Leadership By Numbers

---

Netstat:

Netstat comes on every network OS that I know, with subtle differences between Windows and Unix/Linux.

If I'm suspicious of a bad NIC or heavy network congestion, Netstat is the tool I use first. Of course I'll ping a server-but the results only tell me four things: (1) ICMP packets are allowed, (2) the path is connected, (3) DNS resolution works (if I ping a DNS address and not the IP number), (4) network latency, and (5) the NIC is powered up. Ping is over relied upon for diagnostic information, because it is just one kind of network traffic and doesn't do much to indicate blocked ports, misconfigured subnets, or unresponsive server resources.

Netstat is the first network tool administrators will use because it will identify all open ports and provides TCP, IP, ICMP and UDP statistics. It also generates counters for network errors, something I find very useful for troubleshooting.

Ethereal:

My next tool is the venerable Ethereal, an open-source network sniffer. There is no substitute for turning on a sniffer and reading network traffic. Ethereal is not the equal to dedicated hardware protocol analyzers, but it is surprisingly capable.

If you've used Microsoft's Network Monitor, you'll find Ethereal familiar. You'll also want to read the book, as documentation is quite slim.

http://www.ethereal.com/

NTop:

An extraordinarily useful diagnostic tool that generates HTTP pages of network statistics. A few weeks back, we were experiencing some unusual network behavior that we suspected came from a misconfigured (or damaged) NIC. NTop identified subnet errors and pointed to a specific address. The address didn’t make sense, as all the client machines are DHCP and this particular address was out of range, and we couldn’t identify any possible system hosting it. Because NTop also tabulates MAC addresses, I looked up the manufacturer for the suspicious manufacture and found it to be APC. The problem NIC turned out to be our UPS, which the administrators had forgotten about.

If you go to http://www.NTop.org, you’ll find the download links. However, even though it is open-source, the Windows release requires payment. You have several choices: pay for the Windows version (they deserve the funding), compile your own executable from the available files, or go to http://www.openxtra.co.uk/ which freely provides the compiled Windows release of NTop.

Knoppix:

If you are not using Knoppix, then you probably aren’t a regular reader to my blog. Knoppix is a Live distribution of Linux that runs directly off of a CD (and it can be installed). I am always amazed at just how useful Knoppix is in any environment. I use http://www.Knoppix.net rather than the official http://www.knoppix.org for download links and forums.

Knoppix has some terrific tools in place. You’ll want to read Knoppix Hacks if you are not familiar with using it.

SysInternals

Finally, http://www.sysinternals.com has outstanding tools for the Windows administrator. Process Explorer is probably their best known release, but you can spend a lot of time with the various free tools they provide.