Monitoring Bandwidth On Linux: Top 5 Tools in 2019

Don’t we all wish our networks had infinite bandwidth? The reality is, however, that it is often a severely limited resource. Add to that the fact that bandwidth over-utilization can have huge impacts on network performance and we have a recipe for disaster.

The solution: set up some bandwidth monitoring system. A lot of them are available. Most of them run on Windows, though, and if your OS of choice it Linux, your options are slightly more limited. You still have plenty of options, however, and we’re about to introduce the best tools for bandwidth monitoring on Linux.

We’ll begin by introducing bandwidth monitoring and explain what it is. Next, we’ll cover the ins and outs of the Simple Network Management Protocol, or SNMP, one of the most-used monitoring technology. Our next order of business will be to have a look a Linux as an operating system but, more specifically, as a platform for monitoring tools. And finally, we’ll briefly review some of the best tools for bandwidth monitoring on Linux and describe their best features.

About Bandwidth Monitoring

Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic traversing one or many specific locations on a network. Typically, the measuring points are router or switch interfaces but it’s not at all uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is.

There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. There’s, unfortunately, nothing we can do about that. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.

Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often only have whatever bandwidth was originally required when they were first installed. While that amount of bandwidth might have been just right back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.

Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

Introducing The Simple Network Management Protocol (SNMP)

Many (if not all) network bandwidth monitoring tools rely on the Simple Network Management Protocol (SNMP) to do their magic. That’s because most networking equipment has built-in SNMP capability and can be polled by monitoring tools at regular intervals. However, despite its name which could lead you to think otherwise, SNMP is actually rather complex. But don’t worry, you don’t have to be an expert and know all about it to use it. It’s just like you don’t have to be an auto mechanic to drive a car. It is, however, preferable to have at least some idea of how it works so let’s have a look at that.

At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as Object Identifiers or OIDs. Some of the interesting OIDs, from a monitoring standpoint, are those that contain major device metrics such as CPU and memory load or disk usage, for example. But when monitoring networking bandwidth utilization, two OIDs are of particular interest. They are the bytes out and the bytes in counters associated with each interface. They are automatically incremented by the network devices as data is output or input.

Dating back to a time when IT security was not an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones. The communication is not encrypted and anyone intercepting it would see the community strings in clear text. This is why SNMP is only used on private, secure networks.

How It Works In Real-Life

Here’s how most monitoring systems use SNMP to monitor bandwidth utilization. They periodically read the bytes in and out counters of a networking device’s interfaces at know intervals. Five minutes is a typical interval value but shorter times can be used for finer resolution. They then store the polled values in some sort of database or file.

The rest of the process is just mathematical calculations. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received during the polling interval. It can then multiply that number by eight to get the number of bits and divide it by the number of seconds in the interval to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and stored in a database.

It is important to note that what you get is a calculation of the average utilization over the polling interval, not the real bandwidth utilization. Let’s, for example, pretend that a circuit is used at maximum capacity during half of the polling interval and carries no traffic at all during the other half. It would show up as being used at 50% of its capacity despite being maxed out for an extended period. Shorter polling intervals will reduce this distortion but it is important to keep in mind that these systems only give you average values.

Using Linux As A Monitoring Platform

As an operating system, Linux is not, functionally speaking, any different from any others such as Windows or Mac OS. The main difference between Linux and other popular operating systems is the fact the Linux is an open-source endeavour and most distributions are available for free. Many people tend to confuse open-source and free. It is true that open source software is often free but it is not necessarily the case. For instance, the Red Hat Enterprise Linux operating system is not free. To add to the confusion, actors of the open-source movement often refer to open-source software as free software with free implying freedom rather than the absence of cost.

Over the years, Linux, which was once a marginal operating system installed by nerds and computer science students—I recall spending weeks downloading SLS Linux one diskette image at a time over a 1200 baud dialup connection; I most definitely was one of those nerds—has grown to be a popular option as a server operating system. Some recent distributions are also making much progress as a viable alternative to Windows as a personal computer operating system although this is a totally different debate.

While Linux is a popular operating system for servers of all kind, it is even more so when it comes to running specific tools. There are several free and open-source network bandwidth monitoring tool that will only run on Linux. And if your tool of choice can run on either Windows or Linux, wouldn’t it make more economic sense to run in on a free operating system rather than waste some money on a costly one?

While some people still don’t trust free and open-source operating systems and software for mission-critical applications and wouldn’t, for instance, put their precious corporate data on a MySQL server running on Linux, many of them don’t usually have as many objections to using the platform for running network administration tools. One major advantage of using Linux as the underlying platform for network monitoring tools is that it is easy to set up a Linux server with only the required packages. While this can be done with Windows, it is considerably more complicated.

The Top Tools For Monitoring Bandwidth On Linux

We’ve searched the web for some of the best bandwidth monitoring tools that can run on Linux. What we came up with are some commercial products and some free and open-source ones. Some products on our list can be installed on either Linux or Windows while some are Linux-only. They all offer SNMP bandwidth monitoring and they all have a centralized console where you can configure the tool and see the monitoring results. While there are a few command-line only tools, we’ve excluded them from our list.

1. ManageEngine OpManager

The ManageEngine OpManager is a powerful all-in-one network monitoring tool that offers comprehensive network monitoring capabilities. It can help you keep an eye on network bandwidth utilization, detect network faults in real-time, troubleshoot errors, and prevent downtime. The tool supports various environments from multiple vendors and can scale to fit your network, regardless of its size. It can run on either Linux or Windows and will let you monitor your devices and network and give you visibility over your entire network infrastructure. Installation and setup of this product are both quick and easy. You can get it running in under two minutes. It requires no complex installation procedures and comes bundled with built-in databases and web servers.

ManageEngine OpManager Dashboard

The ManageEngine OpManager constantly monitors network devices’ performance in real-time and displays it on its live dashboards and graphs. In addition to bandwidth, it examines several critical operational metrics such as packet loss, errors and discards, etc.

The tool can help you detect, identify, and troubleshoot network issues with its threshold-based alerts. You can easily set multiple thresholds for every performance metric and get notifications when they are exceeded. Reporting is another area where this tool shines. Intelligent reports will let you get detailed insights on network performance. There are more than 100 built-in reports and you can customize, schedule and export these out-of-the-box reports as needed.

2. Nagios

There are two versions of Nagios available. There’s the free and open-source Nagios Core and there’s the paid Nagios XI. Both share the same underlying core engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core, hence the name. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds one or several features to the core.

Nagios XI Dashboard

Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios Core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though, as setting up the product can turn out to be a challenging task.

Nagios XI is a commercial product based on the Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than Nagios Core, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.

3. Zenoss Core

Although Zenoss Core may not be the most popular of all the monitoring tools on this list, it truly deserves to be here mainly because of its impressive feature set and very professional look. The tool can monitor many things such as bandwidth utilization and traffic flows or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay. This feature is common in standalone alerting tools but rather rare in monitoring platforms.

Zenoss Core Dashboard

On the downside, Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is entirely a command-line driven process. Considering that today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines, this could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux philosophy. On the other hand, there is ample installation and configuration documentation available and the end result makes it worth your efforts.

4. Zabbix

Zabbix is another free and open-source product which can be used to monitor almost anything. The tools can run on several Linux distributions—even including Rapsbian, a Raspberry Pi specific Linux distribution—and it will monitor network bandwidth utilization, servers, applications and services, as well as cloud-based environments. It boasts a very professional look and feel. This product also has a broad feature set, unlimited scalability, distributed monitoring, strong security, and high availability. Despite being free this is a true enterprise-grade product.

Zabbix Dashboard

Zabbix uses a combination of monitoring technologies. It supports SNMP monitoring as well as the Intelligent Platform Monitoring Interface (IMPI). It can also do agent-based monitoring with agents available for most platforms. For easy setup, there’s auto-discovery as well as out-of-the-box templates for many devices. The tool’s web-based user interface has several advanced features such as widget-based dashboards, graphs, network maps, slideshows, and drill-down reports. Zabbix also features a highly customizable alerting system which will not only send out detailed notification messages but that can also be customized based on the recipient’s role. It can also escalate problems according to flexible user-defined service levels.

5. Cacti

We had to include Cacti on this list. After all, at almost 18 years of age, it is one of the oldest free and open-source monitoring platform. Furthermore, it is still quite popular to this day it is still actively developed with the latest version just released last June. Cacti might not be as feature-rich as some other products, yet it is still a very good tool. Its web-based user interface has somewhat of a retro feel but it is well laid out and easy to understand and use. Cacti consists of a fast poller, a set of advanced graphing templates, and multiple acquisition methods. Although the tool mainly uses SNMP for polling devices, custom scripts can be devised to fetch data from virtually any source.

Cacti Screenshot

This tool’s main strength is in polling devices to fetch their metrics—such as bandwidth utilization—and graphing the collected data on web pages. It does an excellent job of that but that’s pretty much all it will do. If you don’t need alerting, fancy reports or other extras, the product’s simplicity might be just what you need. And if you need more functionality, Cacti’s source code is available and it is entirely written in PHP, making it highly customizable and allowing anyone to add any missing features they need.

Cacti makes extensive use of templates which account for an easier configuration. There are device templates for many common types of devices as well as graph templates. There’s also a huge online community of users who write custom templates of all kinds and make them available to the community and many equipment manufacturers also offer downloadable Cacti templates.

Wrapping Up

Even if Linux is your platform of choice, we’ve seen how you still have plenty of choices when it comes to bandwidth monitoring tools. And given the Linux philosophy, many of them are free and open-source. In fact, using Linux could let you built a complete and very potent monitoring system with no other investment than the time you’ll spend setting it up.

Read Monitoring Bandwidth On Linux: Top 5 Tools in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 7 Best IP Address Manager Tools

IP Address management can be an overwhelming task. IP addresses are one of the primary building blocks of modern networks and, for them to operate correctly, there has to be some order to them.

Keeping IP addresses in order, ensuring there are no duplicates and that there is always a supply of IP addresses available for new devices to connect to the network is the object of IP address management. It may sound complicated—and, to a certain extent, it is—but, fortunately, some tools are available to assist. They are the subject of today’s post as we have a look at the best IP address manager tools.

Let’s start off by discussing—or rather, explaining—IP addresses. We’ll have a look at what they are and how they work. Although it can appear complicated, it’s actually not that much. Next, we’ll introduce DNS. We felt it was important as this technology makes using IP addresses much easier for us humans. Furthermore, IP addressing and DNS are so intimately related that most IP address manager tools actually handle both. Following that, we’ll review IP address management, what it is and what it entails. And since most IP address manager tools are about automating the management of IP addresses, this is what we’ll discuss next. And finally, before we review some of the best IP address manager tools, we’ll sidetrack briefly and introduce DHCP, another technology which is closely related to IP addressing and its management.

IP Addresses – The What And The How

IP addresses are used to uniquely identify each and every device connected to an IP network. This IP network could be your home WiFi network, the network at your place of work or the Internet. Although each of these may be interconnected, they are individual networks. An IP address is, in many ways, similar to a street address. Its primary purpose is to help in transporting data from an origin to a destination.

IP addresses are huge 32-bit long binary numbers. Obviously, it could be impractical and error-prone to write them in binary or even using their decimal equivalent. They are, therefore, split into four chunks of 8 bits each which we usually represent as a suite of 4 decimal numbers between 0 and 255 separated by dots. For instance, the IP address 11000000101010000000000000000001 becomes, a much easier to read format.

An IP address consists of two parts, the host and the network or, more precisely, the sub-network. This has to do with IP routing which is used when sending data to an IP address on a different network—typically in a different location. Which part of an IP address represents the host and which part represents the network is the most complicated aspect of IP addressing. It is complicated because it left to network designers and administrators to determine it. The boundary between the subnet, as it is often called, and the host can be at any bit within the address’ thirty-two.

Communicating what part is subnet and what part is host is another complicated matter. In the beginning of IP networking, we used what was called classful addressing where certain predefined address ranges had predefined boundaries. For instance, any address starting with 192.168 had 24 bits for the subnet and 8 bits for the host. That worked well but it was not flexible enough so classless addressing started to be used where the boundary can be anywhere.

In order to indicate what part of an IP address is the subnet and what part is the host, two different notation schemes have emerged. The first way is to specify a subnet mask along with the IP address. This is another dotted-decimal number in which each 1 indicates a subnet position and each zero indicate a host position. For example, the subnet mask indicates 24 bits for the network and 8 for the host. Another notation which is often referred to as classless addressing requires adding a forward slash followed by the number of subnet bits to an IP address. For example, one would write /24.

DNS To The Rescue

IP addresses are great for computers to use to locate each other and exchange data but they are not really user-friendly and they tend to be hard to remember. At the beginning of IP networking, each computer had a “hosts” file where the correspondence between IP addresses and hostnames were listed. That enabled a user who wanted to connect to a remote computer to use its hostname rather than its IP address, provided that there was a corresponding entry in his computer’s hosts file.

The Domain Name Service was later created to enable a distributed database of hostname to IP address correspondences. Instead of looking up an address in its local “hosts” file, a computer would query a DNS server which, through a rather simple yet elaborate process, would eventually—within a matter of a few tenths of a second—return the corresponding IP address. IP addresses and DNS work together at enabling computers and their users to easily locate remote systems.

About Managing IP Addresses

Managing IP addresses is among the most important tasks of network administrators. It mainly serves two purposes: making sure each device is assigned an IP address and making sure no IP addresses are duplicated within a network. Back when networks used to be small(er), manually managing IP addresses was the way to go. Administrators typically kept a text file or Excel spreadsheet where each assigned IP address was documented. As networks grew bigger, this method started to exhibit serious shortcomings. For starters, how can you assure that each and every change to the network will be reflected in the documentation? Also, how do you assure or verify that the IP addresses that are configured on devices are those that were assigned? And how do you make sure that any change in IP address assignment is reflected it the local DNS server?

Automating The Process

Automation is the key to avoid many of the issues we just mentioned. This is also why IP Address Management, or IPAM, tools were first created. These tools vary greatly in their functionality with the most basic simply being glorified versions of the text files or spreadsheets of the past while others are complete automated systems with active connections to other related systems—such as DNS and DHCP—to offer the most robust of solutions.

A Word About DHCP

The Dynamic Host Configuration Protocol, or DHCP, is also closely related to IP address management. As its name suggests, it is used to automatically configure hosts with the proper IP address and other network interface settings. Computers using the protocol will contact a DHCP server upon startup to get their IP address, subnet mask, default gateway, DNS server(s), and several more configuration parameters in a dynamic fashion. Many IP address management tools either include a DHCP server or can communicate with an existing DHCP server, ensuring that the information they contain is what is actually configured on the networked computers.

The Best IP Address Manager Tools

We’ve searched the Internet for the best IP address manager tools we could find. Some of the products we found include built-in DNS and DHCP functionality. And although others might not include DNS or DHCP functionalities, they will often integrate with many popular DNS and DCHP server such as those we typically find on Windows and Linux.

1. SolarWinds IP Address Manager (FREE TRIAL)

SolarWinds is one of the best-known names in network management. The company makes some of the best tools to assist administrators. Its flagship product, the Network Performance Monitor consistently scores among the top network monitoring tools. SolarWinds is also known for its free tools. The Kiwi Syslog server and the Advanced Subnet Calculator are two examples of these free tools.

To manage IP addresses, SolarWinds offers the IP Address Manager. This tool features built-in DHCP and DNS servers but it can also interact with DHCP and DNS server from Microsoft and Cisco so you won’t have to replace your existing infrastructure.

The SolarWinds IP Address Manager lets you allocate IP addresses in different ways. You can, for instance, use reservations for servers and other equipment and use dynamically allocated addresses for workstations. Everything gets seamlessly integrated into the DNS. Furthermore, a setup wizard is included to assist in configuring DHCP scopes.

SolarWinds IP Address Manager Screenshot

The SolarWinds IP Address Manager lets you set up user accounts with different access levels. You could, for instance, give only partial access to some junior admins or let managers view the reports but not change anything. The tool’s logging system which records every change with a timestamp and the username of the operator making the change is more than just a nice-to-have, it can help with compliance issues.

Unsurprisingly, prices for the SolarWinds IP Address Manager are based on the number of managed IP addresses and start at $1 995 for up to 1024 addresses. If you’d rather try the software before purchasing it, a free fully functional 30-day trial version is available.

2. ManageEngine OpUtils IP Address Manager

Next, we have a tool from ManageEngine, another company that is famous for its network management tools. The OpUtils IP Address Manager provides centralized management of the IP address space and it can handle both IPv4 and IPv6 addresses. Its built-in IP manager software assists network administrators in identifying whether an IP address is available or not. The tool performs periodical scans of subnets and keeps the availability status of IP addresses in each subnet up to date.

ManageEngine IP Address Manager

The IP Address Manager’s tool can be used to quickly and easily verify whether a particular IP is reserved or available. The tool accepts multiple subnet inputs, which helps in scanning the entire network to get the status of all IP addresses.

Although a free version of the ManageEngine OpManager IP Address Manager is available, it is limited to managing a single subnet. While this is enough to give the product a test run, you’ll want to acquire a license to use it. Pricing can be obtained by contacting ManageEngine.

3. Infoblox IPAM & DHCP

The Infoblox IPAM & DHCP system is probably better suited for larger networks. Like other similar-sized systems, it has templates to automate routine tasks. It also comes with some excellent standard reports. And if the existing templates or reports don’t seem to offer what you’re looking for, you are free to customize them at will.

IPAM Screenshot

The Infoblox IPAM & DHCP lets managers track the usage of key resources. It also features tracking functions which can help manage DHCP usage more effectively. From a security standpoint, this is a great feature as it also includes the ability to identify out-of-scope addresses and isolate rogue devices. You won’t find that on other systems. It goes to show how Infoblox is as concerned with security as it is with IPAM and has built major safeguards right into its system.

Pricing information for the Infoblox IPAM & DHCP software can be obtained by contacting Infoblox. And if you want to try the product and see all it an do, a free evaluation version of the product is available from Infoblox.

4. Blue Cat Address Manager

Although BlueCat might not be as famous as SolarWinds, it is still one of the industry leaders in its field. The Blue Cat Address Manager is another software that’s better suited for larger organizations with a network management team. The company’s IPAM system also includes DHCP and DNS functionality but it can also interoperate with DHCP and DNS servers from Microsoft.

The BlueCat Address Manager can work with both IPv4 and IPv6 addresses at the same time. It’s a great tool to use when migrating from one version to the other. The system has workflows and approval chains as well as user accounts with hierarchical rights for the best possible security.

Blue Cat Address Manager Screenshot

This tool uses a concept called network templates. They enable the administrator to use information layouts that ensure essential tasks cannot be overlooked and that every important data is present. In summary, the BlueCat address manager automates as many network administration tasks as possible. As a result, the risk of a problem caused by human error is reduced.

The BlueCat Address Manager is a premium package so you can expect to pay premium prices but if you’re managing a large network, it is well worth the investment. Detailed pricing information can be obtained by contacting BlueCat.

5. GestióIP

Our next tool might be from a company that is not as famous as some other on our list but don’t let that fool you. GestióIP is an excellent piece of software. And it is free and open-source. The website states that “GestióIP is an automated, web-based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly.”

GestioIP Address Management Screenshot

What can be added to such an eloquent description? Concretely, this is an excellent system, especially for smaller businesses that might not be able to afford the larger systems such as those from Infoblox or BlueCat. Despite being free, this is a feature-rich tool which has all the functionalities a network administrator might need without the high price tag. And it does come with a few unique features such as a built-in IP subnet calculator and an IP address plan builder. This is certainly a package worth looking into.

6. Diamond IP

BT (AKA British Telecom) probably needs no introduction. But what not everyone knows is that the company makes network administration tools. One of them is the Diamond IP, an IP address management tool. It can facilitate multi-cloud IPAM with virtual appliances for AWS, Azure, Oracle VM, VMware, Hyper-V and others. The tool’s cloud automation feature dynamically automates the assignment and tracking of private and public cloud instance IP addresses and DNS names.

This is a unique tool in that it is available as an appliance, as a software to install on your own hardware or as a cloud-based, fully-staffed managed solution making it ideal for companies with a small IT department or those who don’t have a centralized IT staff. Whichever version you choose, the tool integrates with existing DNS and DHCP services on your network. Pricing for the BT Diamond IP software can be obtained by contacting the vendor.

7. LightMesh IPAM

Last on our list is this lesser-known product called LightMesh IPAM. This product offers the same basic functionality as many other IP address management tools. However, its user-friendly and sophisticated GUI makes the tool stand out among the crowd. This tool not only does a very good job at presenting the data and information in a way that is intuitive and efficient but its functionality is also excellent.

Lightmesh IPAM - Screenshot

The tool includes IP planning and visualization features, Network discovery, audit history, permissions management with multi-group security permissions. LightMesh IPAM can easily integrate with your existing DNS and DHCP servers to provide you with an integrated IP address management solution with a view of all your IP, DNS, and DHCP information, no matter where it resides.

LightMesh IPAM is subscription-based and prices start at just $200 per month for up to fifty subnets and ten thousand IP addresses and $500 per month for five hundred subnets and a million IP addresses. Furthermore, a free 30-day trial version is available.

In Conclusion

With the help of any of the tools we just reviewed, managing IP addresses suddenly becomes a much easier task. But not only that, using an automated IP address manager tool can also reduce the risk of human errors. The only challenge you face is picking the right tool for your needs. We strongly suggest you look at the detailed specifications of a few of the packages and, once you’ve identified those that seem to fit your need, perhaps you could try one or two. Most vendors offer a free trial.

Read The 7 Best IP Address Manager Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 5 Best FTP Server Software in 2019

The File Transfer Protocol is one of the oldest protocols on the Internet. It’s been around for longer than most other technologies still in use today and it is still the most used technology for file transfers between computers on the Internet.

Through its evolution, the technology was adapted to allow for secure transfers using TLS of SSL encryption schemes. FTP is a client-server technology. Users typically use an FTP client to transfer files to a server which, unsurprisingly, runs an FTP server software. FTP is a standard protocol so the client and servers can be from different sources and the technology will operate flawlessly. Today, we’re having a look at some of the best FTP server software.

We’ll begin with a very short explanation of FTP, what it is, how it works and where it’s coming from. Our goal is not to make you experts but to give you the necessary background to better understand our descriptions of the various tools we’ll be reviewing. That, by the way, will be our next order of business and we’ll review some of the best FTP server software we could find.

A (Quick) FTP Primer

The File Transfer Protocol was first created way back in 1971. This is almost prehistory in computer years. The protocol specification was updated with minor modifications in 1980, then in 1985. Since then, it has remained mostly unchanged. FTP is a client-server protocol where file transfers occur between an FTP server and an FTP client. Those are two very different pieces of software and, while some vendors offer both FTP client and FTP server software, no software that we know of offers both in one package.

Contrary to some other, cruder file transfer system, FTP offers a wide range of file management features in addition to simple file transfers. To the FTP client, the FTP server presents a file hierarchy which closely resembles that of a computer’s file system with folders and subfolders. In fact, an FTP server often does present part of its host computer’s file system to the client. The client is free—within its user’s file access privileges; more about this in a moment—to browse directories, list files, and sometimes perform other file management tasks.

Securing FTP transfers

Security in the FTP world is a rather complex reality. The protocol has some very basic built-in security. First and foremost, FTP uses user accounts to control access to the server. An FTP client trying to connect to an FTP server must, therefore, supply a username and password. Often, FTP servers will use the underlying operating system’s user accounts for authentication.

FTP also implements file system access control where users only have access to some files or some folders. They also could have different access rights to different files or folders. Some could be made read-only while others can be read-write. File access rights in FTP are very similar to local file system rights. In fact, most FTP servers use the underlying file system security and access privileges. There is also anonymous FTP which allows a client to connect anonymously and access a very restricted subset of the file system under the FTP server’s control.

So, while FTP provides somewhat secure access to files and folders, it has several important security flaws. For instance, the username and password are transmitted between the client and server in an unencrypted form. Anyone equipped with a packet sniffer would, therefore, be able to capture that information. That is not the only security concern with FTP, though. The biggest one is that the file transfer themselves are not secured. Each file is transferred unencrypted and could be intercepted by ill-intentioned individuals or organizations.

Using SFTP

SFTP, or SSH File Transfer Protocol, tries to address the security issues of FTP. But contrary to what we might be led to believe, SFTP has nothing in common with FTP. SFTP is a completely different protocol which actually adds some file transfer and file management capabilities to the Secure Shell (SSH) protocol. The main advantage to SFTP as compared to FTP is that the connection and the file transfer are encrypted using the SSH protocol, shielding it from sniffing. FTP and SFTP are so different in the way they operate that many servers will do either one or the other but not both. In fact, SFTP is often a feature found in SSH servers rather than FTP servers.

SFTP and FTPS: Two Very Different Things

There is often some confusion between SFTP and FTPS. It’s understandable as they are both file transfer systems that address the security shortcoming of FTP. They way they operate is completely different, though. We’ve just seen how SFTP uses SSH to encrypt file transfers. As for FTPS, it really is an extension of the FTP protocol which uses SSL encryption instead of clear text. FTPS is to FTP as HTTPS is to HTTP.

You may be wondering which one of SFTP or FTPS to choose as they both appear to provide a secure file transfer. Nowadays, organizations tend to prefer SFTP mainly because–contrary to FTPS, which uses one TCP port for control and one for data–SFTP transmits everything on the same port, making firewall configuration a bit easier. Otherwise, both protocols provide adequate security.

The Top FTP Server Packages

We’ve searched the market looking for the best FTP server packages. We found quite a few of them and we’re happy to not only list them but also review their principal and most interesting features.

1. Serv-U File Transfer Protocol Server From SolarWinds (FREE TRIAL)

SolarWinds is a well-known name in the field of network administration. The company’s flagship product, the SolarWinds Network Performance Monitor is considered to be one of the very best network monitoring solutions. SolarWinds is also famous for its many free tools, each addressing a specific need of network administrators.

SolarWinds’ product portfolio is so vast that it seems like it has a tool for every need, including an FTP server called the Serv-U File Transfer Protocol Server. We’ll simply call it the Serv-U FTP Server. It is a simple, affordable, easy-to-use FTP server software. Its key features include file transfers using FTP and FTPS, quick and easy file transfers from the web and mobile devices, the easy transfer of multiple and large files, simple administration and management, and a secure gateway which helps avoid data at rest in DMZ networks.

Serv-U FTP Server User Management Screenshot

The Serv-U FTP Server is built to support safe FTPS protocol for file transfers. You can encrypt files using SSL or TLS encryption. Transferring files using FTPS protects the data in transit and confidential information is protected from tampering, snooping, leakage or accidental exposure. With its intuitive web client and mobile device interfaces, this tools lets you easily view, upload, and download documents in very little time. And with its interactive drag-and-drop file transfer option, your users will be able to exchange files from anywhere on the fly.

For large file transfers—those in excess of 3 GB—the Serv-U FTP Server provides a free, built-in web plug-in called Web Client Pro. This plug-in also allows you to upload/download multiple files at once. Web Client Pro provides a transfer queue to pause or resume active file transfers and ask for confirmation before file overwrite.

The Serv-U FTP Server will let you perform your file transfer administration and management tasks from a single, easy-to-use management console. These tasks include real-time session monitoring and file transfer statistics, granular control over bandwidth, storage, permissions and access, access to virtual folders for local storage, remote shares, transfer ratio, and quota management for end-users, and more.

The product also lets you view and monitor FTP server logs in real-time for easier troubleshooting and error handling. The server logs will show file server startup, configuration, and shutdown information. Not only that, but it also enables you to easily add users and groups for file transfer. With the help of its wizard-driven interface, you can create new users and grant them access to the file server with nothing more than a few clicks.

Official Download Link:

Last but not least, the Serv-U FTP Server can help you easily configure file transfer settings and permissions on the file server. You can define limits for the maximum number of sessions on the server, block the IP address of a timed-out session, enable settings to require reverse DNS names, and more. The options are too numerous to mention them all.

Pricing for the Serv-U FTP Server is pretty straightforward. It is a modest $ 495 per server. Multiple servers can be used for increased capacity—each one being able to support up to 100 concurrent connections—in a load-balancing fashion or for high availability purposes. If you want to try the product before purchasing it, a free 14-day trial is available from SolarWinds.

2. FileZilla Server

The FileZilla Server is an open-source and completely free FTP server for the Windows platform. It can administer a local server as well as a remote FTP server. The product lets you choose on which ports the program will listen, how many users can be connected to the server at once, the number of CPU threads the server can utilize, and timeout settings for connections, transfers, and logins. It is very flexible and versatile.

FIleZilla Server

Other interesting features of the FileZilla Server include:

  • Support of passive mode FTP
  • The possibility to adjust the transfer and socket buffer sizes
  • The possibility of logging to a custom log file
  • Bandwidth control allowing you to limit bandwidth usage
  • File transfer compression with per-IP address compression exclusions

As for security, some of the product’s most interesting features include the automatic banning of an IP address after it fails to successfully login in so many attempts. There is also an option to enable FTP over TLS (FTPS) with the ability to block unencrypted FTP, and an IP filtering system so that you can block certain IP addresses or even IP address ranges from connecting to the FTP server. In case of emergency, it is super easy to take your server offline or quickly lock it down with just one click, ensuring that no new connections to your server can be made until you unlock it. Furthermore, you have full access to the creation of users and groups with the FileZilla Server. This means that you can throttle bandwidth for some users and not for others and provide select users with permissions like read/write, but other users with read-only access, for instance.


  • Intuitive interface
  • Perform file transfers simultaneously
  • Supports secure file transfers (FTPS)
  • Bookmarks for fast connections


  • Can’t edit files from inside the app
  • Does not refresh folder views automatically
  • The 15-minute connection timeout can be a nuisance

3. Xlight FTP Server

The Xlight FTP Server is a free server that’s a lot more modern looking than FileZilla. Furthermore, it includes tons of settings that you can adjust to your liking. After creating a new virtual server, double-clicking it opens its settings. This is where you can modify the server’s port and IP address, enable security features, control bandwidth usage for the whole server, define how many users can connect to the server, and set an explicit maximum login count from the same IP address. Another interesting feature in the Xlight FTP Server is that you can set the maximum idle time for users so that they’ll get kicked out if they aren’t actually communicating with the server.

Xlight FTP Server Screenshot

Here are some more features you might find interesting and that aren’t typically found on  FTP servers:

  • Server banner messages
  • Email notifications
  • Running a program after a user logs in
  • Running a program when a file is uploaded, downloaded, or deleted
  • Automatic deletion of partially uploaded files
  • Upload SFV check
  • Sending of deleted files to the Recycle Bin
  • Access control list for directories and files
  • Anti-leech protection

The Xlight FTP Server can use SSL (FTPS) and can require clients to use a certificate. It also supports ODBC, Active Directory, and LDAP authentication. The software runs on both 23- and 64-bit versions of Windows. You can download it as a portable tool that won’t require any installation or, alternatively, it can be installed as a regular Windows application.


  • Lightweight
  • Supports secure file transfers
  • Remote administration feature (FTPS)
  • Supports multiple simultaneous connections


  • Can be more difficult to use, especially for novices
  • Can be complicated to configure

4. Complete FTP

Complete FTP is a free Windows FTP server that supports both FTP and FTPS. The software has a full graphical user interface and is really easy to use. The interface itself is rather plain but all the settings are hidden away in the side menu where they are easy to access. A rather unique thing about this FTP server is the presence of an “Apply Changes” button. Any change to one or more settings won’t be applied to the server until you click that button. Some will see that as a blessing, others as a curse.

Complete FTP Free Edition Screenshot

Here’s a sample of what you can do with Complete FTP:

  • Can allow anonymous logins
  • Lets you define how many anonymous users can log in at the same time
  • Show hidden files and folders
  • Allow backslash separators
  • Adjust timeout settings for logging in, stalled transfers, passive FTP, and idle sessions
  • Define how many login attempts can be performed before a user’s access is blocked
  • Lets you define a custom welcome message

You can use the Complete FTP server’s monitoring section to watch real-time logging, configure the log file, watch connections as they happen, and ban users in real-time. Step-by-step guides are built-in to the product’s installation. They let you select Step-by-step guides at the top of the program windows at any time to learn how to use the different features and options.

This software initially installs as a trial of the professional edition. The product download page provides additional instructions to learn how to activate the free edition of Complete FTP. Note that all the features mentioned above are available in the free version.


  • Simple installation
  • Supports encrypted file transfers (FTPS)
  • Many customization options
  • More features than many FTP servers


  • The full menu is hidden by default
  • Has occasional performance issues
  • Limited features in the free version

5. Core FTP Server

The Core FTP Server is an FTP server for Windows that comes in two versions. One is a very minimal server that’s simple to understand and easy to set up in about a minute. It’s 100% portable and all you need to do is choose a username, password, port, and root path. There are also a few extra settings if you ever have a need to configure them.

The other version of Core FTP Server is the full-fledged server where you can define the domain name, have it auto-start as a service, add multiple user accounts with detailed access permissions and restrictions, designate access rules, etc.

Core FTP Server User Details Screenshot

On the product’s download page, you can pick your choice of the full program, the one with all the bells and whistles, or the portable, minimal FTP server. Also, both versions of this FTP server are available as 32- or 64-bit Windows applications


  • Very quick setup
  • Supports encrypted file transfers (FTPS)
  • Supports Active Directory integration
  • Simple management interface


  • The free version only supports three domains
  • There are nuisance ads for the paid version in the free one

Read The 5 Best FTP Server Software in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Ingress Vs Egress – What’s The Difference

Ingress vs egress: there seems to be a never-ending debate about these terms. They’re kind of archaic and their meaning seems to be different in different situations.

Today, we’ll do our best to try to shed some light on this mystery. We don’t want to get into a philosophical debate, though. Our only goal is to do our best to explain these terms and how they are typically used in the context of networking. But even that, as you’re about to see, can tend to be rather confusing.

We’ll begin by beginning and do our best to define these two terms, first linguistically and then in the specific context of computer networks. We’ll then explain how their meaning can vary based on one’s point of view of based on the scope that we’re contemplating. The same egress traffic in one situation can become ingress traffic in another. Next, we’ll talk about monitoring ingress and egress traffic and introduce some of the best tools you can use for that purpose. But wait! There’s more. We’ll also discuss egress in the specific context of data security and introduce a couple of the best practices to protect yourself against data egress. And, keeping our good habits, we’ll review some of the best SIEM tools that you can use to detect unwanted data egress.

Defining Ingress And Egress

Linguistically speaking, defining either of those words could hardly be easier (pun intended). Let’s see what the Merriam-Webster dictionary has to say about it. It simply and plainly (almost boringly) defines ingress as “the act of entering”. Simple enough, no? And egress is not much more complicated as the same source defines it as “the action of going or coming out”. Here again, a pretty simple definition. If you care to check other sources, you’ll find a definite consensus. Ingress is getting in while egress is getting out.

In The Context Of Network Traffic

But this blog post is not about linguistics, it’s about network administration. And this is were ingress and egress can get a bit more confusing. It’s still the same, though and it has to do with data entering and leaving a network, a device or an interface. So far, nothing complicated. Where it gets tricky, though, is when people don’t agree on what’s in and what’s out. You see, sometimes the ins of one are the outs of another.

It All Depends On Your Point Of View

Ingress or egress, when referring to network traffic, has to do with how you see things, it depends on your point of view. In most other situations, in is in and out is out; there’s nothing confusing about that. This is, however, not so much the case with networks. Let’s try to clarify that using a few concrete examples.

Our first example is that of an Internet gateway. It could be a router, a proxy server or a firewall, that doesn’t matter. It is the device that sits between your local network and the Internet. In this case, I think everyone would agree that the Internet is considered as being the outside and the local network, the inside. So, traffic coming FROM the Internet TO the local network would be ingress traffic and traffic FROM the local network TO the Internet would be egress traffic. So far, it’s still simple.

But if you look at things from a network interface point of view, things get different. In the previous example, if you look at traffic on the LAN interface, traffic going towards the Internet is now ingress traffic as it is entering the gateway. Likewise, traffic going toward the local network is not egress traffic as it is exiting the gateway.

To summarize, differentiating ingress and egress traffic requires that we all agree on what we’re talking about. As we saw, ingress traffic in one context can be egress traffic in a different one. Our best suggestion would be to either avoid using these terms altogether or to clearly state their utilization context every time you use them. That way, you’ll avoid any confusion.

Monitoring Egress And Ingress Traffic

Now that we’re familiar with the terminology, let’s have a look at monitoring ingress and egress traffic. Typically, this is done using special software called network monitoring or bandwidth monitoring tools. These tools use the Simple Network Management Protocol (SNMP) to read interface counters from network-connected equipment. These counters simply tally the number of bytes in and out of each network interface. Note that monitoring tools rarely use ingress and egress and usually refer to traffic in and out of an interface. It is up to you, if you so desire, to determine which is ingress and which is egress traffic, again depending on the specific context.

A Few Tools We’d Recommend

There are many bandwidth or network monitoring tools available. Probably too many and picking the best one—or even just a good one—can be a challenge. We’ve tried many of the available tools and came up with this list of a few of the very best bandwidth monitoring tools you can find.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds is one of the very best makers of network administration tools. The company’s flagship product is called the SolarWinds Network Performance Monitor, or NPM. It is a very complete network monitoring solution that features a user-friendly graphical user interface that administrators can use to monitor devices and to configure the tool.

The system uses SNMP to query devices and display their interfaces’ utilization as well as other useful metrics on a graphical dashboard. In addition to this dashboard, various built-in reports can be generated either on-demand or on based on a scheduled execution. And if the built-in reports don’t give you the information you need, they can be customized at will. The package also includes a few useful tools such as the ability to display a visual rendition of the critical patch between any two points of the network. This tool is highly scalable and it will suit any network from the smallest to large networks with thousands of devices spread over multiple sites.

SolarWinds NPM Enterprise Dashboard

The SolarWinds Network Performance Monitor‘s alerting system is another place where the product shines. As its reports, it is customizable if needed but it can also be used out-of-the-box with minimal configuration. The alerting engine is smart enough not to send notifications for “unimportant” events in the middle of the night or to send hundreds of notifications for as many unresponsive devices when the main issue is a down router or network switch upstream.

Pricing for the SolarWinds Network Performance Monitor starts at just under $3 000 and goes up according to the number of devices to monitor. The pricing structure is actually rather complex and you should contact the SolarWinds sales team for a detailed quote. If you prefer to try the product before purchasing it, a free 30-day trial version is available for download from the SolarWinds website.

2. ManageEngine OpManager

ManageEngine is another well-known publisher of network management tools. The ManageEngine OpManager is a complete management solution that will handle pretty much any monitoring task you can throw at it. The tool runs on either Windows or Linux and is loaded with great features. Among others, there is an auto-discovery feature that can map your network, giving you a uniquely customized dashboard.

The ManageEngine OpManager‘s dashboard is super easy to use and navigate, thanks to its drill-down functionality. And if you are into mobile apps, there are apps for tablets and smartphones allowing you to access the tool from anywhere. This is an overall very polished and professional product.

ManageEngine OpManager Monitoring

Alerting is just as good in OpManager as are all its other components. There is a full complement of threshold-based alerts that will help detect, identify, and troubleshoot network issues. Multiple thresholds with different notifications can be set for all network performance metrics.

If you want to try the product before buying, a free version is available. Although it is a truly free version rather than a time-limited trial, it has some limitations such as letting you monitor no more than ten devices. This is insufficient for all but the smallest of networks. For larger networks, you can choose between the Essential or the Enterprise plans. The first will let you monitor up to 1,000 nodes while the other goes up to 10,000. Pricing information is available by contacting ManageEngine’s sales.

3. PRTG Network Monitor

The PRTG Network Monitor, which we’ll simply refer to as PRTG, is another great monitoring system. Its publisher claims that this tool can monitor all systems, devices, traffic, and applications of your IT infrastructure. It is an all-inclusive package that does not rely on external modules or add-ons that need to be downloaded and installed. Because of its integrated nature, it is quicker and easier to install than most other network monitoring tools. You can choose between a few different user interfaces such as a Windows enterprise console, an Ajax-based web interface, and mobile apps for Android and iOS.

PRTG Dashboard - Datacenter Monitoring

The PRTG Network Monitor is different from most other monitoring tools in that it is sensor-based. Various monitoring features can be added to the tool simply by configuring extra sensors. They are like plugins except that they are not external modules but are, instead, included with the product. PRTG includes over 200 such sensors that cover different monitoring needs. For network performance metrics, the QoS sensor and the Advanced PING Sensor allow you to monitor latency and jitter while the standard SNMP sensor will let you monitor throughput.

The PRTG pricing structure is pretty simple. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors. There’s also a 30-day trial version which is unlimited but will revert back to the free version once the trial period is over. If you want to keep monitoring more than 100 sensors beyond the trial period, you’ll need to purchase a license. Their price varies according to the number of sensors from $1 600 for 500 sensors to $14 500 for unlimited sensors. Each monitored parameter counts as one sensor. For example, monitoring bandwidth on each port of a 48-port switch will count as 48 sensors.

Egress In The Context Of Security

There is another use for the term egress among network and system administrators that is specific to the context of data security. It refers to data leaving an organization’s local network. Outbound email messages, cloud uploads, or files being moved to external storage are simple examples of data egress. It is a normal part of network activity, but it can pose a threat to organizations when sensitive data is leaked to unauthorized recipients, either unknowingly or maliciously.

Threats Involving Data Egress

Sensitive, proprietary, or easily monetizable information is often targeted by cybercriminals of all kinds. The release of sensitive or proprietary information to the public or to competing organizations is a real concern for enterprises, governments, and organizations of all kinds. Threat actors may try to steal sensitive data through the same methods many employees use every day, such as email, USB, or cloud uploads.

Best Practices For Preventing Unwanted Data Egress

There’s a lot you can do to protect your organization against unauthorized data egress but a few of them are particularly important. Let’s have a look at two of the bare essentials that you must do.

Create an acceptable use and data egress traffic enforcement policy

Include stakeholders to define your acceptable use policy. The policy should be very thorough and protect your company’s resources. It could, for instance, include a list of approved Internet-accessible services and guidelines for accessing and handling sensitive data. And don’t forget that it is one thing to create such policies but you also need to communicate them to users and make sure they understand them.

Implement firewall rules to block egress to malicious or unauthorized destinations

A network firewall is only one of several lines of defense against threats. It is a good starting point where you can ensure that data egress does not occur without explicit permission.

SIEM – To Help Prevent Data Egress

No matter what you do, monitoring remains one of the best ways to protect against data egress. Whenever data leakage happens, you want to know about it right away so you can act upon it. This is where Security Information and Event Management (SIEM) tools can help.

Concretely, a SIEM system does not provide any hard protection. Its primary purpose is to make the life of network and security administrators like you easier. What a typical SIEM system really does is collect information from various protection and detection systems, correlate all this information assembling related events, and react to meaningful events in various ways. Most of the time, SIEM tools also include some form of reporting and/or dashboards.

Some Of The Top SIEM Tools

To give you an idea of what’s available and to help you pick the right SIEM tool for your needs, we’ve assembled this list of some of the best SIEM tools.

1. SolarWinds Security Event Manager (FREE TRIAL)

The same SolarWinds that brought us the Network Monitor reviewed above also has an offering for Security Information and Event Management. In fact, it is one of the very best SIEM tools available. It might not be as full-featured as some other tools but what it does, it does very well and it has all the required functionality. The tool is called the SolarWinds Security Event Manager (SEM). It is best described as an entry-level SIEM system but it’s likely one of the most competitive entry-level systems on the market. The SolarWinds SEM has everything you can expect from a SIEM system, including excellent log management and correlation features that can help detect unauthorized data egress and an impressive reporting engine.

SolarWinds Security Event Manager Screenshot

FREE TRIAL: SolarWinds Security Event Manager

Official Download Link:

As for the tool’s event response features, as expected from SolarWinds, they leave nothing to be desired. The detailed real-time response system will actively react to every threat. And since it’s based on behaviour rather than a signature, you’re protected against unknown or future threats. The tool’s dashboard is possibly one of its best assets. With a simple design, you’ll have no trouble quickly identifying anomalies. Starting at around $4 500, the tool is more than affordable. And if you want to try it first, a free fully functional 30-day trial version is available for download.

Official Download Link:

2. Splunk Enterprise Security

Possibly one of the most popular SIEM system, Splunk Enterprise Security–or simply Splunk ES, as it is often called–is famous for its analytic capabilities. Splunk ES monitors your system’s data in real time, looking for vulnerabilities and signs of abnormal activity. The system uses Splunk’s own Adaptive Response Framework (ARF) which integrates with equipment from more than 55 security vendors. The ARF performs automated response, letting you quickly gain the upper hand. Add to that a simple and uncluttered user interface and you have a winning solution. Other interesting features include the “Notables” function which shows user-customizable alerts and the “Asset Investigator” for flagging malicious activities and preventing further problems.

Splunk ES Risk Analysis Screenshot

Splunk ES is an enterprise-grade product and, as such, it comes with an enterprise-sized price tag. You can’t, unfortunately, get much pricing information from Splunk’s website and you’ll need to contact the sales department to get a quote. Despite its price, this is a great product and you might want to contact Splunk to take advantage of an available free trial.

3. NetWitness

For the past few years, NetWitness has focused on products supporting “deep, real-time network situational awareness and agile network response”. After being purchased by EMC which then merged with Dell, the Netwitness business is now part of the RSA branch of the corporation. And this is good news as RSA has an excellent reputation in security.

NetWitness is ideal for organizations seeking a complete network analytics solution. The tool incorporates information about your business which helps prioritize alerts. According to RSA, the system “collects data across more capture points, computing platforms, and threat intelligence sources than other SIEM solutions”. There’s also advanced threat detection which combines behavioural analysis, data science techniques, and threat intelligence. And finally, the advanced response system boasts orchestration and automation capabilities to help eradicate threats before they impact your business.

RSA NetWitness Screenshot

One of the main drawbacks of NetWitness is that it’s not the easiest to set up and use. However, there is ample documentation available which can help you with setting up and using the product. This is another enterprise-grade product and, as it is often the case with such products, you’ll need to contact sales to get pricing information.

Read Ingress Vs Egress – What’s The Difference by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Using Nmap For Port Scanning + Other Tools to Use

Nmap is a well-known utility that is bundled with many Linux distributions and that is also available for Windows and several other platforms. Essentially a scanning and mapping tool, there’s a lot that Nmap can do for you.

Today, we’re having a look as using Nmap for port scanning which, incidentally, is the tool’s primary usage. Port scanning is an essential task of network management as it ensures that no backdoors are left unaddressed. It is one of the most basic forms of securing the network.

Before we get into the how-to part of this post, we’ll sidetrack a little and first introduce Nmap and its GUI cousin Zenmap. We’ll then explain what ports are and how you need to be careful not to leave unused ports open on your devices. Then, we’ll get to the essence of this post and show you how to use Nmap for port scanning. And since there are quite a few other tools that can be viable alternatives to Nmap for port scanning—some of them much better or easier to use tools—we’ll finally review some of the very best Nmap alternatives for port scanning.

About Nmap

Nmap stands for Network Mapper. It is a scanning tool that can be used to discover hosts and services, thus building a “map” of the network, hence the name. The tool works by sending specially crafted packets to the target hosts—somewhat like ping but not necessarily using ICMP—and by analyzing the responses it gets.

Nmap’s primary use is in analyzing what services are available on a computer. It can also be used as an IP address scanner. This tool can discover hosts and their services and it can also detect their operating system and more. Using scripting, the tool can be even used for advanced service detection, vulnerability detection, and more. Overall, this is a versatile tool that can be put to good use in many situations.

Nmap, which is a free and open-source command-line tool started as a Linux-only utility but it has since been ported to many other operating systems including Windows, Solaris, HP-UX, most BSD variants including OS X, AmigaOS, and IRIX.

Nmap’s good-looking cousin: Zenmap

If you prefer to work with graphical user interfaces, Zenmap is an open-source GUI front end to Nmap. Its user interface might not be the most sophisticated but it does its job well. The tool is from the same developers as Nmap so you can expect the integration to be good. You can use it to scan all the ports on all computers connected to your network. It will then perform follow-up tests on the open ports that it has discovered. You can also perform a complete scan, scan all TCP ports, or scan all UDP ports. There’s also an intense scan that uses a stealth methodology where the tests won’t be logged by the tested devices as a connection. These can take a long time, though. Expect it to take over 90 minutes for one device.

What Is A Port Anyways?

In one sentence, ports are the network gateways into equipment. Let’s explain. Computers can do many different things at once. And several of these things may require access to the network. But typically, computers have only one physical network interface. Ports were invented to let different processes share a common network interface.

For example, thinks of a server that’s running both a web server and an FTP server, a very common combination. When a request comes in, how does the operating system know if it should send it to the web or FTP servers? Using ports. A request for the webserver will use port 80 while a request for FTP server will use port 22.

Ports are not a physical thing, they’re just numbers from 0 to 65535 that are added to the header of data packets transmitted on a network. And they are not random either. Well, actually they are sometimes. More about his later.

Ont thing that is important for all of this to work is that everyone agrees on which port to use for what. For instance, the webserver mentioned earlier expect requests to use port 80. Your web browser must then use port 80 to send the request to the webserver.

Well-known Ports

The need for agreeing on which port was solved early on by standardizing ports. The Internet Assigned Numbers Authority (IANA, the same organization that also assigns IP addresses) is responsible for maintaining the official assignments of port numbers for specific uses.

Under the IANA’s control, the first 1024 ports were officially assigned to different services. Actually, this is not completely true. Some port assignments are not officially sanctioned by the IANA. They were available and some organization started using them for their purpose–often before the IANA started controlling their assignment–and, through use, their usage stuck.

Today, many of us are familiar with several of these ports. There’s port 80 for web and 21 for FTP, as mentioned earlier. We’re also familiar with port 22 for SSH or 53 for DNS. Not all of the first 1024 ports have been assigned and some are still available but their number is shrinking.

Other Ports

Well-known ports account for the first 1024, so what about the 64512 others? Well, ports 1024 to 49151 are what we call registered ports. Those are also controlled and assigned by the IANA. Any organization can request them for their specific purpose. This is how, for example, port 1433 became the port for Microsoft SQL server or port 47001 became the port for the Windows Remote Management Service. But the Internet being what it is, several ports in that range are used for specific purposes without having been registered with the IANA.

As for ports ranging from 49152 to 65535, they are referred to as ephemeral ports. They are temporarily used by applications to differentiate streams. Think of a web server. Several clients can connect to it at the same time. If they all used port 80, it could be hard for the server to make sure it sends responses to the right requestor. So, the initial connection is done on port 80 after which the server and client “agree” on an ephemeral port number that will be used for the remainder of their exchange.

A Word Of Advice: Keep Unused Ports Closed

On a computer, ports status can either be open, closed or stealth. An open port means that the computer is actively “listening” for connection requests on that port. It is an active port. A closed port, as its name implies, won’t accept incoming connections. Instead, it will respond to any request that the port is closed. Stealth ports are somewhat different. a device trying to connect to those ports won’t even get a response.

Any port that is open is an open door to the computer. And malicious users will certainly try to exploit these open doors to gain access to the computer. For instance, let’s say you have FTP port 21 open although you are not really using FTP. A hacker could then use that open port to exploit a vulnerability of the FTP software running o the computer to inject malicious software.

And if you’re not even using FTP, chances are you might not have updated the FTP server and it could very well contain exploitable vulnerabilities. This is why it is so important to ensure that unused ports are either closed or stealth.

Protect The Ports You Use As Well

As for the post you are actually using, they are still open doors and could be used for malicious activity. This is why you need to protect the open ports. It can be done in several ways, the most basic of which is keeping your operating system and other software up to date. Most software publishers release frequent patches to address discovered vulnerabilities. Another way you can protect yourself is by using firewalls and intrusion detection and/or prevention systems.

Using Nmap For Port Scanning

Using Nmap for port scanning is super easy. If you were expecting a detailed tutorial, you’re in for a pleasant surprise. It’s just not necessary. Port scanning is Nmap’s primary function and, simply put, scanning for ports is just a matter of typing in the command followed by the IP address or hostname of the device you want to scan.

# nmap

Starting nmap ( )
nmap scan report for (
Not shown: 994 filtered ports
22/tcp open ssh
25/tcp closed smtp
53/tcp open domain
70/tcp closed gopher
80/tcp open http
113/tcp closed auth

nmap done: 1 IP address (1 host up) scanned in 4.99 seconds

Simple enough, no? Perhaps you need something a bit more elaborate, though. Let’s run the command once more but, this time, we’ll add a few options. -p0- specifies to scan every possible TCP port, -v specifies to be verbose about it, -A enables aggressive tests such as remote OS detection, service/version detection, and the Nmap Scripting Engine (NSE), and -T4 enables a more aggressive timing policy to speed up the scan. Here’s the result.

# nmap -p0- -v -A -T4

Starting nmap ( )
Completed Ping Scan at 00:03, 0.01s elapsed (1 total hosts)
Scanning ( [65536 ports]
Discovered open port 22/tcp on
Discovered open port 53/tcp on
Discovered open port 80/tcp on
SYN Stealth Scan Timing: About 6.20% done; ETC: 00:11 (0:07:33 remaining)
Completed SYN Stealth Scan at 00:10, 463.55s elapsed (65536 total ports)
Completed Service scan at 00:10, 6.03s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against (
Initiating Traceroute at 00:10 guessing hop distance at 9
Completed SCRIPT ENGINE at 00:10, 4.04s elapsed
Host ( appears to be up ... good.
Nmap scan report for (
Not shown: 65530 filtered ports
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp closed smtp
53/tcp open domain ISC BIND 9.3.4
70/tcp closed gopher
80/tcp open http Apache httpd 2.2.2 ((Fedora))
|_HTML title: Go ahead and ScanMe!
113/tcp closed auth
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.20-1 (Fedora Core 5)
Uptime guess: 2.457 days (since Thu Sep 18 13:13:24 2008)
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)
[First eight hops cut for brevity]
9 10.36 (
10 10.29 (

Nmap done: 1 IP address (1 host up) scanned in 477.23 seconds
Raw packets sent: 131432 (5.783MB) | Rcvd: 359 (14.964KB)

Some Nmap Alternatives For Port Scanning

As good—and as simple—as Nmap is as a port scanning tools. Perhaps you’ll want to consider other options. There are lots of products out there that can scan ports. Let’s review a few of the best tools we could find. Many are free or offer a free trial so feel free to try any of them and see how that fit your needs.

1. SolarWinds Free Port Scanner (FREE DOWNLOAD)

SolarWinds is one of the major players in the networking tools field. It is also well-known for publishing quite a few very useful free tools. The SolarWinds Free Port Scanner is one of them. The software is only available for Windows and will run through a GUI or as a command-line tool.

SolarWinds Free Port Scanner Screenshot

By default, the SolarWinds Free Port Scanner will scan your network to detect all the IP address. You then select to scan on all the devices or change the range setting scan a subset of your devices. You can also specify the ports to test. By default, it will only test well-known ports but you can override this specify your own range or list of port numbers. More advanced settings will let you scan only TCP or UDP ports, do a ping check, a DNS resolution, or an OS identification test.

As a result, the software will return a list of the status of all tested devices. You can imagine that this could be a long list. Fortunately, the system will let you apply filters and, for instance, only list devices with open ports. Clicking on a device reveals port detail panel. Again, it will list all of the ports in the scan range and again, you can apply a filter and only show the ports that are open.

2. PortChecker Port Scanner

The PortChecker Port Scanner is a web-based scanner. It’s a great tool although not all ports are checked. The service will test 36 of the most important–and vulnerable–well-known ports for accessibility from the internet. It will also test if a service is running on each open port. There’s also an option to run a shorter scan that will only test 13 ports.

PortChecker Port Scanner

The tested ports include FTP data and control, TFTP, SFTP, SNMP, DHCP, DNS, HTTPS, HTTP, SMTP, POP3, POP3 SSL, IMAP SSL, SSH, and Telnet, to name just the main ones. Scan results are displayed as a table on the web page. If you need a quick and dirty test of the most common ports, the free PortChecker Port Scanner might be just the right tool for you.

3. WebToolHub Open Port Scanner

The Open Port Scanner from WebToolHub is another free online port checker. The system requires that you enter an IP address and a list of ports to check. You can only enter 10 port numbers at a time so you’ll need to run it multiple times to test more. You don’t have to enter individual port numbers, though. The system will support a range–such as 21-29–as long as it is no longer than 10. It appears to be a better tool for a quick check of specific ports than a complete vulnerability assessment tool.

WebToolHub Open Port Scanner

Once the scan completes, which is rather quickly, the results are displayed in a table format with the status of each port as well as service registered with that port. The results table can be exported to a CSV file. And while you’re on the WebToolHub site, you may want to have a look at some of the other free tools such as an IP location checker, a backlinks checker, a WHOIS lookup facility, and a Ping test.

4. IP Fingerprints Network Port Checker

IP Fingerprints is another website where you’ll find a certain number of free and useful tools, Amongst them is the Network Port Checker. To use it, you simply enter an IP address and a range of ports to check. Although the number of scanned ports is not limited, you are warned that a number of ports in excess of 500 might take a while to scan and that a large range will start a scan that may never end.

IP Fingerprints Network Port Checker

This tool claims to be able to work around firewalls. It is done by using SYN requests. A real connection is thus never opened and many firewalls will let the SYN request through. Whether it does go through the firewall or not is not totally relevant. This is still a very good test no matter what as it is a common method used by hackers.

5. Free Port Scanner

The Free Port Scanner is a Windows freeware that can be downloaded from the Major Geeks website. You can use this tool to scan ranges of ports. The number of scanned ports is not restricted so you could decide to scan all ports if you have time to kill.

Free Port Scanner

By default, the tool will want to scan your own IP address for open ports from its own default list of ports. As you’d expect, the duration of the scan is proportional to the number of ports scanned. And it is slower when testing ports on a different device. For example, testing for all ports on your router could very well take all day. Results can show open or closed ports or both. The tool has no documentation and it’s not clear what testing method is used. Also, it appears that it only tests TCP ports, not UDP.

6. Port Checker

Port Checker is not to be confused with the PortChecker Port Scanner reviewed above. It is a Windows tool that is best downloaded from Softpedia. The software has no installer. you simply download its zip file, extract the executable file and run it. The executable is small and not requiring installation means you can run it from a USB stick.

Port Checker v1.0

The tool’s user interface is plain and quite easy to use. You simply enter an IP address and select a port number from a drop-down list. The two main limitations of this tool are that you can’t scan any port, just those from the list and that it will only scan one port per run. Despite its limitations, Port Checker is a great tool when you just need to check whether a specific port is open or not.

Read Using Nmap For Port Scanning + Other Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter