Top 10 free open-source tools for network admins

Tcpdump and Wireshark

When things get really hairy and you can't figure out what's going wrong on your network, it's time to pull out Tcpdump. This utility lets you capture the network traffic on a network card and view the packets and frames in real time.

If you're wondering why a browser can't find the Web server, you can fire up Tcpdump and see what's happening. Is the computer sending out DNS queries? Is it receiving a valid reply from the correct DNS server? By viewing the query and reply packets with Tcpdump, you can determine if the DNS server is replying with NXDomain for what should be a perfectly valid domain name or if the user changed the DNS server settings because he thinks that Google's DNS servers "must be faster" than your company's own servers. Or maybe the DNS queries and replies are fine, but the remote Web server is not responding. Then you would see the HTTP request packet leave the computer, but no replies from the Web server.

Tcpdump is a great tool by itself, but pair it with Wireshark, and you have an unbeatable system for troubleshooting network application issues. You can save your Tcpdump packet captures to files and open them in Wireshark for easier analysis. Wireshark gives you a GUI to examine Tcpdump captures and sort the data for more thorough analysis. You can compare time stamps on individual packets to see how long it's taking for a reply to be returned after a request has been made. And if you've synced the system clocks on client and server computers, you can see how long it takes for packets to travel between the two.

If you have a slow internal Web application, you can use Tcpdump and Wireshark to locate the bottleneck. If you see a long delay in the DNS lookup requests and replies but the actual HTTP requests and replies are fast, then you know the trouble lies with the DNS system or the network links to the DNS servers. If the DNS process is working normally, then you'll want to examine how long it takes for client requests to reach the server and how long it takes for the server to reply back. Wherever your network problem lies, Tcpdump and Wireshark can help you put your finger on it.

Books have been written about Tcpdump and Wireshark. Read them and learn all about these two utilities. You'll certainly improve your network troubleshooting game.

RANCID

We've all had that horrible sinking feeling in the pit of our stomachs when we've copied and pasted a new config into a router or switch and it stops responding. Did I remember to back up my old config before I uploaded the new one? How late will I be staying up tonight to fix this mess?

RANCID (Really Awesome New Cisco confIg Differ) is a versioning system for your switch and router configs. It uses either CVS or Subversion to store each new version of your configuration files. As it gathers and stores the configs for each of your devices, it runs a diff against the previous version to see what, if any, changes have been made. When it detects a change, it sends out an email with the details of that change to an address of your choosing. With RANCID, you'll know whenever a change has been made by your NOC team.