Admin resource: Use the right tools to manage your network

To be an effective network administrator, you don't have to be a scientific genius. And you don't have to memorize a bunch of obscure facts about hardware and software. Instead, you need to know two things:

• Where to find the appropriate solutions to technology problems when they arise


• How to use the right tools for monitoring, troubleshooting, and managing the activities of the various systems on your network

We know TechRepublic is the biggest IT community, which provides kinds of sources you turn to for solutions when problems hit your network. To demonstrate that TechRepublic is worthy of being a solutions finder, here I've compiled a list of articles that discuss tools you can use to improve the management of your network.

• Test-drive: Colasoft Capsa network analyzer
  
  Having good insight to your network is critical. There are so many potential issues that can be going on that any additional tool can be welcome. This can include attacks, transmissions and applications without encryption, or incorrect configurations bogging down the network.
  
  Recently, I had a chance to evaluate the Colasoft network analyzer or Capsa.
  


• Servers Alive is a valuable and inexpensive uptime monitoring tool"
  
  To handle a problem, you have to know that it exists. That's where a program such as Servers Alive comes in. It can e-mail, page, or call an administrator with an automated alert when a system goes down, a router fails, or a service goes offline.


• "Let Big Brother keep tabs on the health of your servers"
  
  Big Brother is another monitoring tool, but this one runs on Linux/UNIX (although it can monitor systems from other platforms). It's available free under an open source license.


• "PRTG makes it easy to monitor bandwidth"
  
  Bandwidth is an expensive and critical commodity for most organizations. PRTG (and its Linux/UNIX cousin, MRTG) allow you to keep a close eye on bandwidth utilization and quickly spot any potential problems.


• "Get two must-have network tools--for free"
  
  Here's a peek at two handy troubleshooting tools—HyperTrace and NetStatLive. Since these are small, easy-to-use, and free, there's no excuse not to try them.


• "Quickly manage systems over KVM with BgInfo"
  
  Most administrators who manage more than five or 10 servers usually have them loaded into a rack and access them with a KVM switch or remote access software. However, the more servers you have, the harder it can be to tell them apart—and making a configuration change to the wrong server can have disastrous consequences. BgInfo is a little tool that can help you set up desktop screens that allow you to quickly identify your servers.

Final word

Of course, this is not a comprehensive list of every tool you need to manage a network. It's just a sampling of the kinds of great tools that can make you more effective at spotting problems and getting them fixed in a timely fashion.

For more information, please visit:http://articles.techrepublic.com.com/5100-10878_11-5074896.html

Monitor broadcast storm with Colasoft Capsa.

Causes of broadcast storm:

• Incorrect network design and plan


• Network equipment damage


• HUB is easily lead to broadcast storm as broadcast equipment


• NIC or switching equipment damage


• Network loop


• Incorrect router configuration


• Virus

How to detect Broadcast Storm:

step1. Set up broadcast packets filter

Open Filter --> Add --> From Filter Table, check "Broadcast":

step2. Detect relevant parameters of the broadcast storm

1. Statistical parameters

• broadcast packets bytes


• total broadcast packets


• packets per second


• packet size distribution


• protocol type


• etc (add according to your own network)

How to make use of these paramaters?

Take a 100M ethernet for example. The maxmize packet per second is 12.5M x 1024 = 12800 Bytes/s. If the value of packet

per second of broadcast is greater or close to it, then we can define there's broadcast storm.

The packets sum, number, and its size distribution are different according to the size of network.

Protocol Type is mainly to stats the protocols with the largest traffic utilization. (PS: Care must be taken to distinguish ARP

Request and ARP Response, ARP Request is broadcast, while ARP Response is unicast.)

2. IPID Identification of the packet

IPID is the unique flow to identificate the packet. If there's a protocol in a large traffic utilization, we can check its IPID in

Packets view, if they are the same, we can confirm it is caused by network loop.

Currently, network loop is one of the mainly causes to broadcast storm.

3. Check the Utilization

How to make use of the utilization paramaters?

Utilization is divided into "Utilization (bits)" & "Utilization (percentage)". The computational process of network utilization is: bits per second(in "Summary" view) / network bandwidth(100M or 1000M Ethernet). Ordinary, the network is perfect if the utilization is 50% in a ethernet, we can get the conclusion that there must be broadcast storm in the network if the utilization of broadcast is over 30%.

Download the latest Capsa 6.9R2(windows 7 supported) to monitor your network perfermances in time.

How to analyze the statistic of a specific IP in LAN with Colasoft Capsa?

Nowadays, computers is becoming the necessity in majority of companies all over the world. Network managers/adminstrators have to monitor their network, grasp the network status in time, and find a best solution once there's any abnormal condition occurs in the network. They have to make sure the whole network status is visible to them, even the traffic,conversation, packet in 1 specific IP address. Without a appropriate network management, a large amount of network risks will appear in your network.

Colasoft Capsa 6.9R2, which is windows7 supported, is such an ideal network monitor. This article is telling you how to analyze the statistics of a specific IP address once you have to analyze the stats by locating a IP address.

For example:
There are 200 hosts in LAN. You have detectde the network became very slow due to BT downloading by a specific IP address: 192.168.6.5. To check the stats, including protocols, conversations, packets, etc under this IP to prove it is the specific IP address, you need locate it. In Colasoft Capsa, there are 2 ways to implement it:

1. select the IP address under "IP Explorer" in the left Explorer window:


2. add the IP address in Filter setting, steps as follows:




Then we can check all the stats related to "192.168.6.5" only to further comfirm the problem. For more infomation of "How to Track BitTorrent User in Network with Colasoft Packet Sniffer", please go to http://blog.colasoft.com/how-to-track-bittorrent-user-in-network-with-colasoft-packet-sniffer/

Recommend 5 Nice FREE Network Analysis Tools to Network Admins

Colasoft, with its all-in-one & easy-to-use network analyzer -Capsa, has been known and recognized in network analysis industry. Today let me recommend 5 nice Colasoft network analysis tools to all network administrators, the tools are totally free and very simple but helpful.

Colasoft MAC Scanner Pro

List MAC addresses and IP addresses in your local subnet in seconds. Network administration will never become efficient before you know exactly who is the user and where is the computer. MAC Scanner Pro will do it for you.

Core Values:
.Scan MAC addresses and IP addresses

.Save Scan Results into database for future reference and network maintenance.

.Add attributes (such as users name and physical location of the host) to scan results and save in database.

.Automatically compares new MAC scan results with database records and notifies difference and new records (illegal access).

.Print and Print Review MAC Scan Results

Special Notice:
Colasoft is launching a campaign this month,you can get a license key of MAC Scanner Pro edition for free as long as you recommend a friend to download MAC Scanner free editon successfully.

Find out more information about this ,please go to www.colasoft.com/mac_scanner

Colasoft Ping Tool
Colasoft Ping Tool is powerful in supporting to ping multiple IP addresses simultaneously and comparing response time in a graphic chart. Users can view historical charts and save the charts to a *.bmp file. With this build-in tool, users are able to ping the IP addresses of captured packets in a protocol analyzer (e.g. Colasoft Capsa) conveniently, including resource IP, destination IP or both.

Colasoft Packet Builder
Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders.Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.

Colasoft Packet Player
Colasoft Packet Player is a packet replayer which allows users to open captured packet trace files and play them back in the network. It supports many packet trace file formats created by sniffer softwares such as Colasoft Capsa, Ethereal, Network General Sniffer and WildPackets EtherPeek/OmniPeek, etc.

Except sending packet files in original interval between loops, Colasoft Packet Player also supports sending packet files in burst mode and defining the delay between loops if the loop count is more than one.

Why should we monitor the network conversation?

In a network group, especially for the company, enterprise, school, bank, NSA, etc, the confidential information is very very important, and may very dangerous if they are divulged.

And also, for a company/enterprise boss, he can get the information of what his staff are talking about via internet, no matter they are using MSN, Yahoo, Gtalk, ICQ, AIM…or Email Webmail…at any time.

Under this situation, we need a network monitor/packet sniffer, not only to monitor the network conversation, but also to guarantee our network security for prevent it from dangerous beforehand.

Resolution Take Colasoft Capsa 6.9 for example, We will
show you how to monitor the email activity & content with it step-by-step:
1. Choose “Logs” from the main window.


2. As shown in the following illustration, there’s a pop up window for changing settings after you choose the “Logs”. Email Log→Log File Settings, then change the settings indicated by an arrow.


3. Choose Email Messages in the Logs view, you can find the detail information on all the email activities.


4. Just double-click the crossband, then you can check out the content of any email you want to read.


Conclusion:
For every organization, institution, company, enterprise…etc, the confidential information is very important that are never allowed to be leaked out.

Except the traditional File Encryption, Video Surveillance, what can we do if we are in a huge network? Under this situation, a powerful packet sniffer/network analyzer is quite a good right-hand.