In this blog, I’m going to cover what I think of as my “Network Toolkit Essentials,” the tools I use in my role as a network engineer. At the time of writing, all of the below are free apart from PRTG, which is free for up to 100 sensors.
Some I use on a daily basis, while others I may only use a few times a month. Some I may not use for extended periods but I couldn’t do my job without them.
The list isn’t supposed to be exhaustive and I’ll probably be adding to it as new things get added to the list. It doesn’t cover Network management software except for PRTG, and that depends on whether you think of PRTG as network monitoring, or network management software.
Putty is one that I do use every day. Most devices these days have Graphical User Interface (GUI) configuration utilities but invariably, the GUI doesn’t cover everything and oftentimes there is a requirement to use the Command Line Interface (CLI) for things like debugging and troubleshooting. Sometimes the GUI doesn’t work, sometimes the CLI is just quicker. No matter what I can guarantee I’ll be using Putty at some time of the day.
There are alternatives and forks to Putty. I often use Kitty and ExtraPutty, but as I often log in to remote servers, sometimes I have to use what’s already there, and it’s often a standard Putty install.
ExtraPutty includes a session manager, you can download a session manager for Kitty but I prefer MTPutty as the session manager, which includes a tabbed interface for the Putty sessions. You can still detach the sessions, but tabbed is handy.
Of course Putty is available for Linux but I’ll usually just use the standard terminal in Linux or Terminator if it’s available for it’s split-screen and tabbed functionality.
Wireshark is one of the most useful tools for capturing and analyzing network traffic. It doesn’t just capture local traffic but there are a few tricks you can do to capture remote traffic. You can also output captures from tcpdump in a format that you can read by importing them to Wireshark and several well-known firewalls can also output Wireshark friendly files, (Cisco ASA and Fortigates range of firewalls to name but two).
We’ve covered troubleshooting PXE boot with Wireshark here and it has some good examples of what can be seen in a typical capture, and how to filter by right-clicking on elements in the file.
I have used Microsoft’s Network Monitor in the past but it has been superseded by the Microsoft Message Analyzer (MMA), but even that’s been retired now and is no longer available for download from Microsoft sites according to the Microsoft Message Analyzer Blog. They suggest that “For similar functionality, please consider using a 3rd party network protocol analyzer tool such as Wireshark.”
Once you have saved your capture file and you have to share it with a support team there is sometimes a requirement to obfuscate certain parts of the IP address or other sections in the packet.
Tracewrangler to the rescue, it’s still in Beta but I’ve used it a couple of times to sanitize IP addresses in Wireshark captures.
I’ve been using the 3CDaemon since, well for longer than I care to remember. It has a nice graphical interface and you can see exactly what’s going on in real-time.
I use this mostly for uploading and downloading files via TFTP (Trivial File Transfer Protocol) to switches, routers, firewalls, and other network hardware, but it’ll also act as an FTP (File Transfer Protocol) and Syslog server, (NB neither TFTP or FTP are secure protocols, so I’ll only use this during the transfer and close the program afterward.)
Another useful TFTP server is the TFTPD64, it includes DHCP (Dynamic Host Configuration Protocol), TFTP, DNS (Domain Name System), SNTP (Simple Network Time Protocol) and Syslog servers as well as a TFTP client. It can be run as a service and used to build a PXE (Preboot Execution Environment) environment.
Core FTP mini-sftp-server
And for the times you need an SFTP (Secure File Transfer Protocol) server, perhaps because you need to get through a firewall and find that TFTP and FTP are locked down, there’s the option of using the Core FTP mini-sftp-server (make sure you download the free mini-sftp-server). It uses TCP port 22, the same as SSH and has the option to support SCP.
Another free and lightweight SFTP server is the Rebex Tiny SFTP Server. Since I’ve used their SFTP test server for the Filezilla connections below it’d be rude not to give them a mention 😉 Their Buru SFTP/SSH server is also free for personal use.
While transferring files using the command line is possible with FTP/SFTP/FTPS and others, it’s just easier to browse through folder trees and drag and drop the files you’re after.
While not really a network utility, I had to include 7zip since I sometimes have to send encrypted and password protected files across the network and 7zip will do that.
7Zip is my got zip utility and it supports 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM for packing and unpacking and a whole lot more for just unpacking. On top of that, it’ll split archives and rebuild them from the component parts and you can password protect and encrypt too.
So if you want to protect your Bitcoin wallet seed-phrase by saving it online, why not encrypt, password protect, split and save the parts to different cloud providers. Not forgetting, of course, to use 2FA (2 Factor Authentication) for your cloud accounts.
There’s a whole host of password managers available online, and the one I use is Keepass. The database can be uploaded to the cloud and synchronized with the application on the laptop. There are also apps for Android and iOS so you can access your passwords across all your devices.
VirtualBox is a free open-source general-purpose full virtualizer for x86 hardware currently being developed by the Oracle Corporation.
I usually use this for running Linux based machines on a Windows host, but there are packages for Linux, MAC, and Solaris so you can run Windows on a Linux or MAC host for instance.
It’s even possible to run a VM and boot it from a USB attached to the host device.
We’ve covered creating a VM in an earlier post “How to create a LiveRaizo VM with persistence“. It goes through the steps required to create the VM using an ISO image from Live Raizo, but you can use any Distro for the ISO.
There are also some useful prebuilt VMs that you can import into VirtualBox if you need to try something out.
GNS3 is a graphical network simulator that uses Dynamips to host Cisco IOS images. GNS is the GUI that enables you to build complex networks in a virtual environment.
Apart from Cisco routers, GNS3 now supports the use of other manufacturers kit such as Fortigate, BigIP F5, Extreme Networks and many more. It’s possible to connect the virtual devices to real switches through the host network ports so you can test all kinds of scenarios.
I’ve used GNS to build and test environments that mirrored live networks so the effects of certain changes to routing protocols such as BGP could be seen before applying the changes to the live hardware.
PRTG is a tool to monitor your entire network infrastructure. It’s not limited to routers and switches, but covers servers, applications, virtual systems, IoT and cloud devices among others. There are other tools out there to do a similar job (and some good open-source ones too) but PRTG is the tool I’d use if I have a choice.
The free version allows for up to 100 sensors which is fine for a lot of SOHO networks and the price for the paid-for versions isn’t prohibitive. You do get a perpetual license for the money too, but you’ll have to pay for support if you want continued upgrades in the future. A sensor is defined as a succinct instance that can be monitored on a device, such as the port of a switch, the CPU load on a server, or even a ping sensor.
There are literally hundreds of sensors including SNMP, Netflow, WMI, PostgreSQL, Exchange, IMAP, the list goes on and on…
It’ll provide graphical outputs of network traffic, bandwidth statistics, and much more so it’s useful for trending analysis. You can configure it to send alerts via email, or SMS. You can even push notifications to your phone via an app.
The latest Windows versions have support for some Unix/Linux type commands such as SSH, ls, pwd, and SCP, (and you can install the SSH server fairly easily as an add-on for Windows 10), so I find I’m not using Cygwin as much as I used to but I am still using it for Expect scripting in Windows.
Cygwin creates a Linux type environment in Windows and you can download the binaries of your choice depending on what you want to do with it.
You can find an excellent Cygwin cheat sheet provided at pcwdld.com with instructions to install and select the packages. It's a good place to start with Cygwin as well as being a great website for IT information in general.
Expect is a useful tool based on the Tcl programming language, it can be used to script logins and changes for use in interactive shells such as Telnet and SSH sessions. Its power comes in being able to work around unexpected issues when logging in to a host, such as when the SSH key changes and you have to agree with the change before logging in, or if you need to change privilege levels before running certain commands. Expect waits for a response from the host and, depending on what’s returned, sends the appropriate command.
With Cygwin and expect installed in Windows, you can create a Windows batch file to call an Expect script, which in turn can spawn a terminal session to back up a device or change a password. You can call the batch script from the Windows task scheduler so the whole process becomes automatic.
Notepad++ is a great tool for comparing text files, such as before and after configurations of a router, switch or firewall. If you’re working on a Windows machine, it’ll also do things like tail -f, if you want to monitor file for changes for instance, tail -f will update notepad++ when the file changes. It’s great for monitoring log files without having to continually refresh.
Notepad++ uses plugins for comparing and there’s a plugin called Document Monitor which refreshes the file of interest even when Notepad++ loses focus.
It also does a pretty good job as a code editor and has regular expression search and replace. If you only have one text editor (as opposed to a word processor), you won’t go far wrong with this one. Although it’s for Windows, it can be used in linux using Wine.
Browsers are of course essential. My preference at the moment is for Firefox, but I sometimes have to use Internet Explorer. Edge is fairly good these days and based on Chromium source code. Occasionally a browser may not render part of a page or I’ll be missing buttons, and using a different browser might fix things if compatibility mode won’t do it.
Your choice of browser may come down to how you view privacy and security concerns, and Firefox scores highly on this according to sites like restoreprivacy.com and 2-spyware.com depending on how you configure it, Comodo’s Ice Dragon is based on Firefox and tout itself as being more secure, there’s currently no 64-bit version (as of 05 Mar 2020), but Comodo is hoping to add one in the near future.
To cut a long story short, a summary.
This blog post covered some of the tools that I use in my job as a network engineer and provides links to the downloads.
The tools covered for the various tasks are:
|Putty||A terminal emulator for connecting to local or remote devices using Serial, Telnet, SSH or other protocols.|
|Wireshark||Packet capture and analyzer tool.|
|Tracewrangler||Tool for sanitizing and anonymizing wireshark packet captures|
|3cDaemon||FTP, TFTP, and Syslog server.|
|Core FTP mini-sftp-server||SFTP and SCP server|
|Filezilla||File transfer client supporting FTP, SFTP, and FTPS.|
|7zip||File compression utility that can also split archives, encrypt and password protect.|
|Keepass||Secure password manager.|
|VirtualBox||Tool for running virtual servers on a host machine.|
|GNS3||Graphicl Network Simulation tool for creating and running virtual networks using genuine OS images. Useful for testing network scenarios and training.|
|PRTG||Network monitoring tool supporting Netflow, SNMP, WMI and hundreds of other sensors for trending and analysis of sensor outputs.|
|Cygwin||Tool for running Linux commands in Windows, particularly useful for running Bash and Tcl scripts for network automation tasks.|
|Notepad++||Text editor that can compare, monitor log files for changes, do regular expression searches and be used as a code editor.|
|Browsers||Used to connect to many GUI configuration tools for network devices.|
If you’re a network engineer and you could use an IPv4 subnet calculator check out the free techiedoodah IPv4 excel subnet calculator spreadsheet and if you get a lot of time hands on rackside and need a tray to put your laptop on, let us know what you think of the Portable Rack Mount Laptop Tray and sign up if you want one. Type with two hands instead of one, be more comfortable, improve your productivity and get out of the server room sooner, (or wherever the rack happens to be).
Techiedoodah blogs are created in the hope that they can help others by giving real-life examples. If this has been useful to you please feel free to leave a comment. If you’re reading this post on the home page, you won’t be able to post comments here, so follow this link to the blog, and then scroll to the comments section at the bottom of the page.