Control of computers on the local network. Network monitoring using TCPView and netstat utilities

LAN monitoring is a continuous process that involves monitoring the working network. The process performs the following functions:

Timely detection of errors and malfunctions.
Adequate and quick response to errors and malfunctions.

The system administrator monitors the network status.

For ease of operation, various notification software is used. One such application is the following development — Total Network Monitor from Softinventive Lab.

Monitoring systems

The main requirements that should be in network monitoring software are highlighted:

Supports all types of network connections, including wifi networks.
Monitoring network activity.
Determination of the detail of system and network services.
Analysis of remote computers and web servers.

Monitoring systems must provide reports about events over certain time periods. It is important to retain all activity listings and archive them in an appropriate log.

It is necessary to distinguish between tools that provide control over external access to the network and software, which is important for monitoring internal network processes.

Network activity monitoring is defined as follows:

An application with a certain period sends requests according to the necessary ip network addresses.
If the result of such a request is incorrect or unsuccessful, a signal is sent to the system administrator.
Automatic detection of actions that are regulated by the network protocol.

Monitoring methods

There are many methods and tools for monitoring network connections. The specifics of their use depend on the purpose of the process, network configuration, file system, etc.

Basic methods:

Protocol analyzers. These systems are needed solely to control network traffic.
Integrated management and analysis systems. Used for software and hardware environments. Provide control over certain programs, sections of communications and individual devices on the network.
Network management. This includes software that collects data about network processes and the state of the hardware unit. All network traffic is monitored.
Cable equipment. Certifies and tests cable networks.

The Total Network Monitor program is now one of the most relevant applications for monitoring work networks. The software provides timely tracking of problems, checks the software for relevance and works with anti-virus databases.

Today, the success of many enterprises and organizations depends greatly on the reliability and quality of the networks and network applications used. Network monitoring, which refers to the systematic monitoring of key indicators of the functioning of the network and network applications, helps to detect and eliminate emerging and emerging problems in their operation to maintain the quality of user service at the proper level. In addition, network monitoring is extremely important for ensuring information security, since it allows you to identify dangerous user actions and malware.

Types of network monitoring

There are passive and active network monitoring. With passive monitoring, key indicators of the functioning of the network and network applications are monitored by analyzing the real traffic of the operating network, “observed” at its various points, and with active monitoring, specially generated test traffic is used to determine these indicators.

In turn, there are three main types of passive monitoring: packet-based monitoring (capture and analysis of network packets using monitoring tools), SNMP monitoring (interrogating SNMP devices to obtain information about their status and traffic) and flow-based monitoring (collecting information about traffic flows using xFlow protocols, etc.).

A type of passive monitoring, packet-based network monitoring is performed by passive (not transmitting test traffic) monitoring devices that analyze captured packets.

Optimal connection of passive monitoring devices

IT professionals use a variety of passive monitoring devices (including protocol analyzers, RMON probes, NetFlow collectors, IDS/IPS systems, and probes capable of recording large volumes of network traffic) designed for in-line or out-of-band connectivity. to network lines.

Kaspersky Internet Security

For out-of-band connection of monitoring devices, it is best to use special network taps.

The network tap is connected to the network line break. Passing duplex traffic transmitted over the line through itself, the network tap copies its halves (counter packet flows) into its monitoring ports intended for connecting monitoring devices (see figure). Unlike an Ethernet switch with SPAN ports, a network tap never discards any packets, including defective ones, and thus provides 100% (!) control of traffic on the line.

Network taps do not impact or reduce network reliability because during a power failure, a copper tap remains transparent to monitored traffic, while a fiber tap is a passive device that requires no power at all. Additionally, since a monitoring device connected via a tap does not require an IP address, it is isolated from the network, greatly reducing its exposure to hacker attacks.

A wide range of copper and fiber network taps are available, supporting a range of maximum data rates from 10 Mbps to 100 Gbps. In addition to conventional taps, regenerating taps are produced, which are used when the same traffic needs to be monitored using several different monitoring devices at the same time. The regenerating coupler differs from a conventional tap in the increased number of monitoring ports. If the number of network channels that need to be monitored exceeds the number of available monitoring devices, you can use an aggregation tap, which combines traffic from several monitored channels and outputs the total flow through several of its monitoring ports (see figure). However, the rate of this flow may exceed the capacity of the monitoring device port, resulting in unacceptable packet loss. To reduce the likelihood of packet loss, you need to select an aggregation tap model with a sufficiently large buffer memory.

Operation of aggregation and network taps

Overloading of the monitoring device can also occur when it is connected to a faster network channel (for example, if an analyzer with a 1GE port is connected to a 10GE channel using a 10-Gigabit tap). To reduce the load on monitoring devices, pre-filtering of spur traffic is widely used so that the device receives only the data it needs to perform its primary functions (for example, related to network intrusion detection). Also, using a load balancing device, high-speed traffic can be divided approximately equally between multiple monitoring devices. In this case, it is often important that the integrity of the transmitted packet streams is maintained, that is, all packets belonging to the same stream must arrive at the same monitoring device in a group of load-balanced devices.

Traffic filtering and load balancing help protect investments in existing monitoring devices as increasingly high-speed network technologies are implemented. The functions of aggregation, regeneration, traffic filtering and load balancing are available in network packet brokers. Thus, if monitoring devices must frequently switch from one monitored channel to another and/or require traffic filtering and load balancing functions, you should connect these devices to network taps or SPAN ports through network packet brokers, rather than directly.

