5 Best Remote Support Software for 2019

For many organizations, the ability to offer remote support is not an option. This is true, of course of large distributed businesses but also of managed service providers, those companies that take over the management of multiple components of their clients’ IT infrastructure.

While the base of remote support software tools is definitely remote desktop control, several additional functionalities are often included. This is where evaluating the different products can become challenging and this is why we’re doing this post about the best remote support software.

Best Remote Support Software

We’ll begin our exploration by having a thorough look at remote support, what it is and how it can help. We’ll then dig a bit deeper and discuss the various components you should be looking for when evaluating various products. Although products vary widely in their respective feature set, some features are a must-have and will be present in most of them. And finally, we’ll get to the core of the matter and review some of the very best remote support tools you can find.

About Remote Support

Remote support is a simple concept. It has to do with supervising and controlling IT systems (such as network devices, desktops computers, servers and mobile devices) by means of locally installed agents that can be remotely accessed. Remote support provides Managed Service Providers with the ability to install new or updated software remotely (including patches, updates and configuration changes), to detect new devices and automatically install the appropriate agent and configure them, to observe the behavior of the managed devices and software for performance and diagnostic tasks, and to perform alerting and provide reports and dashboards.

This is a highly specialized type of software created to address a highly specific need. Although remote support tools are often created with Managed Service Providers in mind, some large organizations use them as well. It makes sense as there are not many functional differences between a Managed Service Provider offering services to several small and medium businesses and a large corporation offering service to several small- or medium-sized branches or units. We’ll keep this dual clientele in mind as we review the different tools. For now,

Common Features Of Remote Support Tools

Remote support tools vary greatly in their feature set. There are, however, some characteristics are present in each one of them. They are the must-haves and they are, therefore, the features you should be looking for—and comparing—when selecting a tool. In the next paragraphs, we’ll introduce these characteristics, tell you why they are important, and explain, when needed, how they can be compared.

Ease of Deployment

Although your chosen remote support solution will most likely become your eyes and hands in the environment of your clients, before that happens, you’ll need to deploy the solution. Many remote support solutions are cloud-based so you’d think that you don’t have any software to install. Or do you? These tools often require that you install client apps—called agents—on the computers and servers that you will be monitoring and managing. These agents handle most of the job and take care of tracking, monitoring and allowing you to perform the needed management tasks.

Auto-discovery combined with “push-installation” features should be preferred. With these two, you can simply select a newly discovered system in the management console and begin the remote installation of its remote support agent. Otherwise, you will have to deploy a client installation file using some third-party tool such as Windows Active Directory GPO, scripts, PSA tools, etc. Big MSPs can manage thousands of devices so not having to manually install an agent on each one is more than welcome.

RELATED READING: Best Agentless Infrastructure Monitoring Tools

Remote Desktop Access

When you manage computers located miles away from you and there are issues with them, accessing them in person is rarely an option. This is why one of the most important modules of each and every remote support solution is certainly a remote desktop application. And even if the defective device is located nearby, it could be in some sort of hostile environment—such as a very cold server room—where it is more agreeable to use remote access.

Remote desktop applications let you easily connect to remote systems and perform any necessary action as though you were sitting at its keyboard and monitor. This is far better than giving instructions to someone over the phone, never certain that they are carried out correctly and that you’re getting proper feedback as to what appears on the screen.

Remote desktop systems typically use lightweight technologies to carry only the bare minimum amount of data over the network. They typically only send keystrokes from the local keyboard to the remote system and screen updates the other way around. Sending only screen updates rather the whole screen at every frame (30 times per second) greatly reduces the amount of transmitted data.

ALSO READ: Best IP Scanners for Mac

Dashboard Functionality

It seems like everyone in the network monitoring field is designing their products with “single pane of glass” dashboards. More than just a fad, it is a way of putting as much relevant information on the screen as possible. Rather than manually checking the status of multiple remote systems, you can take a glance at your dashboard and typically see the status of new systems, systems that require actions, the lists of last issues found, etc.

One needs, however, to remain careful when reviewing the actual function of the dashboard of a potential remote support solution. Sometimes, too much information is not any better than not enough. You and your team will spend a lot of time working with the dashboard. It should be adapted—or adaptable—to your needs and your environment. Fortunately, the best tools come with highly customizable dashboards. Some will even let you built different dashboards for different team members.

Alerting And Reporting

No matter how good and uncluttered a dashboard your tool may provide, you possibly have better things to do than sit in front of it and watch it. This is why alerting is often an important component of remote support tools. It is also an area where there are many differences between various products. The simplest ones will simply send out an email whenever something odd is detected. Better systems will have automatic escalation features or even the ability to automatically run remediation scripts.

Reporting a rather important albeit often overlooked element of remote support software. Using your tool’s reports, clients can check their system’s health and whether the service level you provide meets the contracted SLAs. But different clients will often have different reporting requirements. This is why customizable reports are important. You need to be able to build reports containing the information your clients need.

Integration With Other Tools

If your organization is using a Professional Services Automation (PSA) tool, you might want to select a remote support tool which can integrate with your PSA. In fact, the deeper this integration the better. For example, wouldn’t it be nice if your chosen remote support tool automatically created trouble tickets in the PSA tool whenever an issue is discovered? It could also create PSA tasks when it finds that some maintenance activity is required.

The level of automation provided by this type of integration can save you and your team a lot of time. Furthermore, it lets you proactively solve issues prior to the customer’s report and it helps to meet your SLA for common issues. You might need to spend some time configuring the integration but doing it will most certainly pay off rather quickly.

MUST READ: Top 10 Intrusion Detection Tools

The Best Remote Support Software Tools

We’ve scoured the market looking for remote support software tools. We’ve found quite a few interesting tools; too many to mention them all in this post, actually. So, we’ve picked the best ones we could find and here’s a brief review of each one.

1. SolarWinds Remote Monitoring And Management (FREE TRIAL)

SolarWinds is a well-known name with network and system administrators. The company has been making great tools for them for about twenty years. Its flagship product, the SolarWinds Network Performance Monitor, is recognized as one of the best network bandwidth monitoring tools. The SolarWinds MSP division—created by merging activities from SolarWinds, N-able, and LOGICnow—specializes in building tools for Managed Service Providers. One of its product is a very complete Remote Monitoring and Management tool aptly named SolarWinds Remote Monitoring and Management or RMM.

The primary purpose of this tool is to let you support and manage your clients’ assets on remote sites, either via direct contact or through automated procedures. Patch management and antivirus update coordination are two strong features of this tool. Furthermore, the Risk Intelligence module greatly improves the security features of the tool, which include malware protection as well as website protection. The system also protects against the possibility of infected websites being used as an entry point to the network.

SolarWinds RMM - Network Discovery

SolarWinds RMM is also an excellent monitoring tool which covers a wide range of devices, both physical and virtual. The tool enables administrators to keep track of system status on client sites from one console. Several built-in reports help you monitor the performance of your staff as well as the condition client’s sites. One of this product’s greatest assets is the simplicity of its interface as it enables support staff to get to the most frequently-used tools quickly.

If you want more info read our full review.

This product is so rich with features that describing them all would require a whole post. To give you an idea of all that’s available, here’s a list many of the product’s features:

  • Remote Monitoring
  • Network Device Monitoring
  • Remote Access
  • Active Network Discovery
  • Automation And Scripting
  • Patch Management
  • Reports
  • Mobile Applications
  • Backup And Recovery
  • Managed Antivirus
  • Web Protection
  • Service Desk
  • Risk Intelligence
  • Mobile Device Management

Pricing for SolarWinds Remote Monitoring and Management is not readily available but can be obtained by requesting a quote SolarWinds MSP. The good thing about this is that you’ll get a price that exactly matches your specific needs. If you want to give the tool a try and see for yourself what it can do for you, a free 30-day trial is available.

FREE TRIAL LINK: https://www.solarwinds.com/remote-support-software/registration

2. Dameware Remote Support From SolarWinds (FREE TRIAL)

Our next tool is also from SolarWinds. At its base, Dameware Remote Support is a remote control tool but it comes loaded with extended functionality for all sorts of systems management tasks, all in one easy-to-use package. The tool allows administrators and help desk attendants to remotely troubleshoot Windows computers or servers without even having to start remote control sessions. Using the built-in system tools and remote administration capabilities of this powerful tool, you can remotely reboot systems, start/stop services and processes, copy/delete files, view and clear event logs, and more. It is also a remote administration tool that helps you remotely manage multiple AD domains, groups, and users. You can use it to remotely unlock user accounts, reset passwords, and edit Group Policies from a single management console.

Dameware Remote Support Screenshot

Dameware Remote Support also provides remote access to several system tools and TCP utilities such as ping, tracert, DNS lookup, FTP, and telnet. This tool also features a built-in exporter tool to help easily export AD properties, software information, and system configurations from remote computers in easy-to-use .csv or .xml formats.

The Dameware Remote Support is priced per technician and varies between $295 and $370 depending on the number of licenses purchased. The license allows for an unlimited number of managed devices and it includes one year of support. Should you want to give the product a test run, a 14-day trial version is available.

FREE TRIAL LINK: https://www.solarwinds.com/remote-support-software/registration

3. Datto RMM

Datto RMM, formerly known as Autotask Endpoint Management is a well-integrated remote monitoring and management platform. It claims to be “The easiest, cloud-based Remote Monitoring and Management platform for managed service providers who are looking to scale and improve service delivery operations”. The tool features comprehensive auditing to get complete visibility of every device and pinpoint areas for action. It also features patch management to automatically maintain every device with flexible, native OS and application patch update policies.

Datto RMM WebPortal

Real-time monitoring is another important feature of Datto RMM. The feature allows you to implement system-wide monitoring with intelligent alerting, auto-response, and auto-resolution. A remote support and management tool wouldn’t be complete without remote control and this product can provide instant support with one-click access to any of your managed devices. And last but not least, the tool’s flexible reporting features can help you prove the value of your service as well as help your customers make informed decisions with a wide array of fully configurable reports.

Pricing information is not readily available from Datto’s website. A free trial is mentioned but clicking the free trial link seems to take to a page where you can register for a demo.

4. Comodo One

Comodo One is a mostly free remote support, management, and monitoring platform with paid security modules. The system can monitor LANs, Cloud-based services, and hybrid systems. It is also particularly strong at protecting web applications. The key element of Comodo One is the Comodo Remote Monitoring and Management (CRMM). This module offers endpoint access, remote desktop sharing, and professional services automation (PSA) which includes ticketing, task allocation, policy enforcement, and logging. As such, it can be viewed as a combined RMM and PSA platform.

Comodo One Screenshot

The tool’s central console communicates with an agent module which needs to be installed on each remote endpoint. The agent software can be installed remotely. Once a monitored site is connected through its gateway, the network monitor built into the package automatically seeks out and logs all of the assets on that network. The Comodo One system monitors networks, servers, and application performance as well as risks to the network, with 18 different tests to detect security flaws. Once the RMM connection is established, you have the option of adding other Comodo services, such as edge security for web servers. The console also gives access to a task manager for support staff and a patch manager for the systems administrator.

The Comodo One RMM service is cloud-based, but it can monitor on-premises assets that run on Windows, Linux, and Mac OS. The service can also include mobile device management and software distribution. If a free RMM from a reputable source like Comodo seems too good to be true, just remember that you will have to pay for some modules in order to assemble a complete MSP system.

5. Kaseya VSA

Our last entry is a remote support platform which excels at task automation called Kaseya VSA. The tool incorporates a remote control module, called Live Connect, allowing you to implement bulk updates as well as remotely connect to and administer any end device. The tool also provides automated network monitoring with built-in alerts, patch management, and service auditing, making it a very complete remote monitoring and management solution.

Kaseya VSA - Live Connect Screenshot

Feature-wise, Kaseya VSA has everything you’d expect. It has remote control, patch and vulnerability monitoring, audit and inventory, network monitoring, virus protection, unified backups and compliance management. The built-in AssetIQ is a contextual documentation management system made to ease the task of managed service providers. It can, for example, be structured as a script for Help Desk agents to work through an incident and eventually direct problems to back-office staff.

Kaseya VSA will cover most, if not all, of your remote support requirements. Pricing for the product can be obtained directly from Kaseya, and both a demo and a 14-day free trial are available so you can see for yourself what the product has to offer.

Read 5 Best Remote Support Software for 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The Best Network Troubleshooting Tools and Software

If you’re a network administrator, chances are one of the phrases you’ve heard the most is “the network is slow”. No matter what, it seems like everyone is always quick to blame the network whenever something doesn’t work as efficiently as expected.

There’s a simple reason for that: The network is often to blame. Modern networks are rather complex and there are so many places where things can go wrong. So, when someone complains of poor network performance, what you need are the proper troubleshooting tools to help you pinpoint exactly where the issue lies, what it is, and how to fix it. And if it turns out the problem has nothing to do with the network, those same tools can help you demonstrate it, which is often mandatory to get other teams to even acknowledge the problem.

The Best Network Troubleshooting Tools and Software

However, with so many network troubleshooting tools to choose from, picking the right one for the job can be a challenge. We hope this post can help as we’re about to have a look at some of the very best network troubleshooting tools.

The Top Network Troubleshooting Tools

Let’s dive right into the details of the actual tools. Our list includes both GUI-based and command-line tools. It also has a good mix of local and web-based tool. Some of the tools have a single, very precise purpose while others are complete toolkits. They all have one thing in common: they can help network administrators do a better job. For each tool on our list, we’ll describe its primary features and how it can be used. Let’s go!

1. SolarWinds Engineer’s Toolset (FREE TRIAL)

First on our list is an excellent toolkit from SolarWinds simply called the Engineer’s Toolset. SolarWinds, in case you don’t already know, is one of the major players in the field of network administration tool. Their flagship product, the Network Performance Monitor is considered by many as the reference when it comes to SNMP network monitoring tools. The company is also well-known for its many free tools, each addressing a specific task. These free tools include the Network Device Monitor and Traceroute NG are two great examples of those free tools.

As its name implies, the SolarWinds Engineer’s Toolset is a set of tools. Over sixty of them, to be precise. You can use the included tools to continuously monitor servers, routers, workstations, or other devices to show response time in real-time and display response rates in graphical charts. The toolset, for example, includes a “Simple Ping” tool which is an alternative to the ping that comes with your operating system and can be used to measure a host’s response time and packet loss.

SolarWinds Engineer's Toolset Enhanced Ping Tool

But Ping is definitely not the only tool bundled with this impressive pack, and although some of the 60+ tools that you’ll find in the Engineer’s Toolset are free tools that are also available individually, most are exclusive tools which can’t be obtained any other way. The toolset has a centralized dashboard which allows you to easily access any of the included tools. Among the different tools you’ll find, some can be used to perform network diagnostics and help resolve complex network issues quickly. Security-conscious network administrators will appreciate these other tools that can be used to simulate attacks on your network and help identify vulnerabilities.

SolarWinds Engineer's Toolset - Home Screen

The SolarWinds Engineer’s Toolset also includes a few more monitoring and alerting tools such as one which will monitor your devices and raise alerts when it detects availability or health issues. This will often give you enough time to react before users even notice the problem. To complete an already feature-rich suite of tools, configuration management and log consolidation tools are also included.

Describing in minute details every included tool would make for a very long—and possibly quite boring—post. Instead, here’s a list of some of the best tools you’ll find in the SolarWinds Engineer’s Toolset.

  • Port Scanner
  • Switch Port Mapper
  • SNMP sweep
  • IP Network Browser
  • MAC Address Discovery
  • Ping Sweep
  • Response Time Monitor
  • CPU Monitor
  • Interface Monitor
  • TraceRoute
  • Router Password Decryption
  • SNMP Brute Force Attack
  • SNMP Dictionary Attack
  • Config Compare, Downloader, Uploader, and Editor
  • SNMP trap editor and SNMP trap receiver
  • Subnet Calculator
  • DHCP Scope Monitor
  • IP Address Management
  • WAN Killer

The SolarWinds Engineer’s Toolset sells for only $1495 per administrator seat. If you consider that it includes over 60 different tools, this is a very reasonable price. A free 14-day trial is available from SolarWinds so your best bet is likely to go to the SolarWinds website, download the trial and see for yourself all it can do for you.

2. Wireshark

Wireshark, which was previously known as Ethereal, has been around for 20 years. If not the best, it is certainly the most popular network sniffing tool. Whenever a need for packet analysis arises, this is often the go-to tool of most administrators. Before Wireshark, the market had essentially one GUI-based packet sniffer which was aptly called Sniffer. It was an excellent product that suffered from one major drawback, its price. Back in the late 90’s the product was about $1500 which was more than many could afford. This prompted the development of Ethereal as a free and open-source packet sniffer by a UMKC graduate named Gerald Combs who is still the primary maintainer of Wireshark twenty years later.

Wireshark Screenshor

Today, Wireshark has become THE reference in packet sniffers. It is the de-facto standard and most other tools try to imitate it. Wireshark does mainly two things. First and foremost, the tool captures all traffic it sees on its interface. However, it doesn’t stop there. The product,s real strength is in its powerful analysis capabilities. They are actually so good that it’s not uncommon for users who use other tools for packet capture to run the analysis of the captured data using Wireshark. In fact, this is so common that, upon startup, you’re prompted to either open an existing capture file—potentially created with another tool—or start capturing traffic. Another strength of Wireshark is the filters it incorporates which let you zero in on exactly the data you’re interested in.

While Wireshark has a steep learning curve, it is well-worth learning at it will prove time and again to be an invaluable tool for many network troubleshooting tasks. It is definitely something that should be part of every network administrator’s toolset. And given its price—it’s free—there is no reason why not to use it.

3. Tcpdump/Windump

Before there were GUI-based capture and analysis tools, there was tcpdump. It was created back in 1987, over ten years before Wireshark and even before Sniffer. And although the tool has been constantly maintained and improved since its initial release, it still remains essentially unchanged and the way it is used has also not changed much through its evolution. It is available for installation on virtually every Unix-like operating system and has become the de-facto standard for a quick tool to capture packets. Tcpdump uses the libpcap library for the actual packet capture.

Tcpdump screenshot

The default operation of tcpdump is relatively simple. It captures all traffic on the specified interface and “dumps” it—hence its name—on the screen. You can pipe the output to a capture file to be analyzed later using the analysis tool of your choice. In fact, it’s not uncommon for users to capture traffic with tcpdump for later analysis in Wireshark. One of the keys to tcpdump’s strength and usefulness is the possibility to apply filters and/or to pipe its output to grep—another common command-line utility—for further filtering. Anyone mastering tcpdump, grep and the command shell can get it to capture precisely the right traffic for any debugging task.

As for Windump, it is a port of tcpdump to the Windows platform. As such, it behaves in much the same way. What this means is that it brings much of the tcpdump functionality to Windows-based computers. While Windump may be a Windows application, don’t expect a fancy GUI. This is nothing more than tcpdump on Windows and as such, it is a command-line only utility.

Using Windump is basically the same as using its *nix counterpart. The command-line options are just about the same and the results also look almost identical. And just like tcpdump, the output from Windump can be saved to a file for later analysis with a third-party tool such as Wireshark. However, with grep not usually available on Windows computers, the filtering abilities of the tool are more limited although still impressive.

Another important difference between tcpdump and Windump is that it is readily available from the operating system’s package repository. You’ll have to download the software from the Windump website. It is delivered as an executable file that requires no installation, making it an ideal portable tool which could be launched from a USB key. However, just like tcpdump uses the libpcap library, Windump uses the Winpcap library which needs to be separately downloaded and installed.

4. Ping

Although it comes fourth on our list, ping is likely the best-known and most-used troubleshooting tool. It came to life back in 1983 when a developer who was seeing an abnormal network behaviour couldn’t find the right debugging tool. He then decided to create one, calling his tool ping which, by the way, refers to the sound of sonar echoes as heard from inside a submarine. Nowadays, the common utility is available on virtually every operating system with IP networking and although individual implementations vary slightly in their available options, they all serve the same basic purpose.

Differences between various ping implementations are mostly related to the available command-line options which can include specifying the size of each request’s payload, the total test count, the network hop limit of the delay between requests.

Here’s a sample run of the ping command:

Ping Sample Run

Ping is a clever and powerful yet simple utility. It works by sending a series of ICMP echo request packets to the specified target and waiting for it to send back ICMP echo replies. The process is repeated a certain number of times (by default, 5 times under windows and until it is stopped under most Unix/Linux implementations.), allowing the tool to compile statistics. Ping measures the time between the request and the reply and displays it in its results. On Unix variants, it will also display the value of the reply’s TTL field, indicating the number of hops between the source and the destination. In fact, what is displayed in the command response if another place where various implementations differ.

Ping operates under the assumption that the target host follows RFC 1122 which prescribes that any host must process ICMP echo requests and issue echo replies in return. Although most hosts do, some disable that functionality for security reasons. Firewalls will also often block ICMP traffic altogether, preventing ping from doing its job. Ping accomplishes two important diagnostic tasks: it validates that there is communication between the test device and the target and it validates that the target is responding.

5. Traceroute/Tracert

Traceroute—or tracert if you’re coming from the Windows world—is, along with ping and a few others, one of the most basic network troubleshooting tools. As its name suggests, traceroute can trace the route from one network-attached device to another. It’s a pretty useful tool that will not only test the connectivity to a host—as ping does—but it will also reveal a lot about the path to get there and issues that may be plaguing it. In a nutshell, traceroute will return the IP address of every router encountered between the source device and the target device but it will also report on the response time of each of these routers.

Tracert Sample Run

Traceroute is another old tool which dates back to 1987. This is over 30 years ago; an eternity in computer years. It is also a very common tool. First introduced on the Unix operating system, it is now present on every Unix-like OS including Linux and Mac OS X. It even eventually got ported to the Windows platform where it was renamed to tracert, possibly due to the eight character filename limitation that once plagued Microsoft’s operating systems.

Traceroute is definitely a tool that every network administrator should understand and use. It is not perfect, though and it has a few pitfalls that one needs to be aware of. For example, a path could be asymmetrical with traffic to the target taking a different route than traffic back from it, something that traceroute wouldn’t see and that could be the cause of many hard-to-troubleshoot issues.

6. Ipconfig/Ifconfig

Although ipconfig and ifconfig are two widely different tools, we’ve elected to discuss them together as, in a network troubleshooting context, both serve a similar purpose.

Ipconfig is a command-line tool that is built into the Windows operating system. It is used to display information about the IP protocol stack of the local computer. Various switches or command-line options let one display more or less details. By default, it displays the IP address, subnet mask and default gateway associated with each network interface installed on a computer. Adding the /all option will display considerably more information. It will, for instance, display the MAC address of each interface. It will also indicate if the IP address and configuration was done manually or through DHCP. And in the case of DHCP, it will tell you the details about the DHCP server and lease.

Ipconfig Sample Run

But ipconfig has another utility beyond providing information about the local machine. Some of its command-line switches give you control over certain aspects of the IP stack. For instance, DHCP leases can be modified by using the commands ipconfig /release and ipconfig /renew. Another example is the ipconfig /flushdns command which can be used to clear the DNS name resolution cache.

As for ifconfig, it is a system administration utility on Unix-like operating systems. It is used to configure, control, and query TCP/IP network interface parameters from a command line interface. Its parameters and options are different from those of ipconfig but, overall, it can be used in a similar context to verify the parameters of a suspicious network interface.

7. Netstat

On a typical computer, you can have dozens of active network connections at any given time, making it much harder to troubleshoot connectivity issue. This is precisely why netstat was created. The tool can be used to help identify the status of each connection and which service is using each one, potentially helping to narrow down your search. Netstat, which is available on most—if not all—operating systems, can quickly provide details about client services and TCP/IP communications.

Netstat Help Screen

Launching netstat from a command prompt displays all active connections on the local computer, both incoming an outgoing. Actually, it won’t just list active connections, it will also list idle ones. Furthermore, netstat can also display listening ports on the computer where it’s run. Netstat is a command that accepts many options, giving you more control over what information is returned. This can lead to some confusion as the available options differ between platforms. For instance, netstat -b on Windows would display the name of the executable associated with each connection whereas on OS X or BSD, it is used in conjunction with -i to display statistics in bytes. The best way to learn about all the available parameter of your specific version on Netstat is to run it with the -? option, displaying the tool’s help screen.

8. Nslookup/dig

Nslookup and dig—we’ll see in a minute how they differ and how they are similar—are tools used to verify/test/validate DNS resolution. The Domain Name Service, or DNS, is a network service used by computers to resolve hostnames—such as www.microsoft.com, which is easier to use for us Humans—to IP addresses—such as, which is easier for a computer. Incorrect DNS resolution—where a DNS server will return an erroneous IP address or fails to respond in a timely manner—is a common problem despite being often overlooked.

Nslookup Sample Run

The nslookup command is usually followed by a hostname and it will normally return the corresponding IP address. There is one major drawback with this tool. Although it does, by default, interrogate the locally configured DNS server, it uses its own name resolution routines rather than calling the operating system’s name resolution libraries. Consequently, nslookup could return the correct information even in a situation where the computer’s name resolution doesn’t work.

Dig, a similar tool, was created in part to address this issue. Although it uses a very different syntax—especially when using advanced options, dig serves essentially the same purpose as nslookup but uses the operating system’s libraries. And since nothing is perfect, dig’s primary drawback is that it’s not included in most operating systems. It does come bundled with Bind—the ISC DNS server software—which can be downloaded from the ISC’s website.

In Conclusion

No matter what your exact troubleshooting need is, there are plenty of tools available to assist you. We’ve just given you a few examples of the most common ones. The tools outlined herein for what should be the basis of any network administrator’s toolkit. Most of the are available at no charge and your only investment is to learn how to use them. As for the SolarWinds Engineer’s Toolset,  the only paid tool on our list, it is well-worth its reasonable price. And since a free trial is available, there’s absolutely no reason not to give it a try and see how useful it is.

Read The Best Network Troubleshooting Tools and Software by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Best Tools for Troubleshooting Network Performance Issues

It seems like networks are never fast enough. Really, network performance is by far the single most complained-about issue when it comes to networked systems. There’s a reason for that, though. Network performance—or lack thereof—is probably the most perceptible issue from a user’s point of view. So, when tasked with troubleshooting network performance issues, network administrators needs to know what to look for, where to look for it, and they should have access to the right tools.

Today, we’re having an in-depth look at troubleshooting network performance issues.

Network Performance Issues | Troubleshooting

We’ll start off, as we often do, with a mile-high view of what network performance is. Then, as we get closer, we’ll have a more detailed look at some of the factors that typically affect the performance of computer networks. We’ll first discuss bandwidth and throughput which, to a certain extent, are two sides of the same coin. Next, we’ll talk about latency and delay, two metrics that are often confused. We’ll do our best to shed some light on the subject.

Our next order of business will be jitter, one of the most performance-impacting aspects of networks. And last but not least, we’ll discuss errors which can sometimes be the consequence and sometimes the symptoms of other problems. And since having access to the proper tools is very important when troubleshooting network performance issues, we’ll have a look at a few of the best network monitoring tools that can help with your troubleshooting efforts.

About Network Performance

Wikipedia defines network performance in a very simplistic way. “Network performance refers to measures of service quality of a network as seen by the customer”. There are three important concepts in that definition. The first one has to do with measuring performance. This is critical. Network performance is something that is measured. The second important concept is quality. Performance refers to quality. And last but certainly not least, the customer. Performance is something that is seen or experienced by a user of the network, not just by measuring tools. This is why it is so important to have network performance monitoring tools that are able to take measurements from a user’s perspective.

But isn’t the user’s perspective a highly subjective concept that can be hard to evaluate? It certainly is but, using the right tools and technologies, it can be achieved. The key is to know how each metric does affect perceived performance and this is precisely our topic of the day.

Put differently, a network’s performance is its ability to meet its user’s expectations. This is important as it implies that a network’s performance is user-dependent. Some network use cases have very small performance requirements while others need more. A well-performing network is one where the actual performance matches the usage, giving users a perception that all is working well.

Factors Affecting Network Performance

Several things can affect perceived performance. Some factors are not even network-related. For instance, a server that responds slowly can be interpreted as a sign of network performance degradation. This is one more reason why we need to know what network factors are at play as it will allow, through a process of elimination, to identify non-network performance issues.

In the following paragraphs, we’ll have a look at what factors and parameters are interacting to give users the perception of good—or no so good—performance. Some of these factors are physical characteristics of networks over which we typically have no control while others are elements that can often be improved, thereby giving users the perception of better performance.

Bandwidth and Throughput

Bandwidth and throughput are, in a way, two sides of the same coin. Furthermore, there is not a clear distinction between the two terms and they are often used interchangeably. We feel this is a mistake as they are, in reality, somewhat different concepts.

Bandwidth typically refers to the data-carrying capacity of a network segment by unit of time. It is usually expressed in multiples of bits per seconds, with megabits per second (Mbps) and gigabits per second (Gbps) being the most common. For example, a legacy fast-Ethernet connection has a bandwidth of 10 Mbps. Bandwidth is not something that is measured, nor is it something that varies over time and with increased usage. It is an inherent characteristic of a network. Some circuits use technologies where bandwidth can easily be increased or reduced but, in most situations, it is a fixed parameter that cannot be modified.

As for throughput, it refers to the actual amount of data successfully transmitted by unit of time. Tshroughput is restricted by available bandwidth as well as the available signal-to-noise ratio, network errors and hardware limitations. Most of the same factors affect network performance affect throughput. In fact, throughput is a close cousin of performance. All things being equal, the higher the throughput, the higher the perceived performance.

In the context of perceived network performance, bandwidth and throughput are important because when bandwidth usage approaches the maximum capacity of a network segment, performance usually degrades significantly. This is why although bandwidth is fixed, bandwidth usage must be monitored.

Latency and Delay

Much like bandwidth and throughput, there is often a lot of confusion between latency and delay. This is another situation where two concepts are used interchangeably. Both have to do with the time it takes for data to travel from its source to its destination. Latency is often described as the time from the source sending a packet to the destination receiving it. It can also refer to the round-trip delay time which comprised the one-way latency from source to destination plus the one-way latency from the destination back to the source. In fact, round-trip latency is used more often, mainly because it can be measured from a single point. Round trip latency normally excludes the amount of time that a destination system spends processing the packet and issuing the response.

RELATED READING: 6 Tools to Manage Network Configuration for All Your Devices

Latency is another physical characteristic of networks. It is a factor of the distance between the source and the destination and the speed of light which, incidentally, it’s also the speed at which data travels over any type of media. Like bandwidth, Latency is a fixed parameter. The only way to reduce it is to move the source closer to the destination. Reducing the distance by some 100 km will remove about 1 millisecond of latency.

There are quite a few other factors that add some delay to the network transmissions. For instance, queuing delay occurs when a gateway receives multiple packets from different sources heading towards the same destination. Since only one packet can typically be transmitted at a time, some of them must be queued for transmission, incurring an additional delay. Also, processing delays are incurred while a gateway determines what to do with a newly received packet. Bufferbloat can furthermore cause increased delays of an order of magnitude or more. The combination of propagation, queuing, and processing delays often result in a complex and variable network latency profile.

Latency and delay are the main factors affecting perceived network performance. Fortunately, they can easily be measured either single- or dual-endedly. Dual-ended measurement, as described earlier, if often preferable as it ignores the destination’s processing delay and provides a true measurement of the network’s latency.


Jitter is the biggest enemy of network communications and while it is relatively easy to explain, it is somewhat more complicated to understand how and why it can have such an adverse effect on data transmissions. Let’s try to explain. Simply put, jitter is a variation in delay. There are several factors that can cause jitter. In fact, many of the same factors affecting delay also affect jitter. For example, queuing delays are directly related to queue length. And since a typical queue constantly varies in length, so does delay, hence jitter.

The thing with jitter is that it does not affect all network traffic in the same way. When delays vary considerably between the multiple packets that compose a message (i.e. in high jitter situations), the packets could arrive at their destination out of sequence. Let’s take, for example, a transmission comprised of four packets that are transmitted at 10 ms intervals. The first one encounters 20 ms of latency, the second one 60 ms, the third one 40 ms and the last one 20 ms. I’ll spare you the boring math but in such a situation the first packet will arrive first, followed by the fourth, then the third and finally the second. In some situation, this wouldn’t be a problem. For example, if we’re dealing with a file transfer, the packets are sequentially numbered and can easily be reassembled in the proper order at the receiving end. On the other hand, if what we have is real-time traffic such as a streaming video or a VoIP conversation, we’re in trouble as packets cannot be correctly reassembled, resulting in pixelated video or garbled audio. From a user’s standpoint, we’re having a performance issue.


To a certain extent, network errors are another factor affecting network performance. Bit errors refer to the number of bits of a data stream received over a communication channel that have been altered due to noise, interference, distortion or bit synchronization issues. The bit error rate or bit error ratio (BER) is the number of bit errors divided by the total number of transferred bits during a given time interval. It is often expressed as a percentage.

While networks are very robust and resilient, they will, most of the time, recover from these errors using several methods including built-in error-correction schemes or retransmission of erroneous data. But while these can be acceptable, they often cause unnecessary delays, increased jitter and all sorts of user-perceived performance issues.

ALSO READ: Packet Loss — How to Measure And How to Fix

The Top Tools For Troubleshooting Network Performance Issues

While there are tons of tools for measuring network performance, not all of them are as feature-full as the few we’ve picked for you. The best ones will not only display bandwidth but also several bandwidth-affecting metrics such as latency or jitter thereby helping you quickly troubleshoot network performance issued.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds is one of the best-known vendors of network and system administration tools. It is famous for its many excellent network administration tools. Among the most famous SolarWinds products are the NetFlow Traffic Analyzer and the Server and Application Monitor. The company is also recognized for making a handful of excellent free tools, each addressing a specific need of network and system administrator. The Advanced Subnet Calculator and the Kiwi Syslog Server are two excellent examples of those free tools.

SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. This is a full-featured network monitoring solution with great functionality. The SolarWinds NPM polls any enabled device using the SNMP protocol to read their operational metrics and interface counters. It stores the results in an SQL database and uses the polled data to build graphs showing each WAN circuit’s usage as well as other important metrics.

SolarWinds NPM Enterprise Dashboard

The SolarWinds Network Performance Monitor boasts a user-friendly GUI. With it, adding a device is as simple as specifying its IP address or hostname and SNMP community string. The tool then queries the device, lists all the SNMP parameters that are available, and allows you to pick those you want to monitor and display on your graphs.

Prices for the SolarWinds Network Performance Monitor start at $2 995 and vary according to the number of devices to monitor. A detailed quote can be obtained by contacting the SolarWinds sales team.

If you’d want to try the product before purchasing it, a free 30-day trial is available, as it is for most SolarWinds products.

2. ManageEngine OpManager

The ManageEngine OpManager is a complete management solution that will address most monitoring needs. The tool can run on either Windows or Linux and it is loaded with excellent features. For instance, its auto-discovery feature can graphically map your network, giving you a uniquely customized dashboard.

The tool’s dashboard is another one of its strong points. It is super easy to use and navigate and has drill-down functionality. If you’re into mobile apps, they are available for tablets and smartphones and will allow you to access the system from anywhere. Overall, this is a very polished and professional product.

ManageEngine OpManager Monitoring

Alerting in OpManager is another of the product’s strengths. There is a full complement of threshold-based alerts that will help detect, identify, and troubleshoot network issues. Multiple thresholds with various notifications can be set for every performance metric.

If you want to try the ManageEngine OpManager, get the free version. It is not a time-limited trial version. It is, instead, feature-limited. It won’t, for instance, let you monitor more than ten devices. While this might be sufficient for testing purposes, it will only suit the smallest networks. For more devices, you can choose between the Essential or the Enterprise plans. The first will let you monitor up to 1 000 nodes while the other goes up to 10 000. Pricing information is available by contacting ManageEngine’s sales.

3. PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an agentless network monitoring system. Paessler claims that the PRTG Network Monitor can be set up in a couple of minutes. Our experience shows that it can take a bit more than that but that it is still very easy and quick, thanks to an auto-discovery feature that will scan your network, find devices, and automatically add them. The tool uses a combination of Ping, SNMP, WMI, NetFlow, jFlow, sFlow, but can also communicate via DICOM or the RESTful API.

PRTG Dashboard - Datacenter Monitoring

One of the strengths of the PRTG Network Monitor is its sensor-based architecture. You can think of sensors as add-ons to the product except that they are already included and don’t need to be added. There are add-ons for virtually anything. For example, there are HTTP, SMTP/POP3 (e-mail) application sensors. There are also hardware-specific sensors for switches, routers, and servers. In all, there are over 200 different predefined sensors that retrieve statistics such as response time, processor, memory, database information, temperature or system status from the monitored devices.

The PRTG Network Monitor offers a selection of user interfaces. The primary one is an Ajax-based web interface. There’s also a Windows enterprise console as well as mobile apps for Android and iOS. One nice feature of the mobile apps is that they can use push notification of any alerts triggered from PRTG. More standard SMS or email notifications are also available. Although the server only runs on Windows, it can be administered from any device with an Ajax-compatible browser.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors. Note that each monitored parameter counts as one sensor and, for example, monitor 24 interfaces on a network switch will use up 24 sensors. If you need more than 100 sensors, you must purchase a license. Their prices start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

Read Best Tools for Troubleshooting Network Performance Issues by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Best Open-Source NetFlow Software (FREE)

There are several types of network monitoring available. One of them, possibly the most common, is SNMP monitoring. It can be used to give administrators a rather clear picture of how much data is carried over the networks they manage. But when they want a more detailed picture—such as learning WHAT the traffic is rather than just HOW MUCH there is—they have to turn to a different technology.

NetFlow, a monitoring technology developed by Cisco and introduced a while back on the manufacturer’s devices has become the de facto standard when it comes to qualitative network monitoring. NetFlow monitoring tools can be expensive and out of the reach of many smaller businesses. Fortunately, several open-source NetFlow software packages are available and we’re about to review them.

Best FREE Open-Source NetFlow Software

We’ll begin our journey by having a look at network monitoring in general. We’ll follow with a discussion on the different types of monitoring, specifically concentrating on bandwidth monitoring and traffic analysis. Next, without going too technical, we’ll have an in-depth look at the NetFlow technology, what it is and how it works.

We’ll discuss some similar technologies that are also available before we get to the core of our subject, the actual open-source NetFlow tools which are available. While some of the tools are relatively limited in terms of what they can accomplish or can be harder to configure than some paid packages, all provide some genuinely interesting functionality.

About Network Monitoring

Network traffic is very similar to road traffic. Just like network circuits can be thought of as highways, data transported on networks are like vehicles travelling on that highway. But as opposed to vehicular traffic where you just have to look to see if and what is wrong, seeing what’s happening on a network can be tricky. For starters, everything is happening very fast and data transported on a network is invisible to the naked eye.

Network monitoring tools let you “see” exactly what is going on in your network. With them, you’ll be able to measure each circuit’s utilization, analyze who and what is consuming bandwidth and drill down deep into network “conversations” to verify that everything is operating normally.

Different Types Of Monitoring Tools

There are basically three major types of network monitoring tools. Each one goes a little deeper than the previous and provides more details about the traffic. First, there are bandwidth utilization monitors. These tools will tell you how much data is transported on your network but that’s about it.

To get more information about the network, you need another type of tool, network analyzers. Those are tools that can give you some information on what exactly is going on. They won’t just tell you how much traffic is passing by. They can also tell you what type of traffic and between what hosts it is moving.

And for the most detail, you have packet sniffers. They do an in-depth analysis by capturing and decoding traffic. The information they provide will let you see exactly what’s going on and pinpoint issues with the greatest accuracy. As useful as they are, they are beyond the scope of this post.

Bandwidth Usage Monitoring Tools

Most bandwidth utilization monitors rely on the Simple Network Management Protocol, or SNMP, to poll devices and get the amount of traffic on all–or some–of their interfaces. Using that data, they will often build graphs that depict the bandwidth utilization over time. Typically, they’ll allow one to zoom into a narrower time span where graph resolution is high and shows, for instance, 1-minute average traffic or zoom out to a longer time span–often up to a month or even a year–where it shows daily or weekly averages.

Network Traffic Analysis Tools

If you need to know more than the amount of traffic passing by, you need a more advanced monitoring system. What you need is what we refer to as a network analysis system. These systems rely on software that’s built into networking equipment to send them detailed usage data. These systems can typically display top talkers and listeners, usage by source or destination address, usage by protocol or by application and several other useful information about what is going on.

While some systems use software agents that you must install on target systems, most of them rely instead on standard protocols such as NetFlow, IPFIX, or sFlow. These are usually built into equipment and ready to use as soon as they are configured.

NetFlow In A Nutshell

NetFlow was developed by Cisco Systems and was introduced on their routers to provide the ability to collect IP network traffic as it enters or exits an interface. The collected data is then analyzed by network administrators to help determine the source and destination of traffic, the class of service, and the causes of congestion. There are three main components to the NetFlow technology:

  • The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors. This is the component that is running on the monitored devices.
  • As for the flow collector, it is responsible for reception, storage and pre-processing of flow data received from a flow exporter.
  • Last but not least, the flow analyzer is an application that is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting.

How It Works

Routers, switches and any other device that supports NetFlow can be configured to output flow data in the form of flow records and send them to a NetFlow collector. A flow is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through ageing–there has not been any traffic within a specific timeout–or when it sees a TCP session termination.

The flow record contains a lot of information about the flow. It includes the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow. The only contain information about the flow. This is important from a security standpoint.

Except in huge multi-site environments, the flow collectors where the records are sent are often also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators. Different NetFlow collectors and analyzers will have different ways of presenting data. This is where our list of the best NetFlow collectors and analyzers will come in handy.

Other Similar Technologies

Various versions and adaptations of NetFlow do exist and some are known under a different name. In fact, many of those are used under license from Cisco. There are also true alternatives to NetFlow, the two best-known are sFlow and IPFIX. The latter is heavily based on the latest version of NetFlow except that it is an IETF standard. In fact, there are many reasons to believe that Cisco might even eventually replace NetFlow with IPFIX. As for sFlow, it is a different, competing system. Its goal and general principles of operation are similar but different. Some NetFlow analyzers will also work with sFlow but, generally speaking, users of one don’t use the other.

The Top Open-Source NetFlow Software

1. SolarWinds Real-Time NetFlow Analyzer (FREE DOWNLOAD)

SolarWinds is one of the best-known players in the network administration tools field. The company has been around for some 20 years, bringing us some of the best network administration tools. It has also acquired a solid reputation for making great free tools that, even though they are sometimes feature-limited, are still excellent tools. One such tool is the free Real-Time NetFlow Analyzer. Although this is not an open-source tool, it is completely free and is well worth looking into. This tool might not be quite as complete and full-featured as its big brother, the SolarWinds NetFlow Traffic Analyzer, this product gives you the same basic functionality.

SolarWinds Real-time Netflow Analyzer

The tool can capture and analyze Appflow, NetFlow, JFlow, and sFlow data in real-time. And it will show you exactly the types of traffic on your network, where it’s is coming from, and where it’s going to. You can also use it to diagnose traffic spikes and troubleshoot bandwidth issues.

Here are some of the Real-time NetFlow Analyzer’s primary features:

  • Identify which users, devices, and applications are consuming the most bandwidth
  • Isolate network traffic by conversation, app, domain, endpoint, and protocol
  • View network traffic by type and specified time periods

The tool, like most other SolarWinds tools, installs easily via a standard Windows setup wizard. And once installed, a NetFlow Configurator is included to help you with the configuration of devices that support various NetFlow variants.

This free software has some limitations when compared to its bigger brother, though. For instance, its primary focus is the current and recent state of your network. As such, it can only collect data from one NetFlow interface and will only keep and analyze the last 60 minutes of data.

2. FlowScan

FlowScan is a sort of visualization tool that you typically use to analyze NetFlow data and report on it. It can produce visual graphs that are generated in near-real-time and that show you the current state of your network. FlowScan can be deployed on most GNU/Linux or BSD systems. It relies on several other packages in order to correctly collect and process flows. For example, Cflowd is used as the flow collector. FlowScan is mainly composed of a Perl script that makes up the bulk of the software package. This component is responsible for loading and executing reports. Another major component of the software is RRDtool, a popular tool used for storing data in round-robin databases and plotting that data on graphs. FlowSanc uses it to store flow information and produce useful graphs.

Sample FlowScan Graph

Network administrators often realize that they have either collected too little or too much data. Flow profiling, as available in FlowScan, offers an interesting compromise between these extremes in data collection. Because flows aggregate data collected as packets travel across a given port or interface, they can be used as a sort of summary for series of packets travelling between endpoints of interest. However, this feature alone is insufficient for reliable continuous use. Additional software tools are needed to define, parse, and analyze these flows. Those additional tools are included with FlowScan.

3. nProbe and ntopng

nProbe and ntopng are somewhat advanced–and therefore somewhat complicated–open-source tools. Ntopng is a web-based traffic analysis tool for monitoring networks based on flow data while nProbe is a NetFlow and IPFIX exporter and collector. Together, they make for a very flexible analysis package. If you’ve administered Linux networks before, you might already be familiar with ntop. In that case, you’ll be glad to know that ntopng is a next-generation GUI version of this ageless tool.

NtopNG Screenshot

There’s a free community version of ntopng however, you can also purchase an enterprise version of the product. It can be expensive but it is free to educational and non-profit organizations. As for nProbe, you can try it for free but it is limited to a total of 25 000 exported flows. To go beyond that, you’ll need to purchase a license.

Like most modern network analysis tools, ntopng features a web-based user interface which can present data by traffic-such as top talkers, flows, hosts, devices, and interfaces. It has a mix of charts, tables, and graphs, most of them featuring drill-down options that let you explore them in greater depth. The user interface is very flexible and allows for a lot of customization.

4. Flow-Tools

Flow-tools is a toolset for working with NetFlow data. More precisely, it is a library combined with a collection of programs used to collect, send, process, and generate reports from NetFlow data. The tools can be used together on a single server or distributed to multiple servers for larger deployments. The Flow-Tools library also provides an API for the development of custom applications for NetFlow export versions 1, 5, 6, and the 14 currently defined version 8 sub-versions.

This project is a fork of the old and mostly defunct OSU flow-tools project. this is not the most active project out there and the latest version dates back to some nine years ago. However, if you’re looking for a simple tool and are willing to put the efforts required to set it up, this may be a great tool to consider.

5. NFsen/NFDump

NFsen, which is short for Netflow Sensor, is a web-based front-end tool for nfdump. It is typically used to display a nice and user-friendly graphical image of the data that nfdump generates, including NetFlow data. You have the ability to generate reports of your NetFlow data with all sorts of information including—but not limited to—flows, packets and bytes using RRD database tool. Furthermore, you can also set up alerts and view historical data.

Nfsen Overview Screenshot

The NFsen project is still very active and the software can be downloaded from its Sourceforge page. It will run on any Unix/Linux systems. You’ll need to previously set up PHP, PERL (along with Perl Mail::Header and Mail::Internet modules), RRD Tools module and NFDump tools installed on your system in order to use it correctly.

6. pmGraph

pmGraph is yet another excellent open-source tool for graphing and monitoring bandwidth. It is designed to complement pmacct, a network monitoring and auditing tool. The two tools are supplied together as a Debian package, and instructions for installing pmGraph cover the installation of both tools. pmacct collects and monitors traffic using Netflow or Sflow on networking devices (including firewalls, routers and switches) into a database and allows for analysis of the collected data using pmGraph.

pnGraph Screenshot

pmGraph was developed by staff and volunteers from Aptivate, the digital agency for international development, to be a flexible and powerful tool for network and systems administrators, with advanced user-friendly graphing capabilities. Here’s a rundown of the product’s primary features:

  • User-friendly and simple interface
  • Displays information about the connections between remote and local machines, and ports used
  • Hostname resolution using DNS and DHCP servers
  • Shows usage for a specific IP address or port
  • Configurable number of results

pmGraph is a platform-independent software which has been developed in Java and is designed to work in a servlet container such as Tomcat, which is available for all common platforms. pmGraph is very lightweight and requires only 8 MB of disk space. However, it relies on external, bulkier programs. If you don’t already have Tomcat, Java, and MySQL server, you will have to install them as well, taking up to around 300 MB of disk space, still not a lot of space. These components will be installed for you if you use the package installation and you can install pmGraph without learning much about them.

Read 6 Best Open-Source NetFlow Software (FREE) by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Best NetFlow Tools To Use Alongside VMware

Cisco’s NetFlow technology is commonly used to monitor network traffic on a qualitative basis by analyzing traffic data collected by switches and other networking devices. With virtualization getting more and more widespread, and with VMware being the most common virtualization platform, we thought it would be a good idea to have a look at using NetFlow with VMware.

Although it makes obvious sense that Cisco networking equipment comes with the NetFlow technology built right into it, not everyone is aware that the virtual networking components within a Vmware-based virtual infrastructure also support that technology. Today, we’re going to be discussing the use of Cisco’s NetFlow technology alongside VMware to monitor virtual networks.

How to use NetFlow with VMWare

We’ll assume that if you’re reading this, you already know what VMware is and are familiar with its virtual networking components. On the other hand, we’ll also assume that you’re not that familiar with NetFlow so we’ll begin by exploring this technology and briefly explain how it works.

Our goal is not to make you experts but to give you enough background information to better appreciate the rest of our discussion. Next, we’ll discuss the NetFlow support that is built into VMware and have a quick look what monitoring features are available. And finally, since you need some sort of NetFlow collector and analyzer to make sense of the information gathered by your virtual networking devices, we’ll have a look at some of the best NetFlow tools that one can use with VMware.

Introducing NetFlow

Developed by Cisco Systems, the NetFlow technology was introduced on their routers to provide the ability to collect data about network traffic as it enters or exits an interface. This data can be analyzed by specialized applications to extract the source and destination of the traffic, its class of service, and, by extension, the probable causes of many networking issues.

A typical NetFlow monitoring setup consists of three main components:

  • The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors. This is the component that is built into the networking devices.
  • The flow collector is responsible for reception, storage and pre-processing of flow data received from a flow exporter. This component is typically part of a network monitoring tool.
  • The flow analyzer, or flow analysis application, is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting. This component is usually combined with the collector although large NetFlow deployments can use separate collectors and analyzers.

RELATED READING: Best Real-Time Bandwidth Monitoring Utilities to Track Network Usage

How NetFlow Works

Networking devices that support NetFlow generate flow records and send them to a NetFlow collector. A flow, in this context, is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through ageing–when there has not been any traffic within a specific timeout–or when it sees a TCP session termination.

NetFlow Architecture

The flow records contain various information and metrics about the flows such as the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow, they only contain information about the flow. This constitutes an important security feature of this technology.

Except in large, multi-site environments, the flow collectors where the records are sent are also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators. Different NetFlow collectors and analyzers will have different ways of presenting data.

ALSO READ: NetFlow vs sFlow, which one is right for you?

NetFlow Support in VMware

VMware vSphere 5 supports NetFlow v5 which, by the way, is one of the most common versions supported by network devices. The NetFlow capability built into the vSphere 5 platform provides visibility into various virtual infrastructure traffic flows such as:

  • Intra-host virtual machine traffic (which is virtual machine–to–virtual machine traffic on the same host)
  • Inter-host virtual machine traffic (which is virtual machine–to–virtual machine traffic on different hosts)
  • Virtual machine to physical infrastructure traffic

The image below shows a distributed switch configured to send NetFlow records to a collector which, in turn, is connected to an external physical network switch. The blue dotted line with an arrow clearly shows that the NetFlow session is established to send flow records for the NetFlow collector for analysis.

VMWare NetFlow Example

The NetFlow capability on a distributed switch along with a NetFlow collector and analyzer such as those reviewed below helps monitor application flows and measures flow performance over time. It can also help with capacity planning and ensuring that network resources are used properly by the different applications, based on their specific needs.

Network administrators who want to monitor the performance of application flows running in their virtualized environment need to enable flow monitoring on a distributed switch. This can be done either at the port group level, at an individual port level or at the uplink level. When configuring NetFlow at the port level, administrators should select the NetFlow override tab, which will make sure that flows are monitored even if the port group–level NetFlow is disabled.

The NetFlow configuration sample screen shown below demonstrates the various parameters that can be controlled during the NetFlow setup.

VMware NetFlow Configuration

The Best NetFlow Tools To Use Alongside VMware

While any NetFlow collector and analyzer can be used as a destination within your VMware environment, not all of them are created equal. We’ve compiled this list of some of the very best NetFlow collectors and analyzers that can be used with VMware but also with any networking equipment supporting that technology.

1. The SolarWinds NetFlow Traffic Analyzer (FREE TRIAL)

SolarWinds is one of the best-known makers of network and system administration tools. Its flagship product, called the Network Performance Monitor is viewed by many as the best network bandwidth monitoring tools. Likewise, the SolarWinds NetFlow Traffic Analyzer—which, incidentally, installs on top of the Network Performance Monitor—is one of the best NetFlow collector and analyzer available today.

SolarWinds NTA Dashboard Summary

Some of the SolarWinds NetFlow Traffic Analyzer’s best features include:

  • Monitoring Bandwidth use by application, by protocol, and by IP address group.
  • Monitoring IPFIX, Cisco NetFlow, Juniper J-Flow, sFlow, and Huawei NetStream flow data allowing it to identify which devices, applications, and protocols are the highest bandwidth consumers.
  • Collecting traffic data, correlating it into a usable format, and presenting it to the user through a web-based interface for monitoring network traffic.
  • Identifying which applications and categories consume the most bandwidth for better network traffic visibility (including Cisco NBAR2 support).

The SolarWinds NetFlow Traffic Analyzer is an add-on to the Network Bandwidth Monitor. You can save by acquiring both at the same time as the SolarWinds Network Bandwidth Analyzer Pack. Prices for the bundle start at $4 910 for monitoring up to 100 elements and vary according to the number of monitored devices. While this may seem a bit expensive, keep in mind that you’re getting not one but two of the best monitoring tools available.

If you’d prefer to try the product before purchasing it, a free 30-day trial can be downloaded from SolarWinds.

2. The ManageEngine NetFlow Analyzer

The ManageEngine NetFlow Analyzer gives the network administrator a detailed view of network bandwidth utilization as well as traffic patterns. The product is controlled by a web-based interface and offers an impressive number of different views on your network.

You can, for instance, view traffic by application, by conversation, by protocol, and several more options. You can also set alerts to warn you of potential issues. For example, you can set a traffic threshold on a specific interface and be alerted whenever traffic exceeds it.

ManageEngine Netflow Analyzer

But most of the strength of the ManageEngine NetFlow Analyzer comes from its reports and dashboard. The tool comes with several very useful pre-built reports that are specifically tailored for specific purposes such as troubleshooting, capacity planning or billing. But you’re not stuck with built-in reports as the tool also allows administrators to create custom reports to their liking.

As for the tool’s dashboard we mentioned, it is just as impressive as its reports. It includes several pie charts with things such as top applications, top protocols or top conversations. It can also display a heat map with the status of the monitored interfaces. And as you might have guessed, dashboards can be customized to include only the information you find useful. The dashboard is also where alerts are displayed in the form of pop-ups. And for the on-the-go network administrator, there’s a smartphone app that will let you access the dashboard and reports.

The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow (of course), IPFIX, J-flow, NetStream and a few others. As a bonus, the too has excellent integration with Cisco devices, with support for adjusting traffic shaping and/or QoS policies right from the tool.

Like many competing products, the ManageEngine NetFlow Analyzer comes in two versions. The free version will be identical to the paid one for the first 30 days but it will then revert to monitoring only two interfaces of flows. While this is not much, it could be all that you need. If you want the paid version, licenses are available in several sizes from 100 to 2500 interfaces or flows with prices varying between about $600 to over $50K plus annual maintenance fees.

3. The PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an all-in-one solution whose primary purpose is monitoring bandwidth utilization. It’s also used to monitor the availability and health of different network resources. These features make it a useful tool for network administrators. The tool can monitor devices over multiple sites and it can monitor LAN, WAN, VPN and Cloud Services. Through the use of the appropriate sensor, it can also be used as a NetFlow collector and analyzer.

Installing this product is quick and easy. After running the installer, the auto-discovery process discovers devices and sets up sensors. Paessler claims you could start monitoring within two minutes os starting the installation. While this might be a slight overstatement, we were impressed by the ease and speed of installation. Although the server runs on Windows only, the user interface is web-based and can be accessed from any browser. In addition, there’s a mobile app that you can install on your smartphone or tablet.

PRTG NetFlow Sensor Screenshot

The PRTG Network Monitor can monitor pretty much anything, thanks to its sensor-based architecture. You can think of sensors as add-ons that are built right into the product, each having a specific purpose. There are sensors for HTTP and SMTP/POP3 (e-mail). As we revealed before, there’s aven a NetFlow Sensor. There are also hardware-specific sensors for switches, routers, and servers. In all, the tool has over 200 different predefined sensors.

The PRTG Network Monitor offers a selection of user interfaces. You have the choice of an Ajax-based web interface or a Windows enterprise console as well as mobile apps for Android and iOS. A nice feature of the mobile apps is that they can get alerts through push notification. Standard SMS or email notifications are also available.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors with each monitored parameter counting as one sensor. For example, to monitor each port of a 48-port switch, you’ll need 48 sensors. For more than 100 sensors, you need to purchase a license. They start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

4. Scrutinizer

Scrutinizer from Plixer is another great NetFlow analyzer. It is actually much more than that and many view it as a full monitoring and incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, sFlow, and IPFIX, you’re not limited to monitoring only VMware equipment.

Scrutinizer Architecture

With its hierarchical design, Scrutinizer offers streamlined and efficient data collection and allows you to start small and easily scale way up to many million flows per second. The network is often first blamed whenever something goes wrong, With this tool, one can quickly find the real cause of most any network issues. The tool works in both physical and virtual environments and comes with advanced reporting features.

Scrutinizer comes in four license tiers that go from the basic free version to the full-fledged SCR level which can scale up to over 10 million flows per second. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any license tier for 30 days after which it will revert back to the free version.

5. nProbe and ntopng

nProbe and ntopng are powerful and somewhat advanced but somewhat complicated open-source tools. Ntopng is a web-based traffic analysis tool for monitoring networks based on flow data while nProbe is a NetFlow and IPFIX exporter and collector. Together, they make for a very flexible analysis package. If you’ve administered Linux networks before, you might be familiar with ntop in which case you’ll be reassured to learn that ntopng is the next-generation GUI version of that ageless tool.

ntopng host details

There’s a free community version of ntopng and you can also purchase enterprise versions. They can be expensive but they are free to educational and non-profit organizations. As for nProbe, you can try it for free but it is limited to a total of 25 000 exported flows. To go beyond that, you’ll need to purchase a license.

Like most modern network analysis tools, ntopng features a web-based user interface which can present data by traffic-such as top talkers, flows, hosts, devices, and interfaces. It has a mix of charts, tables, and graphs. most featuring drill-down options that let you explore in greater depth. The interface is quite flexible and allows for a lot of customization.

6. FlowScan

FlowScan is sort of a visualization tool that you can use to analyze NetFlow data and report on it. It can produce visual graphs which are generated in near-real-time and that show you what’s happening on your network. The tool can be deployed on GNU/Linux- or BSD-based system. It uses several other packages in order to correctly collect and process flows. For instance, Cflowd is used as the flow collector. FlowScan is actually a Perl script that makes up the bulk of the software package. This component is responsible for loading and executing reports. One last major component is RRDtool, a popular tool for storing data in round-robin databases and plotting that data on graphs, which is used to store flow information and produce useful graphs.

Sample FlowScan Graph

Network administrators often find that they have either collected too little or too much data. Flow profiling as provided by FlowScan offers a pragmatic compromise between such extremes in data collection. Because flows aggregate data collected as packets travel across a given port or interface, they can be used as sort of an abbreviation for series of packets travelling between endpoints of interest. But this feature alone is insufficient for reliable continuous use: additional software tools are needed to define, parse, and analyze these flows. Those additional tools are included with FlowScan.

Read 6 Best NetFlow Tools To Use Alongside VMware by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter