Information Security is a concern for every company, no matter how big or how small.
Knowing what information typically is traversing your company’s network is critical to knowing when something out of the ordinary occurs.
Monitoring your network enables you to be aware of many things including degradation or fluctuations in performance, overall network health and stability, and security.
When it comes to network monitoring tools, there are many choices ranging from free to commercial, open-source to proprietary. The range of functionality they provide also varies from packet capturing tools to full-blown network monitoring applications that can show the health of all devices on your network in real-time.
We’ve listed some of our favorites (not in any particular order of preference), and we’d like to hear your favorites as well.
- Netmon – This Microsoft tool has been a packet-capturing mainstay of network monitoring and security professionals for many years. This free utility has recently been overhauled and is currently at version 3.1.
- Ethereal / Wireshark - This full-featured protocol analyzer can dissect over 750 different protocols and can be used to analyze traffic in real-time over the network or analyze traffic dumps from a variety of sources. Ethereal has "forked" with most of the core development team now working on the rebranded product called Wireshark. Wireshark encompasses all the features of the famous Ethereal and will continue to be developed and added to going forward. Although Ethereal is still available for download, development has for the most part stopped.
- What’s up Gold – More of a networking monitoring tool than a packet sniffer/protocol analyzer, it never the less provides crucial monitoring of the essential components of your IP based network. Knowing the status of all your network devices is a key element to secure and stable environment.
- TCPDump/WinDump – This no-frills packet sniffing/analyzing tool has been around for quite some time, and is a old favorite of many networking professionals. While still actively maintained, it doesn’t have as many bells and whistles as some of the new applications (i.e. Wireshark).
- Ettercap – Terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Plugins are supported and it also has the ability to check whether you are in a switched LAN. It can also use OS fingerprints (active or passive) to let you know the geometry of the LAN.
- NetStumbler – Netstumbler is a not so much a traffic monitoring tool as it is a wireless identifying tool. It allows you to discover wireless networks, and while this obviously has implications in the hacking community for
- Kismet/KisMAC - Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
- Nmap - The de facto network discover/monitoring tool that has been ported to run on most major operating systems, it may be used to discover computers and services on a computer network. Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.
- Nessus - One of the most widely used networking scanning and vulnerability tools, this suite of applications can monitor the network detect vulnerabilities such as mis-configured applications, weak passwords, open ports, and more.
- IRIS - The Iris Network Traffic Analyzer vulnerability forensics software provides network traffic analysis and integrated forensics reporting. Iris enables security best practices through unique protocol analysis and proven packet sniffer technology providing for a complete network forensics solution.
Some of these tools have more commercial application than others, but if you are tasked with your company’s network security, it is advisable to be aware of the legitimate commercial tools, as well as the applications and tools preferred by the hacking community.
By keeping up to date on network vulnerabilities and potential security threats, along with understanding what normal network traffic and conditions are you’re more able to quickly detect network bottlenecks and attempts to breach security.