Use a bypass switch if you need to implement a trouble-free inline connection to a monitoring or information security device (for example, IPS). If this device stops functioning for any reason, the bypass switch will direct traffic around it and thereby preserve (for users) the availability of critical services and applications (for more details, see “Solutions for inline connection of monitoring devices”).

Ixia, a Keysight Business, produces a wide range of taps, bypass switches, and network packet brokers in the Vision family. Vision devices switch, aggregate, regenerate, filter and evenly distribute traffic to be monitored across monitoring devices connected to them. The most intelligent broker models in this family - Vision ONE and Vision 7300 - perform a broader set of functions, including deduplication and truncation of packets, providing them with highly accurate timestamps, identifying and monitoring application traffic (for more information, see “Functionality of Ixia monitoring solutions”). To centrally manage Vision network packet brokers installed on a controlled network, Ixia releases the Ixia Fabric Controller (IFC) solution.

The market for network monitoring systems offers a comprehensive new generation Intelligent Monitoring Fabric (IMF) solution from cPacket Networks. Compared to traditional network monitoring systems, the IMF solution has improved scalability, increased performance, provides deeper analysis of network operation, and reduces operating and capital costs. The IMF includes monitoring nodes that have the functions of a network packet broker and a network analyzer.

Cloud control

With cloud computing exploding in popularity, IT professionals must ensure data and application security, optimize cloud performance, and resolve cloud performance issues as quickly as possible. To perform the above tasks, cloud traffic control is required. Such control is provided by the Ixia CloudLens platform, designed to monitor the operation of private, public and hybrid clouds. In the process of monitoring the operation of a public cloud, the CloudLens platform operates in this cloud and provides a monitoring service with traffic filtering capabilities. CloudLens has a unique peer-to-peer architecture that retains all the benefits of cloud computing, including flexibility and on-demand scalability. The peer-to-peer architecture provides direct connections between cloud instances that generate monitored traffic and virtual monitoring devices. Competing solutions use a central node that aggregates and filters traffic. Such a monitoring system is less scalable, more expensive, and less flexible.

CloudLens peer-to-peer architecture

Part of the CloudLens platform is the CloudLens Private solution, focused on monitoring private clouds. This solution forks traffic from virtualized networks, processes the traffic, and delivers monitored packets to virtual or physical monitoring devices.

Take care of monitoring in advance

It is recommended to initially plan the implementation of the monitoring infrastructure as an integral part of the future network and, when building it, to install equipment for connecting monitoring devices along with other network equipment.

When organizing a network monitoring system, it is necessary to provide for the ability to monitor the traffic of critical network channels at the access, distribution and network core levels, as well as in the data center where the enterprise servers are located.

Since many high-speed lines are concentrated in the data center and in the network core, it is recommended to install multiport aggregation taps and network packet brokers there. The use of this equipment will reduce the number of network monitoring devices, since if it is possible to aggregate and switch traffic from key network points, there is no need to install a monitoring device at each of them.

Currently, high-speed network technologies providing data transfer rates of up to 100 Gbit/s are becoming increasingly widespread in data center backbones and corporate networks. The use of these technologies can significantly reduce the number of lines in the network core and reduce the cost of its maintenance, but at the same time, the requirements for the reliability of each high-speed line increase, since its failure will affect the work of a larger number of users and applications. Obviously, during the operation of a data center or corporate network, the trunk line cannot be disconnected even for a few seconds in order to insert a fiber-optic tap into it to feed the traffic of this line to the monitoring device. Therefore, it is better to install taps on trunk lines initially (even at the stage of deployment of the cable system). This will make it possible in the future, if any problems arise, to quickly connect the necessary monitoring or diagnostic devices to the lines of interest without disconnecting them.

Our programs for system administrators will help you keep abreast of everything that happens in the computer park and enterprise network, respond in a timely manner to equipment failures and software problems, and minimize costs and downtime. This page presents programs for monitoring the network, servers and hosts, for PC inventory, accounting for installed programs and licenses, creating reports on computer hardware, for accounting traffic on the network, for studying the network topology and creating graphical diagrams of local networks.

A network administrator may also find useful programs for searching files on local networks and auditing user access to file resources of servers over the network. All these programs will help the system administrator improve the performance of network devices and servers and ensure the proper level of security in the enterprise network.

10-Strike programs are included in the unified register of Russian computer programs of the Ministry of Communications and can participate in government procurement.

Programs for network administrator, network utilities

Computer Inventory (Pro) 8.5

— a program for inventory and accounting of installed software and hardware on computers in local networks. “Computer Inventory” allows system administrators to keep track of computers on the enterprise network, view the configurations of remote computers and lists of installed programs over the network, and track configuration and software changes. The program contains a powerful report generator. For example, you can create . At planning upgrades can be created report containing computers with insufficient disk or RAM memory. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike LANState (Pro) 8.8r

— program for monitoring servers and computers on the network, allowing you to visually observe the current state of your network at any time. LANState monitors hosts on the network, monitors connections to network resources, monitors traffic, and signals various events. LANState contains many functions useful for network administrators: sending messages, shutting down remote computers, scanning hosts and ports, obtaining various information from remote computers (access to the registry, event log, etc.). Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Network Monitoring (Pro) 5.5

— program for monitoring servers and other network devices, monitors the performance of the network and notifies the administrator of problems. Find out in time about a failure that has occurred (connection loss, server disk space running out, service stop, etc.) and fix the problem with minimal loss of time. The program signals problems using sound, on-screen messages, by e-mail, and can launch external programs and services, as well as restart computers and services. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

"Software Accounting" 8.5

— a program for inventory and accounting of installed software on computers in local networks. "Software Accounting" allows network administrators to maintain a database of installed programs on network computers and track changes. The program contains a report generator. For example, you can create reports on the presence of certain programs on computers and their quantity.

Local network monitoring: systems and methods of operation

Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Network Diagram 3.33

— program for constructing a local network diagram, which allows you to discover network devices and place them on a map. If your switches support the SNMP protocol, the program will draw connections between devices automatically. All that remains is to move the device icons with the mouse and your network diagram is ready. You can modify the diagram using powerful built-in editing tools, add connections, apply inscriptions, draw areas, fill them with different colors. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Traffic Accounting 3.7

— network traffic accounting program, monitors the volume of downloaded data and the speed of information transfer on the network. You can monitor traffic both on user computers and on switch ports. Alerts allow you to know in time about traffic overload on any port. You can monitor the distribution of loads on the channel in real time, build graphs, diagrams and reports. All collected traffic consumption data is stored in a database for statistical analysis and reporting. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Remote Access 5.0

— program for managing remote computers over the network. You can configure access to computers of network users and administer their PCs remotely. The program provides a Helpdesk mode for providing technical assistance. support for remote clients via the Internet. You can connect to PCs and servers within the network, or access computers on the Internet using accounts or hardware IDs. In this case, there is no need to forward ports through the router/router. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Network File Search (Pro) 2.3r

— program for searching files on local network computers(via NetBios and FTP protocols). Enter a phrase or file masks and find the information you need. When viewing search results, found files can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. You can set filters by file size and modification date. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Connection Monitor (Pro) 4.8r

— program for monitoring network connections of users over the network to a shared folderand files, allows you to find out in time about connections of network users to your computer. The program beeps, displays alerts on the screen, and keeps a detailed log of connections, which records information about who and when connected to the computer’s network folders, what files were opened, etc. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike: Network Scan 3.0 FREE!

— scanner of local networks, IP addresses and hosts. This free program allows you to scan your local network and detect active hosts, computers and servers. Supports scanning of IP address ranges and many protocols for detecting network devices (ICMP ping, searching for open TCP ports, NetBios, SNMP, UPnP, ...). If you have administrator rights, you can read a lot of useful information from Windows computers. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Sets of network programs for system administrators

Software suites for system administrators allow you to save money when purchasing several of our network programs or all at once. Get three programs for the price of two and so on. For example, when purchasing Full set of administrator programs in option " for the organization"(without restrictions on the number of workstations), consisting of all our programs for network administrators, you can save up to 100,000 rubles or 45%!

Other utilities

10-Strike SearchMyDiscs 4.43r

— CD cataloger (CD, DVD).

With its help, you will quickly find the files you need on the CDs and DVDs of your collection. SearchMyDiscs helps you organize your CD and DVD collections, allowing you to find the disc you need in a few seconds. If you are tired of searching for the right disk every time, this program is for you! Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Log-Analyzer 1.5

— Apache web server Raw log file analyzer. Creates various reports and histograms. The program has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who is coming to you and from where. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Payment and delivery

When ordering programs by legal entities, payment by bank transfer is accepted. Invoices are issued electronically and an agreement is concluded. Electronic delivery: the distribution kit is downloaded from our website, registration keys are sent after payment by e-mail. After payment, the original contract and documents for accounting are sent to the buyer by mail.

Issue an invoice (indicate the required programs and types of licenses, your details and the name of the director for the agreement)

All our programs are also presented in the Softkey and AllSoft online stores (follow the “buy” links from our website).

Network monitoring

Introducing ZABBIX - a program for monitoring and analyzing all the main parameters of a local network.

Why do you need a local network monitoring system?

Local network monitoring

The ZABBIX solution allows you to quickly assess and diagnose the state of the local network as a whole, carry out express monitoring of the main parameters of local network servers, and monitor network equipment and workstations.

Server monitoring

The system administrator will always know how much free space is left on the hard drives, how much the processors and RAM are loaded. Thus, based on objective data, decisions can be made on redistributing the load between servers, upgrading existing servers, or on the need to purchase additional ones.

Prompt notification of emergency situations

The most important function of ZABBIX is to notify personnel of any impending or emerging problems. The operational notification mechanism includes services for sending electronic mail messages (e-mail) and SMS via mobile communication channels. Using remote monitoring of your company's local and computer network, the system administrator, even while away from the office, will be able to prevent possible failures and troubleshoot problems that arise.

Emergency prevention

Zabbix can warn the system administrator, for example, that the server's hard drive is about to run out of space, about increased CPU load, or about RAM loading. Thus, the system administrator can take measures to prevent it even before an emergency occurs.

What interface does the local network monitoring system have?

For operational online monitoring of network status, diagnostics and analysis of load parameters of server equipment, ZABBIX provides a convenient WEB interface. Thus, thanks to advanced monitoring and analysis of the basic parameters of the local network, network and server equipment, the system administrator from anywhere will have access to such critical parameters as decreasing disk space, increased load on local network server processors, RAM overload and much more.

What is network monitoring and why is it needed?

How much does the ZABBIX local network remote monitoring system cost?

Why is it profitable for you to order the implementation of a local network monitoring system from us?

Setting up ZABBIX, like any complex software product, requires high qualifications and experience; the work on setting up ZABBIX is very responsible and painstaking. Our system administrators have extensive experience in configuring and supporting remote monitoring systems and are fluent in the technology of its installation and configuration.

Implementation of the ZABBIX network monitoring system includes:

How much does it cost to install and configure a local network monitoring system?

* For a large number of similar units, a discount is provided

You can also contact us by phone. Call us!

7 (495) 665-2090

ZABBIX is a completely free application

Zabbix is written and distributed under the GPL General Public License version 2. This means that its source code is freely distributed and available to an unlimited number of people.

Express audit of the local network and preparation of technical specifications

Installing the ZABBIX system on your equipment

Configuring ZABBIX to monitor key local network nodes

Installing ZABBIX clients on the main nodes of the local network

Setting up notifications to the system administrator's email

Good network monitoring and management programs help the administrator:

identify conditions that lead to problems;

solve network problems;

prevent network failures.

Since this approach saves time and money, saves equipment, data and user nerves, in the long run it will be preferred over finding out the causes of the failure after it has occurred.

If network management is done correctly, it can also be seen as a proactive solution to problems. ISO has identified five categories of network management that are directly related to proactive problem solving.

1.Manage accounts for registering and issuing reports on the operation of network resources.

2.Configuration management to control network components and their parameters.

3. Failure prevention to find and isolate network problems.

4.Performance management to monitor, analyze and control data flows in the network.

5.Security management to track and control access to network resources.

Controls are means of solving problems. At first, it will take you some time to understand what statistical information you should receive on a regular basis. You will have to collect data in order to then draw conclusions about the characteristics of normal network operation. By knowing how the network should operate normally, you can monitor changes in this data (they often indicate potential problems in the network).

Modern network operating systems have built-in network monitoring utilities. They will help you monitor the operation of the network, build a reference graph of its behavior (as part of a program for early troubleshooting). These tools use three types of information:

event logs, which record errors, actions and situations affecting

security system, or other facts important for diagnosing problems;

resource access statistics, which stores information about who uses network resources and how;

performance statistics that reflect CPU load, server throughput and memory usage.

MicrosoftWindowsNTServer, for example, has a PerformanceMonitor utility that provides an overall picture of the state and activity of the system.

A network administrator can use PerformanceMonitor:

to analyze network operation both in real time and in recording;

identifying trends in its work;

identifying bottlenecks;

recording the effects of changes in the system and configuration;

determining system capacity;

monitoring local or remote computers;

notifications to administrators about critical events;

monitor the performance of processors, hard drives, memory and processes;

viewing key parameters of the system as a whole.

Reference chart

Knowing how the network behaves during normal operating conditions is just as important as knowing how to troubleshoot the problems that caused the network to fail. Monitoring and documenting in detail the normal operation of your network will give you information from which you can create a reference graph of its behavior. And in case of any problems, you will compare the current behavior of the network with the reference one.

The reference schedule is created in advance when the network is functioning normally. It will help you determine:

general picture of network congestion during the day;

narrow places;

an overall picture of network usage by individual computers;

an overall picture of the schedule of various protocols.

The PerformanceMonitor utility is designed to monitor computer performance in real time, which allows you to find almost all bottlenecks. Figure 8.4 shows the %ProcessorTime curve, which reaches 100 percent. If this happens frequently (over a long period this figure is close to 100 percent), the bottleneck is the processor.

By analyzing the system behavior graph, you can prevent problems from arising, since it will tell you:

the network must be divided into several segments;

the number of file servers should be increased;

it is necessary to replace network adapters with more efficient ones.

Network management programs and proactive troubleshooting

Modern network management software offers a number of measures that will lead to proactive resolution of network problems.

Cross-checking and continuous monitoring of interacting network components (to ensure that a failure in one component does not appear to be a failure in another, healthy one).

Identifying invalid or erroneous packets.

Periodic inspection of network components, testing of interfaces and monitoring of network activities.

Notification of the need to expand the network with new computers (or other components) and technologies.

Maintain a log (file) of errors (in adapters, cables and other components) and notify the administrator about them. Advanced management programs may even offer you one of the solutions to the problem.

Monitoring the operation of servers (including print servers and gateways), recording the results and notifying the administrator in case of network problems.

Maintaining network traffic history and error statistics. This includes information about the status of routes between computers and between LANs.

The management program can save all the interesting information in its log and import it into other files or databases. To present this information in a different form, the administrator must use other application programs.

In a large network, good management programs transmit this information to a central computer, where the administrator typically stores a detailed history of the remote LAN.

Summary

Network management is a multifaceted process. It also includes monitoring network behavior, which can be seen as a way to proactively troubleshoot problems. If planning, monitoring and management are carried out correctly, then problems will arise much less frequently. When planning a network, an administrator must implement concepts and procedures designed with one goal in mind: preventing a problem before it occurs. These plans include backup, unification, continuous improvement, and documentation.

Special utilities help the network administrator solve these problems. WindowsNT has built-in network monitoring and management programs that keep statistics on performance and resource access, as well as event logs.

An important part of network management is a reference graph of its behavior. It is created gradually, and very carefully and in detail. If the network begins to fail, the administrator should first refer to this graph. It compares current workload graphs with it, looks for potential bottlenecks, analyzes the number of errors and general performance statistics.

Solving network problems

Methodology

Despite the most sophisticated plans, monitoring and support, network problems will still arise. A network administrator or support engineer will be able to identify and resolve them more quickly if they take a structured approach rather than trying to apply all possible solutions one at a time.

Structural approach

The structured approach consists of five steps.

1. Determining the priority of the problem.

2.Collect information to identify symptoms.

3.Development of a list of possible causes.

4. Isolation of the problem.

5.Analysis of inspection results to develop a solution.

Determining Priority

The first step in a structured approach is to categorize problems according to their importance. Every user naturally wants his computer to be “fixed” before others. Therefore, first, the administrator or support engineer, having received a signal about a problem, must set its priority.

Setting priorities for solving network problems means determining the degree of impact each problem will have on the network. For example, the board in the monitor burned out and it stopped working. The board simply needs to be replaced, which is much less interesting for the administrator than dealing with someone's CD-ROM drive or sound system. But it's probably more important to fix the user's monitor than the gamer's CD-ROM.

You cannot solve all problems at once. And do they all require an immediate solution? What problems need to be solved first?

Collection of information

Collecting information is the foundation for error-free problem isolation. The administrator must have a reference graph of network behavior in order to compare its current behavior with it. In addition, while gathering information, you need to inspect the network and identify obvious causes of the problem. A quick review should include an inspection! network documentation to find out if this problem has occurred before and what solution was adopted.

User survey

If you ask users the right questions, their answers will help clarify the situation. The engineer should ask, “Why do you think the network is not OK?” The following user observations may tell you the symptoms of the problem.

"The network is slow."

"I can't contact the server."

"I was connected to the server, but the connection was lost."

"One of my apps isn't working."

"I can't print on the printer."

An experienced administrator or support engineer, taking into account the user's observations, asks him a series of questions like or or And Not really, to narrow down the possible causes. For example:

Who was affected by the failure: everyone, someone in particular, or randomly one or another user?

Is the entire network down or just one computer?

Did this problem occur before the upgrade?

Does this problem happen all the time or does it happen from time to time?

Does this problem occur with all applications or with just one?

Has there been anything similar before?

Have new users appeared on the network? Has new equipment appeared on the network?

Was there any application installed before the problem occurred? Has any equipment been moved recently?

Which suppliers' products are involved?

Is there a pattern of problems with a specific vendor or specific components (cards, hubs, disk drives, applications, or networking software)?

Has anyone tried to solve this problem?

In addition, the network administrator or support engineer should consider the following factors:

versions of applications, operating systems and other software;

changing the configuration of network components or the network operating system.

As you become a network administrator or support engineer, you will become more familiar with your network's components and applications and have a better idea of where to look first for possible causes of problems.

Dividing the network into segments

If a preliminary inspection of the network does not reveal the cause of the problem, the administrator or support engineer should mentally break the network into as many segments as possible so that they are dealing with a small portion of the network rather than the entire network.

Having identified the segment in which the problem is supposedly hidden, the administrator or support engineer should check all the components of this segment in turn:

adapters;

concentrators;

cables and connectors;

connecting components (repeaters, bridges, routers and gateways);

protocols.

Particular attention should be paid to network protocols: they are designed precisely to try to overcome any network errors.

Most protocols have a built-in mechanism for retrying failed operations, which tries to automatically restore the network's functionality. The launch of this mechanism is immediately noticeable as the network slows down due to a large number of retries.

This mechanism increases network reliability, but at the same time makes it difficult to identify the causes of some network problems, since the same symptom sometimes indicates several problems.

Here again, a list of questions aimed at narrowing down the range of possible causes will come in handy. At this stage, it is important to understand how each component is supposed to work and what the consequences of its failure may be. A reference graph of network behavior will also be useful.

Questions could be:

What computers can operate on the network?

Can a computer that is not connected to a network work autonomously?

Does the network adapter work on a computer that is not on the network?

Is there normal traffic on the network?

Possible reasons

After summing up all the information you have collected, develop a list of possible causes of the problem. Try to rank them in descending order of likelihood.

Isolating the problem

Having chosen the most likely cause, test the “suspected” component and find out how valid your guesses are. For example, if you suspect that one of your computers has a faulty network adapter card, try replacing it with another one that is known to work.

Analysis of results

If the test confirms your assumption, then the reason (or one of the reasons) has been found. If testing does not produce results. You should do it all over again. And if the list of possible reasons has dried up without revealing the problem. You will either have to return to the information gathering stage or ask for help.

Outside help

Most network administrators and support engineers pride themselves on being able to identify and fix network problems without outside help. They strive to gain respect and authority as excellent specialists. However, there are situations when it is impossible to do without someone else's intervention.

Firstly, there are other specialists in your company who will certainly help you. Secondly, you can contact the technical support of the hardware or software manufacturer. It would be a good idea to contact the supplier who sold you the network components for information.

The best administrators and support engineers are the ones who know when and where to ask for help (these are the ones that users respect the most).

The most important tasks for system administrators are monitoring the performance of communication nodes, servers and services necessary for the reliable operation of the entire enterprise, as well as maintaining the computer park entrusted to them in proper condition. Nowadays, high-quality monitoring of computers on an enterprise’s local network is provided by multifunctional programs, many of which are distributed as open access.

An effective monitoring application allows IT specialists to monitor the status of network hosts, also in a visual form - on graphical diagrams and diagrams. The program periodically scans the network, studying its topology, and independently creates a diagram of device connections.

Monitoring hosts and network services

In addition to visual monitoring of the status of network devices, the software makes it possible to organize testing of hosts and services (including local resources or Internet servers) using a variety of network protocols and configure and use a convenient way to notify system administrators about positive or negative test results. The methods can be different: the appearance of a message on the computer screen of an IT specialist, a special sound, sending an email or SMS to the phone. In some cases, an application for monitoring computers on an enterprise's local network can restart some remote service or execute a script pre-written for it (then some failures will be resolved automatically).

If the program implements such a function, then all devices connected to the network will be clearly displayed on its diagram. Just by looking at their icons, a specialist will understand which of them are working normally and which are not functioning correctly. This feature makes it easier to diagnose group failures. The obtained test results are entered into a single database; As statistical information accumulates, it will be possible to build graphs to study changes in device response and track other parameters being tested.

Modern programs for monitoring computers on a local network make it possible to create a kind of control panel for the enterprise’s network infrastructure, with the help of which the employee responsible for the network can both monitor its important elements and check equipment parameters, and effectively manage remote hosts. Using the hosts context menu, you can view various data about remote hosts on the network: check SNMP information from switches, access the registries of remote computers, view running processes and event logs, restart services, and perform other actions.

Some programs not only monitor computer resources, but also help keep track of devices and software applications on network PCs. Thanks to them, the system administrator has the opportunity to obtain almost any information about the hardware and software on computers on the corporate network. Data collection takes place remotely, this allows not to interfere with the work of enterprise employees and saves the working time of system administrators.

PC monitoring programs on a local network allow you to keep accurate records of hardware. IT specialists will be able to quickly find out about the loss or malfunction of any component or about its replacement. When changes are detected, they are logged and the network administrator is notified. If you need to monitor certain parameters on user workstations at a specific frequency and receive alerts when they change, it may be possible to set up data collection on a schedule. In this case, computer resources will be monitored automatically.

Many programs not only generate reports on computer components, but also monitor their performance - the functioning of hard drives and their temperature are monitored. When a drive overheats or an application predicts that it may fail, the system administrator will see a report containing criticism of the PC's performance with a warning.

Accounting for software and licenses

If necessary, software monitoring software in local enterprise networks allows you to track changes in installed programs. In cases where user rights are not strictly limited, one of the company's employees may install an unwanted or unlicensed application on their computer. When monitoring, when software is installed or uninstalled, any change is recorded and logged. This means that the system administrator will always know which programs were installed and where they were installed or removed from.

Often when monitoring computer resources, serial numbers and program licenses are tracked, the number of software installations is counted, and the correct use of serial numbers is monitored. All these measures really help to avoid problems when checking corporate software for licensing purity. In order to increase the level of security and fault tolerance of computers, a number of special monitoring programs have the functions of viewing completed software and system updates and generating a report on the operation of anti-virus software and the relevance of its databases.

Data collected by the program from network computers and displayed on the screen of the system administrator's PC can be included in a report. They can then be printed or exported to a specific database. In addition to automatically collected information, many applications for monitoring computer resources allow you to manually enter equipment serial numbers, office numbers of their users and their contact information.

If the program has a function for generating summary tables, this will allow the IT specialist to find out which device is outdated and it’s time to replace it. The presence of special filters will allow you to set the necessary conditions for including a PC in the table. For example, make a list of workstations with processors of a specific brand or certain software applications, memory capacity, with a small amount of free disk space and other parameters.

Program selection

When deciding on the choice of specific software, you should take into account not only its functionality, but also the complexity of the setup procedure. Often, installing free systems is accompanied by enormous difficulties, as a result of which the setup can last for months and even never end. Therefore, when choosing, you need to carefully weigh all the pros and cons of a particular solution: often not too expensive and not very well-known developments can bring more benefits due to the ease of setup, and therefore saving the system administrator’s working time, which, especially in a large enterprise, requires. there will always be something to spend.

The mantra of the real estate world is Location, Location, Location. For the world of systems administration, this sacred text should read like this: Visibility, Visibility and Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A disaster inevitably awaits you. Fortunately for you, there are many good programs available on the market, both commercial and open source, that can set up your network monitoring.

Because good and free is always more tempting than good and expensive, here's a list of open source software that proves its worth every day on networks of all sizes. From device discovery, monitoring network equipment and servers, to identifying network trends, graphically displaying monitoring results, and even backing up switch and router configurations, these seven free utilities are likely to surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author, Tobias Oetiker, saw fit to write a simple graphing tool using a ring database originally used to display router throughput on a local network. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), allowing you to store, process and graphically display dynamic information such as network traffic, processor load, temperature, and so on. RRDTool is now used in a huge number of open source tools. Cacti is the current flagship open source network graphics software and takes MRTG principles to a whole new level.

From disk usage to fan speed in the power supply, if the indicator can be monitored,Cacti will be able to display it and make this data easily accessible.

Cacti is a free program included in the LAMP suite of server software that provides a standardized software platform for plotting virtually any statistical data. If any device or service returns numeric data, then it can most likely be integrated into Cacti. There are templates for monitoring a wide range of equipment - from Linux and Windows servers to Cisco routers and switches - basically anything that communicates using SNMP (Simple Network Management Protocol). There are also collections of third-party templates that further expand the already huge list of Cacti-compatible hardware and software.

Although the standard method for collecting Cacti data is SNMP, Perl or PHP scripts can also be used for this. The software system's framework cleverly separates data collection and graphical display into discrete instances, making it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and individual parts of the charts simply by clicking on them and dragging.

So, for example, you can quickly look at data from several past years to understand whether the current behavior of network equipment or a server is anomalous, or whether similar indicators occur regularly. And using Network Weathermap, a PHP plugin for Cacti, you can easily create real-time maps of your network, showing the congestion of communication channels between network devices, implemented using graphs that appear when you hover your mouse over the image of a network channel. Many organizations using Cacti display these maps 24/7 on wall-mounted 42-inch LCD monitors, allowing IT teams to instantly monitor network congestion and link health information.

In summary, Cacti is a powerful toolkit for graphically displaying and trending network performance that can be used to monitor virtually any monitored metric represented in a graph. The solution also supports virtually limitless customization options, which can make it overly complex for certain applications.

Nagios

Nagios is an established network monitoring software system that has been in active development for many years. Written in C, it does almost everything that system and network administrators would need from a monitoring application package. The web interface of this program is fast and intuitive, while its server part is extremely reliable.

Nagios can be a challenge for beginners, but the fairly complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, Nagios has a very active community behind it, so various plugins exist for a huge range of hardware and software. From simple ping checks to integration with complex software solutions, such as, for example, WebInject, a free software toolkit written in Perl for testing web applications and web services. Nagios allows you to constantly monitor the status of servers, services, network links and everything else that understands the IP network layer protocol. For example, you can monitor the use of disk space on the server, RAM and CPU load, the use of the FLEXlm license, the air temperature at the server outlet, delays in the WAN and Internet channel, and much more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios does this well: the software platform offers a customizable mechanism for notifications via email, SMS and instant messages of most popular Internet instant messengers, as well as an escalation scheme that can be used to make smart decisions about who, how and when what circumstances should be notified, which, if configured correctly, will help you ensure many hours of restful sleep. And the web interface can be used to temporarily pause receiving notifications or confirm a problem has occurred, as well as for administrators to make notes.

In addition, the mapping feature shows all monitored devices in a logical, color-coded representation of where they are on the network, allowing problems to be shown as they occur.

The downside to Nagios is the configuration, as it is best done through the command line, making it much more difficult for newbies to learn. Although people familiar with standard Linux/Unix configuration files should not experience any special problems.

The capabilities of Nagios are enormous, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits this tool provides for so many aspects of the network can't be overstated.

Icinga

Icinga began as a fork of the Nagios monitoring system, but has recently been rewritten into a standalone solution known as Icinga 2. At the moment, both versions of the program are in active development and available for use, while Icinga 1.x is compatible with a large number of plugins and configuration Nagios. Icinga 2 was designed to be less clunky, more performance oriented, and easier to use. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 offers.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks IP, as deep as you can using SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this monitoring software solution and Nagios is the configuration, which can be done through the web interface rather than through configuration files. For those who prefer to manage their configuration outside of the command line, this functionality will be a real treat.

Icinga integrates with a variety of monitoring and graphing software packages such as PNP4Nagios, inGraph and Graphite, providing robust visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet into switches and search by MAC address to find devices on your network, or you just want to be able to determine the physical location of certain equipment (or perhaps even more where it was previously located is important), then you might be interested in taking a look at NeDi.

NeDi constantly scans the network infrastructure and catalogs devices, tracking everything it discovers.

NeDi is free LAMP-related software that regularly scans the MAC addresses and ARP tables on the switches on your network, cataloging each detected device in a local database. This project is not as well known as some others, but it can be a very useful tool when working with corporate networks where devices are constantly changing and moving.

You can run a search through the NeDi web interface to identify a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, pulling from them serial numbers, firmware and software versions, current timings, module configurations, etc. You can even use NeDi to mark MACs. addresses of devices that have been lost or stolen. If they reappear online, NeDi will notify you.

Discovery is run by a cron process at specified intervals. Configuration is simple, with a single configuration file that allows for much more customization, including the ability to pass devices based on regular expressions or specified network boundaries. NeDi typically uses the Cisco Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connects to them to collect their information. Once the initial configuration is established, device discovery will occur quite quickly.

NeDi can integrate with Cacti to a certain level, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project—now better known as Ntopng to the “new generation”—has come a long way over the past decade. But call it what you want - Ntop or Ntopng - the result is a top-notch network traffic monitoring tool paired with a fast and simple web interface. It is written in C and is completely self-contained. You start one process configured to a specific network interface, and that's all it needs.

Ntop is a web-based packet analysis tool that shows real-time data about network traffic. Information about the data flow through the host and the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and historical network traffic, including the protocol, source, destination, and history of specific transactions, as well as the hosts on both ends. Additionally, you'll find an impressive array of real-time network utilization graphs, charts, and maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even find Nbox, a hardware monitor that is built into Ntop.

In addition, Ntop includes an API for the Lua scripting programming language, which can be used to support extensions. Ntop can also store host data in RRD files to enable continuous data collection.

One of the most useful uses of Ntopng is to control traffic at a specific location. For example, when some network channels are highlighted in red on your network map, but you don’t know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefits of such network visibility are difficult to overestimate, and it is very easy to obtain. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is a full-blown network and system monitoring tool that integrates multiple functions into a single web console. It can be configured to monitor and collect data from a wide variety of servers and network devices, providing maintenance and performance monitoring for each site.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on controlled systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors, providing detailed data on hypervisor performance and activity. Particular attention is also paid to monitoring Java application servers, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; Widely used services such as SMTP and HTTP, as well as ICMP and IPMI for detailed monitoring of network hardware. In addition, custom checks written in Perl, Python or almost any other language can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and issue escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so your script can run on a monitored host if certain event criteria are observed.

The program displays performance data such as network bandwidth and CPU load in graphs and aggregates it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows that display the current status of monitored devices.

Zabbix can be difficult to implement initially, but judicious use of automatic discovery and various templates can alleviate some of the integration difficulties. In addition to being an installable package, Zabbix is available as a virtual appliance for several popular hypervisors.

Observium

Observium is a program for monitoring network equipment and servers, which has a huge list of supported devices that use the SNMP protocol. As LAMP software, Observium is relatively easy to install and configure, requiring the usual Apache, PHP and MySQL installations, database creation, Apache configuration and the like. It installs as its own server with a dedicated URL.

Observium combines system and network monitoring with performance trend analysis. It can be configured to track almost any metrics.

You can go into the GUI and start adding hosts and networks, as well as set auto-discovery ranges and SNMP data so Observium can explore the networks around it and collect data on each system it discovers. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to assist in data collection.

All of this collected information is available through an easy-to-use user interface that provides advanced capabilities for statistical data display, as well as charts and graphs. You can get anything from ping and SNMP response times to graphs of throughput, fragmentation, number of IP packets, etc. Depending on the device, this data may be available for every detected port.

As for servers, Observium can display information about the state of the CPU, RAM, data storage, swap, temperature, etc. from the event log. You can also enable data collection and graphical display of performance for various services, including Apache, MySQL, BIND, Memcached, Postfix and others.

Observium works well as a virtual machine, so it can quickly become the primary tool for obtaining information about the health of servers and networks. This is a great way to add automatic discovery and graphical representation to any size network.

Too often, IT administrators feel limited in what they can do. Whether we're dealing with a custom software application or an "unsupported" piece of hardware, many of us believe that if the monitoring system can't handle it right away, it won't be possible to get the data we need in that situation. This is, of course, not true. With a little effort, you can make almost anything more visible, accounted for, and controlled.

An example is a custom application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and diagrams, designed in one form or another. If you're already using, say, Cacti, you have several options to output the collected data in the required format. You can, for example, write a simple Perl or PHP script to run queries on the database and pass those calculations to Cacti, or you can make an SNMP call to the database server using a private MIB (Management Information Base). One way or another, the task can be completed, and done easily, if you have the necessary tools for this.

Most of the free network equipment monitoring utilities listed in this article shouldn't be difficult to access. They have packaged versions available for download for most popular Linux distributions, as long as they are not included with it initially. In some cases they may be pre-configured as a virtual server. Depending on the size of your infrastructure, these tools can take quite a bit of time to configure and configure, but once they're up and running, they'll be a solid foundation for you. At the very least, it's worth at least testing them.

No matter which of these above systems you use to keep an eye on your infrastructure and hardware, it will provide you with at least the functionality of another system administrator. Although it can’t fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent up front on installation and configuration will pay off in spades. Also, be sure to run a small set of standalone monitoring tools on another server to monitor the main monitoring tool. This is a case where it is always better to watch the observer.

Always in touch, Igor Panov.

Programs for network administrator, network utilities

A program for inventory and accounting of installed software and hardware on computers in local networks. "Computer Inventory" allows system administrators to keep track of computers on the enterprise network, view the configurations of remote computers and lists of installed programs over the network, and track configuration and software changes. The program contains a powerful report generator. For example, you can create reports on the presence of certain programs on computers and their quantity. At planning upgrades can be created report containing computers with insufficient disk or RAM memory. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring servers and computers on the network, allowing you to visually observe the current state of your network at any time. LANState monitors hosts on the network, monitors connections to network resources, monitors traffic, and signals various events. LANState contains many functions useful for network administrators: sending messages, shutting down remote computers, scanning hosts and ports, obtaining various information from remote computers (access to the registry, event log, etc.). Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring servers and other network devices, monitors the performance of the network and notifies the administrator of problems. Find out in time about a failure that has occurred (connection loss, server disk space running out, service stop, etc.) and fix the problem with minimal loss of time. The program signals problems using sound, on-screen messages, by e-mail, and can launch external programs and services, as well as restart computers and services. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for searching files on local network computers(via NetBios and FTP protocols). Enter a phrase or file masks and find the information you need. When viewing search results, found files can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. You can set filters by file size and modification date. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring network connections of users over the network to a shared folder and files, allows you to find out in time about connections of network users to your computer. The program beeps, displays alerts on the screen, and keeps a detailed log of connections, which records information about who and when connected to the computer’s network folders, what files were opened, etc. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

3.0 FREE!

- scanner for local networks, IP addresses and hosts. This free program allows you to scan your local network and detect active hosts, computers and servers. Supports scanning of IP address ranges and many protocols for detecting network devices (ICMP ping, searching for open TCP ports, NetBios, SNMP, UPnP, ...). If you have administrator rights, you can read a lot of useful information from Windows computers. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Sets of network programs for system administrators

Software suites for system administrators allow you to save money when purchasing several of our network programs or all at once. Get three programs for the price of two and so on. For example, when purchasing Full set of administrator programs in option " for the organization"(without restrictions on the number of workstations), consisting of our seven programs for network administrators, you can save up to 85,000 rubles or 30%!

Other utilities

- CD cataloger (CD, DVD). With its help, you will quickly find the files you need on the CDs and DVDs of your collection. SearchMyDiscs helps you organize your CD and DVD collections, allowing you to find the disc you need in a few seconds. If you are tired of searching for the right disk for a long time every time, this program is for you! Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- Apache web server Raw log file analyzer. Creates various reports and histograms. The program has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who is coming to you and from where. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Payment and delivery

Issue an invoice (indicate the required programs and types of licenses, your details and the name of the director for the agreement)

All our programs are also presented in the Softkey and AllSoft online stores (follow the “buy” links from our website).

Our clients: small and medium-sized businesses, government and budget institutions, hospitals, schools, colleges and institutes, banks, oil industry, telecoms.