitoring system, it is still possibly the most flexible one. And the fact that it’s the first monitoring system and that it is still around is certainly a testament to its value.

MRTG Screenshot

The two main components of MRTG are a Perl script that reads SNMP data from target devices and a C program that takes the data, stores it in a round-robin database and create web pages with bandwidth utilization graphs. The fact that the bulk of the system is written in Perl and is open-source means that anyone can customize the software to their specific needs. The initial setup and configuration might be somewhat more complicated than what you’d experience with some more polished monitoring systems but documentation is readily available to assist you.

Installing MRTG requires that you first install and configure Perl. It won’t run without it. MRTG can be run as a Windows service instead of an application but doing so requires some advanced manipulations including some registry modifications. Once installed, MRTG is configured by editing its configuration file in a true old-style *nix way. Administrators used to GUI configuration could face a steep learning curve. MRTG is best downloaded directly from its developer’s website. It is available as a .zip file for windows or a tarball for Linux. As of this writing, the latest stable release is 2.17.7, released last July. The tool is still in active development with a few minor releases each year.

2. Cacti

You can think of Cacti as MRTG on steroids. If you look at any of Cati’s graphs, you’ll find a striking resemblance to MRTG’s. This is no surprise as Cacti is built upon RRDTools which is from the same developer and is a direct descendant of MRTG. More about that in a moment.

Cacti is more polished than MRTG with a web-based configuration interface that makes configuring it much easier and more intuitive. It is a complete network monitoring and graphing package. The tool features a fast poller, some advanced device and graph templates, several acquisition methods, and user management features. It is excellent for smaller LAN installations but it will easily scale up to complex networks with thousands of devices over multiple sites.

Cacti Screenshot

To better understand Cacti, you need to know more about RRDtool. According to its developer “RRDtool is an open-source industry standard, high-performance data logging and graphing system for time series data. RRDtool can be easily integrated into shell scripts, Perl, Python, Ruby, Lua or Tcl applications.” If you recall how we said that MRTG uses a C program for data storage and graphing, RRDTool is the evolution of that C program.

In a nutshell, Cacti is just a front end to RRDTool. It stores the necessary data to create graphs and populate them with data in a MySQL database. The software maintains its graphs, data sources, and round robin archives in a database and also handles the data gathering, leaving the graphing to RRDTool. Cacti is a step up from MRTG. Many Cacti users are former MRTG users. I, for instance, got into Cacti when I needed to replace MRTG with something that was easier to configure and use as the network I was managing kept growing.

3. LibreNMS

LibreNMS is an open-source port of Observium, a very potent commercial network monitoring platform. It is a fully featured network monitoring system that provides a wealth of features and device support. Among its best features is its auto-discovery engine. It doesn’t only rely on SNMP to discover devices. It can automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP. Talking about the tool’s automation features, it also has automatic updates so it will always stay current.

LibreNMS Screenshot

Another major feature of the product is its highly customizable alerting module. It is very flexible and it can sed alert notifications using multiple technologies such as email, like most of its competitors but also IRC, slack, and more. If you’re a service provider or your organization bills back each department for their use of the network, you’ll appreciate the tool’s billing feature. It can generate bandwidth bills for segments of a network based on usage or transfer.

For larger networks and for distributed organizations, the distributed polling features of LibreNMS allow for horizontal scaling to grow with your network. A full API is also included, allowing one to manage, graph, and retrieve data from their installation. Finally, mobile apps for iPhone and Android are available, a rather unique feature with open-source tools.

4. Icinga

Icinga is yet another open source monitoring platform. It has a simple and clean user interface and, more importantly, a feature set that rivals some commercial products. Like most bandwidth monitoring systems, this one uses SNMP to gather bandwidth utilization data from network devices. But one of the areas where Icinga particularly stands out is its use of plugins. There are thousands of community-developed plugins that can perform various monitoring tasks, thereby extending the product’s functionality. And in the unlikely event that you couldn’t find the right plugin for your needs, you can write one yourself and contribute it to the community.

Icinga Tactical Overview

Alerting and notification also among Icinga’s great features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features what is referred to as segmented alerting. This feature will let one send some alerts to one group of users and other alerts to different people. This is nice to have when you monitor different systems managed by different teams. It can ensure that alerts are transmitted only to the proper group to address them.

5. Zabbix

Zabbix is another free and open-source product but it has has a highly professional look and feel, much like you’d expect from a commercial product. But the good looks of its user interface are not its only assets. The product also has an impressive feature set. It will monitor most network-attached devices in addition to networking equipment. It would be an excellent choice for anyone in need of monitoring servers in addition to network bandwidth utilization.

Zabbix Dashboard

Zabbix uses SNMP as well as the Intelligent Platform Monitoring Interface (IMPI) for monitoring devices. You can use the software to monitor bandwidth, device CPU and memory utilization, general device health and performance as well as configuration changes, a rather unique feature within this list. This tool does way more than simple network bandwidth utilization monitoring. It also features an impressive and completely customizable alerting system which will not only send email or SMS alerts but also run local scripts which could be used to fix some issues automatically.

Read Top 5 Open-Source SNMP Monitoring Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter