NetFlow and SNMP: Differences and Best Tools to Use

It seems like networks often suffer from congestion and a handful of other problems linked to insufficient bandwidth or over-utilization. This is a fact of life when you’re a network administrator. At the same time, applications are handling more and more data and need to move it through the network. This puts an additional toll on network bandwidth, an already limited resource.

In order to avoid trouble, one needs to keep a constant watch on the network and the evolution of its utilization and one of the best ways of doing that is to use some sort of bandwidth monitoring tool. Two technologies are very common when it comes to monitoring network usage: NetFlow and SNMP. Today, we’re having a look at these two technologies and how they differ.

NetFlow and SNMP: Differences and Best Tools to Use

We’ll begin by discussing network monitoring in general. We’ll briefly explain what it is and the different types of monitoring that are typically available. Next, we’ll have a deeper at the two main monitoring technologies available: the Simple Network Management Protocol (SNMP) and NetFlow. Without going into too many details, we’ll try to cover what’s important to know about each technology, how it works, and how they can be used to measure or calculate network bandwidth utilization. Once we’re all on the same page, we’ll first review some of the best SNMP monitoring tools available and follow with our top NetFlow collectors and analyzers.

About Network Monitoring

For a network administrator, congestion is the number one enemy. If you compare a network to a highway where traffic is the network’s data, network congestion is similar to traffic jams. But unlike automobile traffic—where congestion can easily be spotted by simply looking at the road—network traffic happens within cables, switches, and routers where it’s invisible. Furthermore, it all happens at blazing speeds. Even if it was visible, it would happen too fast for us to see it. This is why network monitoring tools are so important. They provide network administrators with the visibility they need to ensure things are running smoothly. They can identify congestion or other issues, allowing administrators to take the necessary measures to address the situation.

Another important benefit of network bandwidth monitoring tools is with capacity planning. There is no way around the fact that network usage always grows over time. Just like disk space, the more you have, the more you need. While the current bandwidth of your network might be sufficient now, it will eventually need to be increased. By monitoring bandwidth usage, you’ll be able to plan the bandwidth upgrade before over-utilization becomes a problem.

RELATED READING: 5 Best Tools For Deep Packet Inspection

Different Ways Of Monitoring Networks

There are several ways that can network utilization can be monitored. One way, if your networking equipment supports it, is to have it send out flow data to a flow analyzer that will report on which users, which devices, and/or which applications are using the network. Alternatively, and this is often the preferred way of doing it, SNMP can be used. Its main advantage is that it’s built right into almost every networking device. SNMP is different from NetFlow as it works by polling devices rather than having them send out traffic information. Let’s briefly examine how each type of monitoring works.

SNMP

The Simple Network Management Protocol (SNMP) is a rather complex technology—despite its somewhat misleading name—which can be used to remotely monitor, configure and control different types of networking equipment. The best thing about SNMP, though, is that you don’t have to know everything about it to use it to monitor a network’s bandwidth utilization. For now, let’s just state that SNMP is used by monitoring tools to read interface traffic counters of networking devices and use that data to compute the bandwidth usage and graph its evolution over time.

It may sound complicated but it’s actually quite simple. After all, the “Simple” in SNMP might be there for a reason. Each network interface has a pair of counters (bytes in and bytes out) which are incremented as traffic enters or exits it. The SNMP protocol allows a monitoring tool to read these counters on a regular basis. Every five minutes is a common interval. Then, all the monitoring tool has to do is subtract the previous value of the counter from the current one to get the number of bits sent or received during the polling interval. That number is then multiplied by 8 as there are 8 bits to a byte and we want the results in bits. Finally, that figure is divided by the number of seconds in the polling interval, giving the number of bits per second (Bps).

ALSO READ: 5 Best SNMP Network Monitoring Software Reviewed

NetFlow

NetFlow was developed by Cisco Systems and was introduced on their routers to provide the ability to collect IP network traffic as it enters or exits an interface. The collected data is then analyzed to determine the source and destination of traffic, its type, and the eventual causes of congestion. There are three main components to the NetFlow technology:

  • The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors. This is the component that is running on the monitored devices.
  • The flow collector is responsible for reception, storage and pre-processing of flow data received from a flow exporter.
  • The flow analyzer is an application that is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting.

Routers, switches and any other device that supports NetFlow can be configured to output flow data in the form of flow records and send them to a NetFlow collector. A flow is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through ageing—there has not been any traffic within a specific timeout—or when it sees a TCP session termination.

The flow record contains a lot of information about the flow. It includes the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow. The only contain information about the flow. This is important from a security standpoint.

Except in huge multi-site environments, the flow collectors where the records are sent are often also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators.

While originally only available on Cisco devices, NetFlow is now present on devices from most major network equipment manufacturers. There’s even an IETF standard called IPFIX which is nothing more than a standardized version of NetFlow. sFlow, from InMon is a slightly different technology although it serves a very similar purpose. Many NetFlow collectors and analyzers can also handle sFlow data.

ALSO READ: 5 Best Network Traffic Analyzers

Which One Should I Choose?

If you were hoping that we’d reveal that one is way better than the other, you’re in for a disappointment. Both technologies have merit and each has some advantages and disadvantages. In a nutshell, SNMP is a cruder technology that is very easy to set up and that can provide very useful quantitative information about network utilization.

On the other hand, NetFlow will provide more information. For instance, NetFlow analyzers typically feature reports listing the top talkers and listeners on a network or the top protocols. Contrary to SNMP which will tell you how much data is carried on your network, NetFlow will let you know what data is carried as well as to and from where. While the additional information is certainly useful, it could be overkill. Your best bet when choosing a monitoring technology is to try them both and see which one is the best fit for your needs.

The Best SNMP Monitoring Tools

1. SolarWinds Network Performance Monitor — (FREE TRIAL)

SolarWinds is one of the major players in the network administration tools field. The company has been around for some 20 years and has brought us some of the best network administration tools. It also has a solid reputation for making great free tools that, even though they are sometimes feature-limited, are still excellent tools. SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. It is actually a suite of tools which do include one of the best SNMP network monitoring tool.

SolarWinds NPM - Network Summary

The SolarWinds Network Performance Monitor is a Windows application which, as you’d expect, uses SNMP to poll multiple network devices and gets traffic statistics from their interfaces. The results are shown visually on graphs depicting each interface’s usage statistics. You can add a device to the tool by simply specifying its IP address and SNMP community string. The tool will then query the device and list all the parameters that are available and let you decide which you want to include on your graphs. For example, a network switch will expose each interface traffic and error counters.

There are many more features to the Network Performance Monitor. One of the main ones is its scalability, The tool will work with small networks but will easily scale up to large networks consisting of tens of thousands of hosts spread out in multiple locations. NPM can also build network maps and display a visual representation of the critical path between two devices or services. For more details, you should visit the product’s page on the SolarWinds website.

One last thing: make use of their Fully Functional for 30 Days and test-drive the product before you buy.

2. ManageEngine SNMP Bandwidth Monitor

ManageEngine has complete and easy solutions for even the most difficult IT management problems. This bold statement is how the company self-describe itself, with reason. ManageEngine is known for its high-quality software, including several network monitoring tools.

ManageEngine also has some free tools available. One we particularly like is the SNMP Bandwidth Monitor. It is part of the ManageEngine free OpUtils bundle, which comprises a selection of some 16 network management utilities. The software runs on both Windows and Linux. You can get a free edition which allows monitoring up to 10 devices and their interfaces. ManageEngine also has a paid version with no device limitation. And ManageEngine offers a free 30-day evaluation version of its full OpsUtil software. In fact, the free version is first installed as a 30-day trial which reverts to limited features on the thirty-first day.

ManageEngine SNMP Bandwidth Monitor

As far as configuring the tool goes, you simply specify a subnet to scan as well as the SNMP community string to use. The tool will then auto-discover devices on the specified subnet that are responding to the specified string. Once the devices are discovered, the inventory tab will let you view the status of each device’s interfaces. And of course, you can also display graphs of network bandwidth usage by unit of time.

Reports is another of the tool’s strong suits, You can, for instance, create reports of bandwidth usage over the past 12 hours to one month. And finally, the tool’s alerting features leave nothing to be desired. You have the possibility to set thresholds and be notified by email or SMS text messages when they’re exceeded.

3. PRTG Network Monitor

Paessler—another major player in the field of network monitoring tools—offers an excellent SNMP monitoring solution called PRTG Network Monitor. The main selling point of this product is how easy it is to install. According to Paessler, you can set it up in a couple of minutes. This may be an overstatement, though, and our experience reveals that it can take a bit longer than that to get it fully configured. But still, we have to admit that setting the product up was an exceptionally quick and easy experience.

PRTG Dashboard - Datacenter Monitoring

And when it comes to PRTG’s features, they are impressive. First, you can choose between several different user interfaces. There’s a native Windows enterprise console, an Ajax-based web interface as well as mobile apps for Android and iOS. One feature of the mobile apps we particularly loved is the possibility to scan a QR code label that you can print from the software and affix to your devices to be instantly taken to the device’s graphs.

And talking about graphs, this is another area where PRTG shines. PRTG can not only monitor and graph bandwidth utilization. It can record many more parameters using SNMP, WMI, NetFlow, and sFlow. The tool has some amazing reports which can be run on-demand or be scheduled and then be viewed as HTML or PDF. you can even export them to CSV or XML to be processed externally.

The Paessler website lets choose between two different versions of PRTG. There’s the free version or the free 30-day trial version. The former will limit your monitoring ability to 100 sensors. Paessler counts each parameter that you want to monitor as one sensor. For example, monitoring bandwidth on each port of a 48-port switch will require 48 sensors. And if you also want to monitor the switch’s CPU and memory loads, you’ll need two more sensors.

The Best NetFlow Collectors And Analyzers

1. SolarWinds NetFlow Traffic Analyzer (Free Trial)

First on our list is another great product from SolarWinds called the SolarWinds NetFlow Traffic Analyzer. The product, which installs on top of the Network Performance Monitor reviewed above, is one of the best NetFlow collector and analyzer you can find.

SolarWinds NetFlow Traffic Analyzer Dashboard

Some of the SolarWinds NetFlow Traffic Analyzer’s best features include:

  • Monitoring Bandwidth use by application, by protocol, and by IP address group.
  • Monitoring IPFIX, Cisco NetFlow, Juniper J-Flow, sFlow, and Huawei NetStream flow data allowing it to identify which devices, applications, and protocols are the highest bandwidth consumers.
  • Collecting traffic data, correlating it into a usable format, and presenting it to the user through a web-based interface for monitoring network traffic.
  • Identifying which applications and categories consume the most bandwidth for better network traffic visibility (including Cisco NBAR2 support).

The SolarWinds NetFlow Traffic Analyzer is an add-on to the Network Bandwidth Monitor. You can save by acquiring both at the same time as the SolarWinds Network Bandwidth Analyzer Pack. Prices for the bundle start at $4 910 for monitoring up to 100 elements and vary according to the number of monitored devices. While this may seem a bit expensive, keep in mind that you’re getting not one but two of the best monitoring tools available.

If you’d prefer to try the product before purchasing it, a free 30-day trial can be downloaded from SolarWinds.

2. ManageEngine NetFlow Analyzer

The ManageEngine NetFlow Analyzer gives the network administrator a detailed view of network bandwidth utilization as well as traffic patterns. The product is controlled by a web-based interface and offers an impressive number of different views on your network.

You can, for instance, view traffic by application, by conversation, by protocol, and several more options. You can also set alerts to warn you of potential issues. For example, you can set a traffic threshold on a specific interface and be alerted whenever traffic exceeds it.

ManageEngine Netflow Analyzer

But most of the strength of the product comes from its reports and dashboard. The tool comes with several very useful pre-built reports that are specifically tailored for specific purposes such as troubleshooting, capacity planning or billing. But you’re not stuck with built-in reports as the tool also allows administrators to create custom reports to their liking.

As for the tool’s dashboard we mentioned, it is just as impressive as its reports. It includes several pie charts with things such as top applications, top protocols or top conversations. It can also display a heat map with the status of the monitored interfaces. And as you might have guessed, dashboards can be customized to include only the information you find useful. The dashboard is also where alerts are displayed in the form of pop-ups. And for the on-the-go network administrator, there’s a smartphone app that will let you access the dashboard and reports.

The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow (of course), IPFIX, J-flow, NetStream and a few others. As a bonus, the too has excellent integration with Cisco devices, with support for adjusting traffic shaping and/or QoS policies right from the tool.

Like many competing products, the ManageEngine NetFlow Analyzer comes in two versions. The free version will be identical to the paid one for the first 30 days but it will then revert to monitoring only two interfaces of flows. While this is not much, it could be all that you need.

If you want the paid version, licenses are available in several sizes from 100 to 2500 interfaces or flows with prices varying between about $600 to over $50K plus annual maintenance fees.

3. Scrutinizer

Scrutinizer from Plixer is another great NetFlow Analyzer. In fact, it’s even more than that and many view it as a full incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, and IPFIX, you’re not limited to monitoring only Cisco devices.

Scrutinizer Architecture

With its hierarchical design, Scrutinizer offers streamlined and efficient data collection and allows you to start small and easily scale way up to many million flows per second. The network is often first blamed whenever something goes wrong, With Scrutinizer, you can quickly find the real cause of most any network issues. Scrutinizer works in both physical and virtual environments and comes with advanced reporting features.

Scrutinizer comes in four license tiers that go from the basic free version to the full-fledged SCR level which can scale up to over 10 million flows per second. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any license tier for 30 days after which it will revert back to the free version. The tool is available as a hardware appliance or as a virtual appliance which can run on a Linux host through KVM.

Read NetFlow and SNMP: Differences and Best Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 8 Best IP Scanners For Windows in 2019

IP addressing is a complex topic. This is what many people believe. But is it really? Well, to be honest, it’s actually rather simple. What can be complex, in most real-life situations, is keeping track of IP address usage. The single most important thing about IP addresses is that each one must be unique within a network. And while most administrators use some sort of IP address management tool—which, sometimes, can be as simple as a text file with IP addresses and computer and device names, they have no real control over what actually gets plugged into the network. For an up-to-date picture of which IP addresses are in use and which are free, nothing beats an IP scanner. A ton of such tools are available as open-source software but many of these run on open-source operating systems such as Linux.

If you’d rather use tools that can run on Windows, we’ve compiled a list of the best IP scanners for Windows.

Before we reveal what the best tools are we’ll briefly sidetrack and have an in-depth look at IP addressing. We’ll discuss IP address allocation and management and compare static and dynamic addressing. Then, we’ll have a look at the different types of IP address tools that are available. Finally, we’ll be ready for the big reveal and have a look at some of the best IP scanners for Windows. We’ll introduce each tool and present its main features.

About IP Addressing

IP addresses are used to uniquely identify each device connected to a network. You probably already know that. They’re like the street addresses of the IP network world. Nowadays, IP networks are largely prevalent but it hasn’t always been the case. Microsoft used to have NetBEUI networking, Novell NetWare had IPX/SPX, and Apple had AppleTalk. In fact, there was a time when each manufacturer used a different networking scheme. Back then, IP networks—which stands for Internet Protocol—were only used for—you guessed it—the Internet. Eventually, the Internet grew in popularity and it started to make sense for everyone to use IP networking. IP addresses soon became an essential part of every computer’s configuration.

When we said that IP addresses were uniquely identifying each device, this was a bit of a stretch. In reality, IP addresses uniquely identify a device within a given context. Consequently, IP addresses need only to be unique within this context. The Internet is such a context but not all computers accessing the Internet need to be directly connected to it. Most users access the Internet through some sort of gateway and use local IP addressing, internally. In these situations, only the local addressing has to be unique and it’s not uncommon to have identical IP addresses used in different organizations. Take, for example, your typical home Internet WiFi router. Most of them have 192.168.0.1 as their internal IP address. That specific address is therefore present on most home networks.

IP Address Allocation And Management

The very first step in planning a network in all but the smallest networks is preparing an IP addressing plan. The idea behind the plan is to define how IP addresses are going to be used. For instance, a range of IP addresses will likely be reserved for servers. Some will obviously be assigned to computers connected to the network. And of course, IP addresses will be reserved for other devices such as networking equipment or network-connected printers. This task is often done using simple tools such as spreadsheet software.

The next task is assigning IP addresses to devices. This is what we refer to as IP address allocation. There are several ways this can be done as we shall soon see but for now, the important thing to keep in mind is that you need to keep track of what IP address is assigned to what piece of equipment. This is IP address management.

Static vs Dynamic Addressing

There are basically two ways IP addresses can be assigned: statically or dynamically. Static IP addressing involves manually setting the IP address and other IP networking parameters on each connected device. Although it is somewhat labour-intensive and error-prone, it’s widely used for smaller IP address segments with a small number of devices. It is also commonly used in situations where the complete control of IP addressing is important as it often is with servers. The main drawback of using static IP addressing is the management efforts that it requires.

Dynamic IP addressing automates part of the process. It is used in conjunction with the Dynamic Host Configuration Protocol, or DHCP. This is a protocol that automatically assigns IP addresses and configures the networking parameters of connected devices. The assignment is done via a leasing process where a connected device requests an IP address from a DHCP server who leases an address for a fixed amount of time. Once the lease expires, the DHCP server returns the leased address to its pool of available addresses. Connected devices have the option to renew their lease before its expiration.

Using dynamic addressing doesn’t relieve the administrator from having to manage IP addresses. For starters, the DHCP server has to be configured correctly with the pool of IP addresses it can assign. Also, all the other IP networking parameters have to be configured on the DHCP server. Despite that, the efforts are minimal when compared with static IP addressing.

Different Types Of IP Addressing Tools

When it comes to managing IP addresses and keeping track of their allocation, many types of tools are available. And while it is certainly not necessary to use them all, many choose to use a combination of tools to achieve the results they seek. Let’s have a look at what the different types of tools are.

IP Address Managers

IP address manager is a relatively generic name that can be fitted to different software tools. They all share one common goal, facilitate the management of IP addresses. Some are very elaborate tools. So elaborate that DDI software suites fall into this category of tools. Others are simpler tools that are typically used where static IP addressing is used. They will just serve as a database of what IP address is assigned to what resource. Some tools include DNS lookup capabilities and can check that what is in the database really corresponds to what is configured.

IP Address Trackers

IP address trackers are tools that will help you find what IP addresses are actually configured on your networked devices. They can be used for several purposes such as consolidating what’s actually configured with what is documented. This is an important feature as an IP address management system that doesn’t reflect the reality is kind of useless. Some tools will automatically attempt to match database information with actual configuration and either list discrepancies or directly fix the errors in the IP address management system. Many tools can also be configured to run automatically at regular intervals and will let you catch unauthorized changes.

IP Address Scanners

The last type of tools we’d like to talk about—and the one which is of primary interest today—is the IP address scanner. This is a type of tool that will scan a range of IP addresses. You can typically specify the range with starting and ending IP addresses or specify a complete subnet with an IP address and subnet mask or a CIDR notation such as 192.168.0.0/24. The IP address scanner then tries to connect to each IP address—usually using Ping or a similar technology—and reports on what IP addresses are responding. Most IP address scanners will also do a reverse DNS resolution to display the hostname of each responding host in addition to its IP address. Some tools will even list which IP ports are open on those devices although we usually refer to these tools as port scanners.

The Best IP Address Scanners For Windows

In real life, the distinction between IP address tracker tools and IP address scanner tools is not exactly clear. In fact, there is no universally accepted definition of either. Our list actually contains a mix of tools that call themselves IP address tracker, IP address scanner—or just IP scanners—or IP address managers. Our main criteria for inclusion in this list was that the tool deals with IP addresses, can track their usage, and can run on the Windows platform.

1. SolarWinds IP Address Tracker (FREE DOWNLOAD)

First on our list is a great tool from SolarWinds. This company is well-known in the network administration field for making some of the best tools and also for publishing many free tools that address a specific need of network administrators. We reviewed some of those free tools in these pages when we recently discussed the best subnet calculators or the best syslog servers.

SolarWinds IP Address Tracker Screenshot

The SolarWinds IP Tracker can be used to manage and track up to 254 IP addresses. This limitation makes it a well-suited tool for smaller installations. It will track IP address availability and alert you of an upcoming shortage of available IP addresses. It will also automatically detect IP address conflicts and alert you when it finds one. This feature-limited tool won’t interact with your DNS and DHCP servers, though. You’ll have to manually fix any issues it finds. It’s got an attractive dashboard-based user interface with colour-coded status and it also features historical trends and events reports.

2. SolarWinds IP Address Manager (FREE TRIAL)

For a more complete, enterprise-grade tool, the SolarWinds IP Address Manager might be just what you need. It starts where the IP Address Tracker stops. This is a full-featured IP address management tool that has none of the limitations of the free tool. This one can manage up to 2 million IP addresses, enough for the biggest environments.

SolarWinds IP Address Manager Screenshot

Although it doesn’t include DHCP or DNS capabilities, the SolarWinds IP Address Manager will interact with your existing DNS and DHCP servers, making it a true DDI solution. Of course, the tool features automatic IP address tracking. It wouldn’t be in this list if it didn’t. It will automatically monitor your subnets so that you always know how IP addresses are used. The system will alert you of IP address conflicts, depleted scopes, and mismatched DNS records.

The tool integrates with DHCP servers from Microsoft, Cisco, and ISC and will work with BIND and Microsoft DNS servers. Pricing for the SolarWinds IP address Manager starts at $1 995 and varies according to the number of managed addresses. A free 30-day trial is available if you want to test the product before purchasing it.

3. Advanced IP Scanner

The Advanced IP Scanner has an interesting twist. The tool runs on Windows and is made for Windows. More about that in a moment. This software simply takes an IP address range as its input. You could also supply the tool with a text file containing a list of IP addresses. The tool will scan the addresses and provide you with a list of those addresses that respond. But you don’t only have IP addresses, the tool will also display each host’s name, MAC address and network interface vendor.

Advanced IP Scanner Screenshot

For Windows hosts that the Advanced IP Scanner discovers, you get much more functionality. For instance, the tool will list network shares. And clicking any share opens it on your computer. You can also start a remote control session using either RDP or Radmin or remotely turn a Windows computer on–provided it has wake on LAN–or off.

4. Angry IP Scanner

The Angry IP Scanner is a multi-platform tool. This means that it will run on Windows, OS X, and Linux. The tool can scan complete networks or subnets but also an IP addresses range or a list of IP addresses in a text file. It uses Ping to find IP addresses that are responding but it will also resolve hostnames and MAC address vendors as well as provide NetBIOS information for hosts that support it. This tool is also a port scanner and can list the open ports on each responding host.

Angry IP Scanner Screenshot

The Angry IP scanner is a GUI-based tool but it also comes bundled with a command-line version that you can use. This can be very useful if you want to include some of the tool’s functionality in your own in-house scripts. The tool’s results are normally displayed on the screen in a table form and can be exported to several file formats such as CSV or XML.

5. SoftPerfect Network Scanner

The SoftPerfect Network Scanner is a pretty useful utility that will scan a range of IP addresses and list those that respond along with their MAC address, hostname and response time. For added convenience, it can also be used as a port scanner and will optionally list what IP ports are open on each host.

SoftPerfect Network Scanner Main Window

This is a true Windows utility as its feature set demonstrate. This product will, for instance, display all available shares on Windows hosts. Even hidden shares can be displayed. It can also list what user account(s) are currently connected to each Windows computer. Furthermore, the SoftPerfect Network Scanner will let you remotely access computers and run commands remotely. And finally, you can broadcast messages to the discovered computers.

6. LizardSystems Network Scanner

The main differentiating factor of the LizardSystems Network Scanner is that, instead of being a standalone Windows application, it is browser-based. Despite that, it will on run Windows and it requires Internet Explorer. As for its features, they leave nothing to be desired. The tool is easy to use, it offers great performance thanks to its use of multi-threading, and it’s scalable. There’s actually no limit to the number of addresses you can scan.

LizardSystems Network Scanner Screenshot

The LizardSystems Network Scanner also has quite a few advanced features such as results filtering or customizable status checks that will check for any port you specify. It will also retrieve NetBIOS information as well as verify access rights to remote resources. And if you want to manipulate the results, you can export them to HTML, XML, or text.

7. Bopup Scanner

B-Labs usually specializes in messaging systems. We weren’t, therefore, expecting to see one of its products make it to this list. In fact, the Bopup scanner is B-Labs‘ only network administration tool. This is a free tool for the Windows operating system.

BopUp Scanner Screenshot

The Bopup Scanner can be used to scan your network and it will output a list of all connected devices. It will show IP addresses, hostnames, and MAC addresses. It can also tell you whether or not a web server is present and responding on each host it tests. You can drill down on each host and display more information such as a list of available shares. Option-wise, the tool will let you specify exactly what IP addresses to scan and you can also set the response timeout to prevent unresponsive IP addresses from slowing down the process.

8. MyLanViewer Network/IP Scanner

The MyLanViewer Network/IP Scanner is a free IP address scanner for Windows whose main characteristic is how results are displayed. Instead of a table with a list of IP addresses and corresponding parameters, like most other tools on this list will generate, this tool presents the results in a hierarchical way. It looks somewhat like the left pane of a Windows Explorer window.

MyLANViewer IP Scanner

The MyLanViewer Network/IP Scanner will scan the whole local network. This is the LAN where the computer you’re running the tool from is connected. Once the scan completes, it will show each responding host as a node on a tree structure. Clicking the plus sign next to any entry will reveal more information about it. The extra information available is very similar to what’s available with most other tools on our list.

Read The 8 Best IP Scanners For Windows in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Tools to Help Improve Network Performance

The network is slow. This is likely the single most heard phrase by network administrators.

There’s a reason for that, though. Networks often show signs of degraded performance. What do you do when that happens? You start looking for ways to improve network performance. There are several ways that can be accomplished.

We’ll start off today’s discussion by defining network performance. It is important that we all start on the same page. Then, we’ll have a look at some of the most popular ways one can improve the performance of a network.

As you’ll see, there are ways to improve network performance that won’t cost you a penny. They only need an investment of your time. And finally, since the best way to evaluate the performance of a network and measure the impact of any improvements is to monitor the performance of a network, we’ll have a look at a few of the best monitoring tools and some of the best network testing tools.

About Network Performance

Wikipedia defines network performance rather elegantly. “Network performance refers to measures of service quality of a network as seen by the customer”. There are three key elements to that definition. The first has to do with “measuring” performance. Performance is something that is measured. The second important concept is “quality”. Performance refers to quality. And last but certainly not least is “the customer”. Performance is experienced by users of the network.

In simpler terms, network performance is its ability to meet its users’ expectations. This can add some complexity. While performance can be objectively measured using the right tools and technologies, user perception is highly subjective. In any situation, two individuals could have a different perception and react differently. The same is true of networks where everyone can have a different perception of performance. And to make thing even more complicated, some network applications have smaller performance requirements while others need more. A well-performing network is one where the actual performance matches the usage, giving users a perception that all is working well.

RELATED READING: 8 Best Network Latency Testing Tools (Reviews)

How To Improve It

There are several actions one can take to improve network performance. Let’s review some of the more common ones.

1. Prioritizing Traffic

An easy way of improving perceived performance is to ensure that the most important applications get priority. To achieve that, applications are allocated to classes of service (typically called platinum, gold, silver, and bronze), and routing policies are set for each class. For example, fifty percent of the available bandwidth could be reserved for platinum traffic. At the other end, only a few kilobits per second could be allocated to bronze traffic which typically includes things such as peer-to-peer file transfers such as torrents. While three or four categories are typical, but some organizations may use as many as six. Keep in mind that the more classes you use, the harder it is to manage.

2. Educating Users

By making sure your employees understand the effect that streaming videos at lunch can have on the entire company’s network performance, you’ll save yourself a lot of grief. Most users are not ill-intentioned, they just don’t realize the impact of their actions. Perhaps you’ve heard the story of this mining company which systematically experienced network slowdowns at lunchtime. The cause was traced to Doom sessions between staff at the mine head and those down the shaft. Once the problem was explained, play ceased.

3. Using Network Compression And Acceleration

There is a definite tendency in today’s businesses to rely more and more on big data. And together with this increase of data storage, increasingly large amounts of data also have to be moved across the network. And more network data means higher bandwidth utilization which, in turn, means performance degradation.

Compressing data—in much the same way as it is done with “zipped” files or the mp3 music format—does a great job of reducing the total volume of data transferred, thereby potentially improving performance.

Acceleration, another popular way of improving network performance, relies on preemptive transfers of data or deduplication. He result is a perception of better performance. And as we said earlier, perception is everything when talking about performance.

READ ALSO: Top 10 Intrusion Detection Tools

4. Protecting Against Junk Traffic

Another way to improve performance is to reduce overall traffic by protecting your network against junk traffic. Junk traffic refers to any unwanted and unnecessary traffic that can be hogging your network. Viruses are, for one, a good example of junk traffic generators. I recall this virus that infected computers and ran some collaborative key cracking software on infected computers, causing them to send rather big quantities of data back to their home. In this context, keeping your malware protection active and up-to-date is of the utmost importance in keeping junk traffic to the minimum.

Blocking junk traffic, either using firewalls or router access control lists is another common method that is used to keep junk traffic at bay. It is alas often easier to block this undesired traffic than to try to avoid it in the first place.

Monitoring Network Performance

It is one thing to improve performance but it’s even better if we can measure the improvements. One of the best ways we can achieve that is by using some sort of network monitoring tool. They are the types of tools that use the Simple Network Management Protocol to periodically read traffic counters from networking equipment and use that data to calculate the average traffic level. There are plenty of them to choose from but here are three of our favourites.

The Best Monitoring Tools

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds is one of the best-known vendors of network and system administration tools. It is known for making some of the best network administration tools. Among the most famous SolarWinds products are the NetFlow Traffic Analyzer and the Server and Application monitor. The company is also recognized for making excellent free tools, each addressing a specific need of network and system administrator such as the Advanced Subnet Calculator and the Kiwi Syslog Server.

SolarWinds’ flagship product is called Network Performance Monitor, or NPM. It is a full-featured network monitoring solution with great functionality. The SolarWinds NPM can poll any device using the SNMP protocol and read their operational parameters and interface counters. The tool then stores the results in an SQL database and uses the polled data to build graphs showing each network segment’s usage.

SolarWinds NPM - Network Summary

The SolarWinds Network Performance Monitor features an easy to use GUI. Adding a device is as simple as specifying its IP address or hostname and SNMP community string. The tool then queries the device, lists all the SNMP parameters that are available, and allows you to pick those you want to monitor and display on your graphs.

Price for the SolarWinds Network Performance Monitor starts at $2 995 and goes up according to the number of devices to monitor. A detailed quote can be obtained by contacting the SolarWinds sales team. Should you want to try the product before purchasing it, a free 30-day trial is available.

2. PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an agentless network monitoring system. Paessler claims that the PRTG Network Monitor can be set up in a couple of minutes. Our experience shows that it can take a bit more than that but that it is still very easy and quick, thanks to an auto-discovery feature that will scan your network, find devices, and automatically add them. The tool uses a combination of Ping, SNMP, WMI, NetFlow, jFlow, sFlow, but can also communicate via DICOM or the RESTful API.

PRTG Starburst Screenshot

One of the strengths of the PRTG Network Monitor is its sensor-based architecture. You can think of sensors as add-ons to the product except that they are already included and don’t need to be added. There are add-ons for virtually anything. For example, there are HTTP, SMTP/POP3 (e-mail) application sensors. There are also hardware-specific sensors for switches, routers, and servers. In all, there are over 200 different predefined sensors that retrieve statistics such as response time, processor, memory, database information, temperature or system status from the monitored devices.

The PRTG Network Monitor offers a selection of user interfaces. The primary one is an Ajax-based web interface. There’s also a Windows enterprise console as well as mobile apps for Android and iOS. One nice feature of the mobile apps is that they can use push notification of any alerts triggered from PRTG. More standard SMS or email notifications are also available. Although the server only runs on Windows, it can be administered from any device with an Ajax-compatible browser.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors. Note that each monitored parameter counts as one sensor and, for example, monitor 24 interfaces on a network switch will use up 24 sensors. If you need more than 100 sensors, you must purchase a license. Their prices start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

3. ManageEngine OpManager

ManageEngine is another well-known maker of network management tools. Its OpManager tool is a complete management solution that will address most monitoring needs. The tool runs on either Windows or Linux and is loaded with excellent features. One of them is its auto-discovery feature which can map your network, giving you a uniquely customized dashboard.

The ManageEngine OpManager‘s dashboard is another of the tool’s strong points. It is super easy to use and navigate and has drill-down functionality. If you’re into mobile apps, they are available for tablets and smartphones allowing you to access the tool from anywhere. Overall, this is a very polished and professional product.

ManageEngine OpManager Dashboard

Alerting in OpManager is just as good as all its other components. There is a full complement of threshold-based alerts that will help detect, identify, and troubleshoot network issues. Multiple thresholds with various notifications can be set for every performance metric.

If you want to try the ManageEngine OpManager before buying, a free version is available. But rather than a time-limited trial, this one is feature-limited. It won’t, for instance, let you monitor more than ten devices. Although this could be enough for testing purposes, it is insufficient for all but the smallest networks. For more devices, you have to choose between the Essential or the Enterprise plans. The first will let you monitor up to 1,000 nodes while the other goes up to 10,000. Pricing information is available by contacting ManageEngine’s sales.

Testing the Network

But even more than monitoring tools, especially when dealing with improving network performance, testing tools are probably what you need. These tools can be used to generate traffic allowing you to see how the network behaves under stress. Other tools can be used to run actual point-to-point performance tests by simulating real user actions and measuring the time they take. We’ve tested many such tools and we’re glad to bring you the best three that we could find.

RELATED READING: 10 Best Managed File Transfer (MFT) Tools

Our Top Network Testing Tools

1. SolarWinds WAN Killer (Part Of The Engineer’s Toolset)

The same SolarWinds which brought us the Network Performance Monitor we just reviewed make a tool which can prove invaluable when it comes to testing networks. The only drawback is that it is only available as part of the SolarWinds Engineer’s Toolset. On the other hand, that toolset is so packed with great utilities that it is well worth its price. In all, the toolset comes with some sixty different tools. Some of them are also available as standalone free tools but may of them are exclusive and can’t be obtained otherwise.

That being said, we’d like to introduce the WAN Killer Network Traffic Generator. And although it’s not a network performance testing tool per se, can be very useful in combination with other tools. Its sole purpose is generating network traffic. It allows administrators to use other performance testing tools for testing performance under high traffic situations, something that not many tools do by themselves.

The tool, which is part of the SolarWinds Engineer’s Toolset, will let you easily set the IP address and hostname you want to send the random traffic to. It will also let you specify parameters such as port numbers, packet size, and percentage of bandwidth to use. It can even let you modify the Differentiated Services Code Point (DSCP) and Explicit Congest Notification (ECN) settings.

SolarWinds WAN Killer Screenshot

This tool’s primary use is for tasks such as testing traffic prioritization and load balancing. You can also use it to make sure that your network is correctly set up and that huge amounts of unimportant traffic—as generated by this tool—won’t have adverse effect critical traffic. The level of fine-tuning the tool allows will let you simulate almost any type of situation.

The SolarWinds Engineer’s Toolset (including the WAN Killer Network Traffic Generator) sells for $1 495 per desktop installation. You’ll need one license for each user of the tool. But considering all the included tools, this is a very reasonable price. If you want to give the toolset a test-run, a 14-day trial version can be obtained from the SolarWinds website.

Wait! There’s More

The SolarWinds Engineer’s Toolset includes several dedicated troubleshooting tools. Tools like Ping Sweep, DNS Analyzer and TraceRoute can be used to perform network diagnostics and help resolve complex network issues quickly. For the security-oriented administrators, some of the toolset’s tools can be used to simulate attacks and help identify vulnerabilities.

SolarWinds Engineer's Toolset - Home Screen

The toolset also features some excellent monitoring and alerting capabilities. Some of its tools will monitor your devices and raise alerts for availability or health issues. And finally, you can use some of the included tools for configuration management and log consolidation.

Here’s a list of some of the other tools you’ll find in the SolarWinds Engineer’s Toolset:

  • Port Scanner
  • Switch Port Mapper
  • SNMP sweep
  • IP Network Browser
  • MAC Address Discovery
  • Ping Sweep
  • Response Time Monitor
  • CPU Monitor
  • Memory Monitor
  • Interface Monitor
  • TraceRoute
  • Router Password Decryption
  • SNMP Brute Force Attack
  • SNMP Dictionary Attack
  • Config Compare, Downloader, Uploader, and Editor
  • SNMP trap editor and SNMP trap receiver
  • Subnet Calculator
  • DHCP Scope Monitor
  • DNS Structure Analyzer
  • DNS Audit
  • IP Address Management

With so many tools included in the SolarWinds Engineer’s Toolset, your best bet is most likely to give it a try and see for yourself what it can do for you. And with its free 14-day trial available, there is really no reason not to try it.

2. LAN Speed Test

LAN Speed Test from TotuSoft is a simple but powerful tool for measuring file transfer, hard drive, USB Drive, and network speeds. All you need to do is pick a destination on the server where you want to test the WAN connection. The tool will then build a file in memory and transfer it both ways while measuring the time it takes. It then does all the calculations for you and gives you an evaluation of the transfer’s performance.

LAN Speed Test Screenshot

You can also choose a computer running the LAN Speed Test Server instead of a shared folder as a destination. This effectively takes disk access component out of the equation, giving you a true measure of the network’s performance. The tool is initially set up in its Lite, feature-limited version. To access the advanced features of the standard version, you must purchase a license which is available for only ten dollars, with quantity discounts available. The tool is portable and will run on any Windows version since Windows 2000.

3. LAN Bench

Despite the fact that its developer’s site no longer exists, LAN Bench from Zack Saw is still readily available for download from several software download websites. It is a free and portable TCP network benchmarking utility. The tool is based on Winsock 2.2, a rather old framework but one with minimal CPU usage. That way, you can be reasonably sure that poor CPU performance won’t come and pollute your network performance test results. All the tool does is test the network performance between two computers but what it does, it does well.

LANBench Screenshot

You’ll need to run LAN Bench on two computers, at either end of the network segment you want to test. One instance runs as the server and the other one is the client. The server-side requires no configuration. All you need to do is click the Listen button. The tool’s testing configuration is all done on the client-side, before starting the test. You will need to specify the server’s IP address and you can adjust several testing parameters such as the total duration of the test, the packet size used for testing, as well as the connection and transfer mode.

Read 6 Tools to Help Improve Network Performance by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 8 Best IP Scanners For Linux in 2019

If you want to know what IP addresses are actually in use in your network, your only option is pretty much to scan them all. Very often, this is something one would do using the ping command. Ping, which has been around almost as long as IP networking, is probably the best ways to test for connectivity to a given IP address. So, by successively pinging all IP addresses in a network, one can get a pretty good picture of which ones are in use and which ones are available.

However, in all be the smallest of networks with only a handful of IP addresses, this can quickly turn into quite a chore. Fortunately, tools exist that will automatically scan a group of IP addresses and report on their responsiveness. Today, we’re reviewing some of the best IP scanners for Linux that will simplify your life when you have to scan IP addresses.

To begin, we’ll be discussing IP address scanning in general. More specifically, we’ll have a look at why one would scan IP address because, as much as it’s nice to know which IP addresses are in use, there’s got to be a point to doing it. Next, we’ll have a deeper look at the ping utility. Even though ping is not a scanning tool, this utility is at the core of most IP address scanning tools. Knowing how it works or what it can do will most likely be valuable when we start looking at the different available scanning tools. And talking about the scanning tools, our next order of business will be to not only list but also briefly review some of the best IP scanners for Linux and explore their main features and differentiating factors.

Scanning IP Addresses

Other than the pure fun and enlightenment of knowing what IP addresses are in use, there are several reasons one would want to scan IP addresses. First and foremost is security. Scanning IP addresses on a network allows you to quickly discover unauthorized devices. These could, for instance, be devices connected by malicious users to spy on your organization.

But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I recall that user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. Unbeknownst to him, the router started issuing IP addresses from its built-in DHCP server. And several of his colleagues got assigned erroneous IP addresses.

Other than for security reasons, scanning IP addresses is also the first step in any attempt at IP address management. While many—if not all—IP address management (IPAM) tools do include some form of IP address scanning, many choose to manage IP address using a manual process instead of an integrated tool. In these situations, IP address scanning tools become a necessity.

For people without any kind of formal IP address management process, scanning IP addresses is possibly even more important. It will often be the only way to ensure that there are no IP address conflicts. It can, in fact, be considered a rather crude way of pseudo-managing IP addresses.

Ping In A Nutshell

No matter what you need for scanning IP addresses is, most tools are based on Ping. Let’s have a look at this ubiquitous albeit antique utility. Ping was created out of necessity back in 1983 proving once more that necessity is the mother of invention. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. Its name refers to the sound of sonar echoes as heard in submarines. Today, ping is present on almost every operating system, yet its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose but uses IPv6 addresses.

Here’s a typical use of the ping command:

$ ping -c 5 www.example.com
PING www.example.com (93.184.216.34): 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from 93.184.216.34: icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from 93.184.216.34: icmp_seq=4 ttl=56 time=11.127 ms

--- www.example.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

The “-c 5” option in the above example tells Ping to repeat five times.

How Ping Works

Ping is a pretty simple utility. All it does is sending ICMP echo request packets to the target and waiting for it to send back an ICMP echo reply packet. This process is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most Unix/Linux implementations. Once the command terminates, response statistics are compiled and displayed. The utility calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants, it will also display the value of the replies’ TTL (time to live) field, giving an indication of the number of hops between source and destination.

For the command to work, the pinged host must abide by RFC 1122. The standard specifies that any host must process ICMP echo requests and issue echo replies in return. And while most hosts do reply, some disable that functionality for security reasons. Firewalls also often block ICMP traffic. To circumvent this, the better IP address scanning tools can use a type of packet different from ICMP to check if an IP address is responding. Pinging a host which does not respond to ICMP echo requests will provide no feedback, which is exactly like pinging a non-existent IP address.

The Best IP Scanners For Linux

Our selection of IP address scanning tools includes a bit of everything. There is a combination of GUI-based tools and command-line utilities on our list. Some are more complex tools while others are extended versions of the ping utility that include some way of scanning a range of IP addresses without having to issue multiple successive commands. All of the tools on our list have a couple of thing in common: The run under the Linux operating system and, given a range of addresses to scan, they will return a list of what IP addresses are responding.

1. Angry IP Scanner

The Angry IP Scanner is a deceptively simple tool which makes extensive use of multithreading. This makes it one of the fastest tools on our list. This is a free multi-platform tool which is available for Linux—of course, Windows, and Mac OS X. This tool is written in Java so you’ll need to have the Java runtime module installed to use it. Most package managers will take care of this dependency, though. The tool does not only ping IP addresses, but it can also optionally run a port scan on discovered hosts. It can resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool will provide NetBIOS information—when available—about each responding host.

Angry IP Scanner Screenshot

The Angry IP Scanner can scan complete networks and subnets but it can also an IP addresses range or even a discrete list of IP addresses from a text file. This tool is primarily GUI-based but it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in home-brewed shell scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.

2. arp-scan

The arp-scan tool (sometimes referred to as ARP Sweep or MAC Scanner) is another fast ARP packet scanner. The tool will list every active IPv4 device on the subnet it scans from. It is one of the tools that does not rely on ping to scan the network. Instead, it uses the ARP (Address Resolution Protocol), a technology typically used to find the correspondence between IP addresses and MAC addresses. Since ARP is a non-routable protocol, this scanner can only work on the local network (local subnet or network segment).

The arp-scan tool will display all active devices even if they have built-in firewalls of filtering schemes blocking ICMP packets. Devices simply cannot hide from ARP packets as they can hide from ping. This makes this a very useful tool for highly secure environments with numerous hardened devices.

3. nmap/zenmap

Nmap, which stands for Network Mapper, is a scanning tool that can be used to discover hosts and services, thus building a “map” of the network, hence the name. This tool operates by sending specially crafted packets to the target hosts—somewhat like ping but not necessarily using ICMP—and by analyzing the responses it gets.

The tool’s primary use is in analyzing what services are available on a computer. It can, however, be used as an IP address scanner. This tool can discover hosts and their services and it can also detect their operating system and more. Using scripting, the tool can be even used for advanced service detection, vulnerability detection, and more.

Zenmap Screenshot

Nmap, which is a command-line tool started as a Linux-only utility but it has since been ported to several other operating systems including Windows, Solaris, HP-UX, most BSD variants including OS X, AmigaOS, and IRIX. If you prefer graphical user interfaces, several GUI front-ends to Nmap have been released. One of the best one goes by the name Zenmap and it is from the same team as Nmap. You can, therefore, expect a good integration between the two tools. Zenmap, when compared to Nmap is much easier to learn and master, thanks to a well-designed user interface. Although it might not be the prettiest tool, it has some great functionality.

4. Fping

Fping was created as an improvement over ping, then one of the only network troubleshooting tools available. It is a similar command-line tool but it is rather different. Like ping, Fping uses ICMP echo requests to determine which of the target hosts are responding but this is pretty much where the similarity ends. While ping only accepts a single IP address as a parameter, Fping can be called with many target IP addresses. The targets can be specified as a space-delimited list of IP addresses. The utility can also be provided with the name of a text file containing a discrete list of addresses. Finally, an IP address range can be specified or a subnet can be entered in CIDR notation such as 192.168.0.0/24.

One of the great features of Fping is how it does not wait for a response before sending the next echo request. This greatly helps reduce the time lost waiting for unresponsive IP addresses, making for a much faster tool. Fping also has lots of command-line options that you can use and since it is a command-line tool, you can pipe its output to another command—such as grep, for example—for further processing.

5. Hping

Hping is another free command-line tool derived from ping. It is available on most, if not all Unix-like operating systems including common Linux distributions as well as on Mac OS X and Windows. Despite no longer being in active development, this tool is still easily available and in widespread use. The tool closely resembles ping yet it is quite different. For instance, Hping won’t only send ICMP echo requests. It can also send TCP, UDP or RAW-IP packets. This can help with scanning highly secure networks. There is also a traceroute mode—more about that in a moment—and the tool has the ability to send files.

Hping can be used as an IP address scanning tool but it can do more than that. The tool has some advanced ports scanning features. Thanks to its use of multiple protocols, it can also be used to perform basic network testing. This product also has some advanced traceroute capabilities using any of the available protocols. This can be useful as some devices treat ICMP traffic differently from other traffic. By mimicking other protocols, this tool can give you a better evaluation of your network’s true, real-life performance.

6. Spiceworks IP scanner

Spiceworks started back in 2006 in Austin, Texas as a professional network for the information technology industry although it was originally created to build IT management software. Today, Spiceworks is an online community allowing users to collaborate with one another and also participate in a marketplace to purchase IT services and products. Spiceworks is estimated to be used by more than six million IT professionals and three thousand technology vendors.

But, as we indicated, Spiceworks is also a software developer and publisher. He company has three main products. There’s a help desk management platform called Spiceworks Help Desk, an IT assets inventory management tool called Spiceworks Inventory and a network monitoring platform called Spiceworks Network Monitor. And while these tools are not open-source, they are available for free to anyone.

Spiceworks IP Scanner Dashboard Screenshot

Spiceworks also makes a few handy tools, one of them called the IP scanner. The tool will let you do either a basic scan or an extended one with detailed information. You can use the tool to discover the devices on your network automatically while gathering basic information such as operating system or MAC address. Alternatively, you can also get detailed hardware and software information on your workstations and servers like CPU, storage, memory, installed software, serial number, and lots more. This tool is like an IP scanner on steroids.

7. MASSCAN

MASSCAN, created by Robert Graham, claims to be the fastest port scanner. The tool produces results which are similar to what you’d get with Nmap, reviewed above. However, it internally operates more like scanrand, unicornscan, and ZMap, and, like these, it uses asynchronous transmission. The major difference is that this tool is faster than these other scanners. Furthermore, this tool is somewhat more flexible and it will, for instance, allow arbitrary address ranges and port ranges.

MASSCAN uses a custom TCP/IP stack rather than the one that comes with your operating system. As a result, anything other than simple port scans will cause conflicts with the local TCP/IP stack. TO get around this limitation, you can either use the -S option to use a separate IP address, or you can configure your operating system to firewall the ports that the tool uses.

8. Umit Network Scanner

The Umit Network Scanner is another Nmap front end, much like Zenmap. The tool was designed to accommodate and run more than one scan at a time. This is a great feature when you have multiple subnets or IP address ranges to scan. Each scan is executed and its results displayed inside a Scan Tab, which has a title and where every information obtained as a result of the scan is neatly presented.

Umit Network Scanner Screenshot

The idea behind the Scan Tab is to try to make your life easier by making the information easier to navigate and by facilitating the search for any specific piece of information. Scanning an entire network using Nmap would typically require that you open up your favourite terminal, type a potentially complex Nmap command, wait for the results, and then move to the next subnet. The Umit Network Scanner makes it much more intuitive.

In Conclusion

While there are tons of IP scanners for Windows, we’ve seen that, while there are not as many options for Linux, several excellent products are available. So, if your platform of choice is Linux, don’t feel left out. Some of these products may not have fancy GUIs like some Windows tools have but you’ll most likely find a tool among our list which is a perfect fit for your needs.

Read The 8 Best IP Scanners For Linux in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 7 Best Tools for Open-Source Network Bandwidth Monitoring

We all—or at least, all network administrators—wish that band were unlimited and cost nothing. Unfortunately, nothing is further from the truth. Bandwidth is both expensive and limited. As a consequence, we tend to order just enough bandwidth for our needs. This, in turn, has another consequence: we need to keep an eye on bandwidth usage. This is the only way we can know when bandwidth reaches critical thresholds—where the performance starts to be impacted—allowing us to react.

The best way to keep a watchful eye on bandwidth is to use some sort of tool built for that purpose. And there are lots of these tools. However, some are complex tools that typically require lots of resources and cost lots of money. So, we scoured the market looking for open-source network bandwidth monitoring tools. We were pleasantly surprised to discover that there are quite a few of them.

Open-Source Network Bandwidth Monitoring

Before we reveal what the best tools are, we’ll start off by discussing bandwidth monitoring. We’ll learn what it is and how it can be done. The Simple Network Management Protocol is one of the most common technologies used for network bandwidth monitoring so we’ll have a look at it and see how it works. And finally, we’ll review the best open-source network bandwidth monitoring tools that we could find. For each one, we’ll briefly introduce their main features and advantages.

About Monitoring Network Bandwidth

Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is.

There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.

Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.

Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

SNMP Monitoring In A Nutshell

Most network bandwidth monitoring tools rely on the Simple Network Management Protocol (SNMP) to do their magic. Most networking equipment has built-in SNMP capability and can be polled by monitoring tools at regular intervals. Despite its misleading name, SNMP is actually quite complex. But don’t worry, you don’t have to be an expert and know all about it to use it. It’s just like you don’t have to be an auto mechanic to drive a car. It is, however, preferable to have at least some idea of how it works so let’s have a look at it.

At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as Object Identifiers or OIDs. Some of the interesting OIDs, from a monitoring standpoint, are those that contain major device metrics such as CPU and memory load or disk usage, for example. But when monitoring networking bandwidth utilization, two OIDs are of particular interest. They are the bytes out and the bytes in counters associated with each interface. They are automatically incremented by the network devices as data is output or input.

RELATED READING: 10 Best Virtualization Management Tools

Dating back to a time when IT security was not an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones. The communication is not encrypted and anyone intercepting it would see the community strings in clear text. This is why SNMP is only used on private, secure networks.

How About An Example?

Here’s how most monitoring systems use SNMP to monitor bandwidth utilization. They periodically read the bytes in and out counters of a networking device’s interfaces at know intervals. Five minutes is a typical interval value but shorter times can be used for finer resolution. They then store the polled values in some sort of database or file.

The rest of the process is simple maths. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received during the polling interval. It can then multiply that number by eight to get the number of bits and divide it by the number of seconds in the interval to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and stored in a database.

RELATED READING: What Is Throughput? 6 Best Tools to Measure Throughput

It is important to note that what you get is an estimation of the average utilization over the polling interval, not the real bandwidth utilization. For instance, let’s suppose that a circuit is used at maximum capacity during half of the polling interval and carries no traffic during the other half. It would show up as being used at 50% of its capacity despite being maxed out for an extended period. Shorter polling intervals will reduce this distortion but it is important to keep in mind that these systems only give you average values.

The Best Open-Source Network Bandwidth Monitoring Tools

We’ve searched the web for some of the best open-source bandwidth monitoring tools. We were quite pleased to discover that there are quite a few excellent tools available out there. A few of the tools on our lists date back several years but are still in widespread use today. After all, being free and open-source has a certain appeal. All the tools on our list feature SNMP bandwidth monitoring and they all feature a centralized console where you can configure the tool and get a visual rendition of the current status of your network.

1. Zabbix

Zabbix is a free and open-source product which can be used to monitor anything. The tools can run on a handful of Linux distributions—including Rapsbian, the Raspberry Pi version on Linux—and it will monitor network bandwidth, servers, applications and services, as well as cloud-based environments. It features a highly professional look and feel. This product also boasts a broad feature set, unlimited scalability, distributed monitoring, strong security, and high availability. Despite being free this is a true enterprise-grade product.

Zabbix Dashboard

Zabbix uses a combination of monitoring technologies. It supports SNMP monitoring as well as the Intelligent Platform Monitoring Interface (IMPI). It can also do agent-based monitoring with agents available for most platforms. For easy setup, there’s auto-discovery as well as out-of-the-box templates for many devices. The tool’s web-based user interface has several advanced features such as widget-based dashboards, graphs, network maps, slideshows, and drill-down reports.

Zabbix also features a highly customizable alerting system which will not only send out detailed notification messages but that can also be customized based on the recipient’s role. It can also escalate problems according to flexible user-defined service levels.

2. Nagios

There are two versions of Nagios available. There’s the free and open-source Nagios Core and then there’s the paid Nagios XI. Both share the same underlying engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds some features to the core.

Nagios XI Dashboard

Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios Core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though. Setting up Nagios Core can turn out to be a challenging task.

Nagios XI is a commercial product based on the Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than Nagios Core, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.

3. Zenoss Core

Zenoss Core may not be as popular as some of the other monitoring tools on this list but it truly deserves to be here because of its feature set and professional look. The tool can monitor many things such as bandwidth utilization, traffic flows, or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay.

Zenoss Core Dashboard

On the downside, Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is an entirely command-line driven process. Today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines. This could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux world. There are ample installation and configuration documentation available and the end result makes it worth the efforts.

4. Icinga

Icinga is yet another open-source monitoring platform. It has a simple and clean user interface and, more importantly, a feature set that rivals some commercial products. Like most bandwidth monitoring systems, this one uses SNMP to gather bandwidth utilization data from network devices. But one of the areas where Icinga particularly stands out is its use of plugins. There are thousands of community-developed plugins that can perform various monitoring tasks, thereby extending the product’s functionality. And in the unlikely event that you couldn’t find the right plugin for your needs, you can write one yourself and contribute it to the community.

Icinga Tactical Overview

Alerting and notification also among Icinga’s great features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features what is referred to as segmented alerting. This feature will let one send some alerts to one group of users and other alerts to different people. This is nice to have when you monitor different systems managed by different teams. It can ensure that alerts are transmitted only to the proper group to address them.

5. LibreNMS

LibreNMS is an open-source port of Observium, a popular commercial network monitoring platform. It is a fully-featured network monitoring system that provides a wealth of features and device support. Among its best features is its auto-discovery engine. It doesn’t only rely on SNMP to discover devices. It can automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP. Talking about the tool’s automation features, it also has automatic updates so it will always stay current.

LibreNMS Screenshot

Another major feature of the product is its highly customizable alerting module. It is very flexible and it can sed alert notifications using multiple technologies such as email, like most of its competitors but also IRC, slack, and more. If you’re a service provider or your organization bills back each department for their use of the network, you’ll appreciate the tool’s billing feature. It can generate bandwidth bills for segments of a network based on usage or transfer.

For larger networks and for distributed organizations, the distributed polling features of LibreNMS allow for horizontal scaling to grow with your network. A full API is also included, allowing one to manage, graph, and retrieve data from their installation. Finally, mobile apps for iPhone and Android are available, a rather unique feature with open-source tools.

6. Cacti

We had to include Cacti on this list. After all, at 17 years of age, it is one of the oldest free and open-source monitoring platform. And it is still quite popular to this day it is still actively developed. The latest version was just released in late January. While Cacti might not be as feature-rich as some other products, it is still an excellent tool. Its web-based user interface has a somewhat of a vintage feel but it is well laid out and easy to understand and use. Cacti is comprised of a fast poller, advanced graphing templates, and multiple acquisition methods. While the tool primarily relies on SNMP polling, custom scripts can be devised to get data from virtually any source.

Cacti Promo Image

This tool’s main strength is in polling devices to fetch their metrics—such as bandwidth utilization—and graphing the collected data on web pages. It does an excellent job of that but that’s all it will do. If you don’t need alerting, fancy reports or other extras, the product’s simplicity might be just what you need. And if you need more functionality, Cacti is open-source and entirely written in PHP, making it highly customizable and you can add any missing features you need.

Cacti makes extensive use of templates which account for an easier configuration. There are device templates for many common types of devices as well as graph templates. There’s also a huge online community of users who write custom templates of all kinds and make them available to the community and many equipment manufacturers also offer downloadable Cacti templates.

7. MRTG

The Multi Router Traffic Grapher, or MRTG, is the granddaddy of all network bandwidth monitoring systems. While the open-source project has been around since 1995, it is still in widespread usage, despite the fact that the latest version is already five years old. It is available for Linux and Windows. Initial setup and configuration are somewhat more complicated than what you’d experience with other monitoring systems but excellent documentation is readily available.

MRTG Screenshot

Installing MRTG is a multi-step process and you need to carefully follow the setup instructions. Once installed, you configure the software by editing its configuration file. What MRTG lacks in user-friendliness, it gains in flexibility. Mostly written in Perl it can easily be modified and adapted to one’s exact needs. And the fact that it’s the first monitoring system and that it is still around is a testament to its value.

Read The 7 Best Tools for Open-Source Network Bandwidth Monitoring by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter