Reader favorites: Great free network tools

From sniffing to mapping to monitoring, these utilities perform surprisingly sophisticated tasks

Computerworld recently showcased 10 great free network management tools. Readers responded with some of their own favorites, so I'm going to take a look at those tools and report on their capabilities and usage from my perspective as an experienced network manager.

But first, let's address security. Readers mentioned the possible security implications of downloading free tools, which is a valid concern. What's to stop a coder from producing a neat network administration tool that secretly sends information about your network to a collection point for exploitation at a later date?

That's why it's a good idea to only download applications from valid sites -- such as and -- that tests applications before releasing them -- or from open-source sites such as Sometimes, such as in the case of Multi Router Traffic Grapher, the application is so widely used that it can be assumed that it's safe simply by virtue of its popularity; if the tool had a problem, someone would have found it.

No matter what, never install an application that has the ability to cut into and examine your network without understanding what it does and doesn't do. Some applications ask you to enter an administrative username and password or a Simple Network Management Protocol (SNMP) community name so they can probe deeper into certain devices. Others aggressively scan the network to the point where security devices -- and other administrators -- may detect the scan as an attack. Try these in a safe environment (test network or DMZ) and use a free sniffer like Wireshark to verify what the application is doing before deploying it in a production environment.

Also, some readers noted that "freeware" applications aren't always completely free. Some applications are open source and designed as part of a greater good, which elicits input from users to make the applications better. In the case of ZipTie, that would mean plug-ins for currently unsupported network equipment. Other freeware applications are self supporting via ad sales. Other freeware vendors hope that if you like their free version you'll purchase the "platinum" version with bells and whistles and the ability to slice bread.

So with those caveats in mind, let's take a look at readers' favorite free network tools.

Note that I only include Windows tools. Some readers suggested Linux tools, but not everyone can afford the time to learn Linux just to evaluate a useful tool. Also, some of these tools, such as Nessus, can run on both Linux and other operating systems. And if you're really into Linux, you can read my previous article "Linux primer for networkers".


To be fair, Wireshark was mentioned in the original article as one of those tools that's so popular that including it in the original top 10 network tools would be essentially repeating old news. Some readers believed, however, that Wireshark is so good it deserved a mention.

Wireshark is a network protocol analyzer or "sniffer" and is the continuation of the well-known Ethereal project. A protocol analyzer "listens" to a network, records all of the packets seen on the connection and presents a detailed analysis of those captured packets. Properly placed, a good sniffer can provide reams of data invaluable for network troubleshooting and monitoring.

The problem is in the presentation of the information. Simply producing a text file of raw packet output is difficult to analyze. A good protocol analyzer needs to be able to take that information and present it to a network administrator in a summary format, and Wireshark does that.

CAPTION: Wireshark digs deep into all layers of each packet it captures.

Wireshark can provide deep inspection of hundreds of protocols, and more are added with each release. It can also import traces from other programs (tcpdump, Cisco IDS, Microsoft Network Monitor and Network General to name a few) so analyzing information from other sources is a breeze. It runs on Windows, Linux, Mac OS and other operating systems.

If you are going to administer a network, big or small, a protocol analyzer is a necessary tool. Wireshark fits the bill.

The Dude

Knowing that services are available on your network is a good thing, but knowing when services go down as soon as (or better yet before) your users and customers do is essential. The Dude is a network management package that excels in so many facets it must be tried to be believed that so much can be offered by a freeware tool.

After installation, like many network management packages, The Dude begins with a network discovery process. You input the IP address range or network to discover plus the type of discovery (such as ping or services). This produces a basic network map from which you may customize types of monitoring. The color of the network device's model changes from green to orange if a service goes down and red if all connectivity is lost.

Monitoring includes simple pings, services based on TCP port number, SNMP probes and the ability to log in to machines to acquire more specific data. The Dude comes with a preconfigured services set so as to not overwhelm monitoring, but it's trivial to add user-customized services. While it can do so, The Dude isn't designed for discovering services offered by machines on your network. For that you'll want Nmap, discussed later.

Without decent notification attributes though, network management packages lose usefulness. This isn't a problem for The Dude. In addition to the map you can configure a variety of notification modes, from pop-up windows to e-mail messages. In one test I manually shut off access to MySQL on my Linux Snort IDS box. The Dude popped up a flag and sent me a customized e-mail within a few seconds. You may wish to tweak probe intervals as false positives can be a distraction.

CAPTION:The Dude easily displays meaningful graphics summarizing service uptime.

The Dude comes as a standard client/server package. You can run the client and server on one computer, or run the server on one computer and connect to it from another machine. It also offers a Web interface (http and/or https) for remote access. Various accounts can be created, from a read-only version for help-desk type operations to full administrative access for network managers.

CAPTION: The Dude Web interface allows for network management without loading The Dude client via a Secure Sockets Layer connection.

The Dude has so many features and is so versatile that it easily can fit into just about any network monitoring environment. With the ability to nearly instantaneously inform a network administrator of problems, it can be a very cost-effective support tool that your end users will be glad you implemented.


Nmap is one of those programs that has been around so long it's virtually considered a staple of a networker's bag of tools. But while the functionality of Nmap has remained strong, it has grown beyond a Linux-based command-line tool. Today's Nmap provides quick information using a crisp graphical user interface (GUI) called Zenmap.

Nmap's function is simple: discover what ports are open on a target machine or range of target machines. Knowing what ports are open is helpful for many reasons. Not sure how many Web servers are running in your environment? Worried the firewall configuration you pushed out with Group Policy isn't effective? Then run Nmap, concentrating on those ports you assume are blocked by your firewall. Concerned that your users' machines may be running a Trojan known to listen on TCP port 25192? Then perform an Nmap scan (behind firewalls) for that port on your entire address space.

CAPTION: Nmap output as displayed by Zenmap provides valuable information concerning services offered by hosts on your network.

Zenmap runs common Nmap scan commands and displays the actual command-line command in a window for verification. You can also modify the command manually or run Nmap completely from the command prompt. While Zenmap is a great interface for Nmap, it doesn't replace the need for knowing what it is you are actually scanning for.

Nmap is one of those "initial probe" tools that hackers love to use to discover vulnerabilities on a target network. Use it on your network before they do, or you may be in reactive mode when you could have been proactive.


Admit it. You have many devices on your network but no easy method of storing the configurations of your routers, switches and firewalls. Maybe you do store configurations but it's via a cumbersome file transfer process, cut and paste, or some other time-consuming method that is not only a drain on time but may not always work the way you would like it to.

Sure, some vendors have proprietary packages to manage the configurations of their equipment, but what about configuration management in a heterogeneous environment? How many networks out there are truly composed of a single vendor's equipment? Even in a single-vendor network, wouldn't it be wonderful to manage those configurations without paying the network vendor's licensing and maintenance fees for their packages?

ZipTie is an open-source, no-cost product designed to provide multivendor network equipment configuration management. It allows for discovery of network devices, backup and restoration of configurations, and comparison of configurations among devices or over time (to track changes). As a bonus feature, it also contains several basic network design and management tools, including a subnet calculator (who doesn't need one of those?)

There is nothing magic about ZipTie. It is, at the core, a nice front end to communication protocols (SNMP, Secure Shell (SSH) , Telnet, HTTP, Trivial File Transfer Protocol and so on). But it uses those, and other protocols, to discover and consolidate information on network devices. Do you manage your network devices with HTTP running on a nonstandard port? No problem; just create another protocol entry and specify the desired port.

One drawback is that ZipTie only supports a small number of network vendors in its core release. However, being open source, a large and growing database of user-submitted add-on modules extends the functionality of ZipTie significantly. These add-ons provide SNMP Management Information Base (MIB) data so that ZipTie can recognize the device.

CAPTION: ZipTie executes command-line statements, such as a simple ls -la command against a Nokia Firewall (one of the core supported products). This feature is useful not only for configuration management but also for other administrative applications.

Installing ZipTie is somewhat more complicated than installing some of the other reviewed tools. Read the prerequisites page before downloading and installing. Links are provided for the Sun Java Development Kit as well as Perl for the server and Sun Java Runtime for the client. Install these first. Be sure to change the default administrator password before using it on your production network. It's not intuitive on how to do so but read the documentation; it requires that a command be run at the command line interface on the server.

ZipTie does operate in a true client/server model, so you can allow one source for your configuration management and still have multiple clients manage it via the client piece. It's definitely worth looking into. If a particular module doesn't exist for one of your network devices, consider submitting a module yourself. That is after all the backbone of open source.


If you manage wireless networks and have never used NetStumbler, you need to. NetStumbler is, at the core, an interface between what your 802.11 wireless card "sees" and what you see. It presents all of the wireless networks found in different formats, including individual transmitter signal strength or aggregate information grouped by Service Set Identifier (SSID) channel or whether the network is secured or "open."

NetStumbler is the de facto tool for war drivers, as it easily identifies networks within range of a client. War drivers look for open wireless networks, and a corporate network that has improperly configured and/or installed wireless access points is ripe for exploitation. NetStumbler is a cheap tool for conducting surveys to find these potential network entry points.

CAPTION: NetStumbler displays signal strength of access points it "sees," including this rogue on Channel 6.

1 2 Page 1
Page 1 of 2
How to supercharge Slack with ‘action’ apps
Shop Tech Products at Amazon