That’s all great, but how do you winnow out the best monitoring tools in a field of hundreds? Today, there are commercial products, freeware tools, and open-source software to choose from. While the debate about free versus commercial goes on, there are tried and tested, well-recommended, free network monitoring tools that many network admins swear by. I share some of my favorites with you below.
Open-source choices are good and can even match commercial tools, but you should know that using open-source monitoring requires a high level of involvement with the tool, which may not suit your needs. For one, open source requires a significant investment in time and resources to learn, install, configure, and use. Features may have to be built with the help of community support or an in-house IT team. The second consideration is security, which becomes an issue if your enterprise has strict security guidelines. Immediate custom fixes may not be available unless you spend time developing them. Or there could be instances when major security flaws aren’t discovered in the auditing process.
When we need a monitoring tool that is easy to install, supports monitoring and reporting out of the box, we like SolarWinds® Network Performance Monitor (NPM). NPM acts as a single pane of glass to provide complete and comprehensive network monitoring capabilities that complement some of the essential free tools you may already use.
What’s on my list?
If you choose free or open-source tools over something like NPM, you should check out the following. It’s my list of the best free network monitoring tools available today.
Nagios® is one of the most popular and widely used free network monitoring tools. Network admins like Nagios because it does everything. Whatever it doesn’t have can be built, or has been built by the Nagios community.
There are two versions of Nagios. Nagios Core is open source and free, and Nagios XI is a commercial tool based on the Nagios Core but with added features. Nagios is popular due to its active development community and external plug-in support. You can create and use external plugins in the form of executable files or Perl® and shell scripts to monitor and collect metrics from every hardware and software used in a network. There are plugins that provide an easier and better GUI, address many limitations in the Core®, and support features, such as auto discovery, extended graphing, notification escalation, and more. Nagios can be overwhelming for beginners and enterprises that do not have enough IT support staff, but it provides good monitoring powers. For support, users can always get help from the Nagios community, or opt for a commercial support package from Nagios Enterprise.
If you have the time to invest in learning and mastering this tool, Nagios Core offers good network monitoring capabilities.
Cacti® is a network monitoring tool that allows you to collect data from almost any network element, including routing and switching systems, firewalls, load balancers, and servers, and put that data into robust graphs. If you have a device, it’s possible that Cacti’s active community of developers has created a monitoring template for it.
Cacti supports SNMP polling, which itself covers a wide range of network devices. You can also extend Cacti’s capabilities to use scripts, queries, or commands for data collection, and save it as a template to use for polling other devices for similar data sets. Cacti leverages the power of RRDTool which is an open-source data logging and graphing system for storing polled data in the database, and creating graphs from the stored data sets. RRDTool’s data consolidation lets you store collected data forever, and is limited only by the size your storage. Cacti leveraging on RRDTool has the ability to generate any type of graph for any data set, and the graphing used in Cacti is the standard used by many open-source and commercial tools. Cacti also allows you to add multiple users and give them access with or without edit permissions, which is perfect for service providers and enterprises with a large NOC team.
Cacti’s strength lies in its community of developers who have contributed many plug-ins, scripts, and templates that can be used to monitor almost every type of device. We especially like its device support and graphing capabilities.
Wireshark® is an open-source packet analyzer that uses libpcap (*nix) or winpcap (Windows®) to capture packets and display them on its graphical front end, while also providing good filtering, grouping, and analysis capabilities. It lets users capture traffic at wire speed, or read from packet dumps and analyze details at microscopic levels. Wireshark supports almost every protocol, and has functionalities that filter based on packet type, source, destination, etc. It has the ability to analyze VoIP calls, plot IO graphs for all traffic from an interface, decrypt many protocols, export the output, and lots more.
Wireshark provides unlimited opportunities to study packets, which makes it a solid go-to for network, system, and security admins.
Admittedly complex to set up, Zabbix® comes with a simple and clean GUI that makes it easy to manage, once you get the hang of it. Zabbix supports agent-less monitoring using technologies such as SNMP, ICMP, Telnet, SSH, etc., and agent-based monitoring for all Linux® distros, Windows® OS, and Solaris®. It supports a number of databases, including MySQL®, PostgreSQL™, SQLite, Oracle®, and IBM® DB2®. Zabbix’s VMware® monitoring capabilities allow you to customize using any scripting or programming language, which is widely regarded as its best feature.
Zabbix is probably the most widely used open-source network monitoring tool after Nagios.
ntop, which is now ntopng (ng for next generation), is a traffic probe that uses libpcap (for packet capture) to report on network traffic. You can install ntopng on a server with multiple interfaces, and use port mirroring or a network tap to feed ntopng with the data packets from the network for analysis. ntopng can analyze traffic even at 10G speeds; report on IP addresses, volume, and bytes for each transaction; sort traffic based on IP, port, and protocol; generate reports for usage; view top talkers; and even report on AS information. This level of traffic analysis helps you make informed decisions about capacity planning and QoS design, and also helps you find bandwidth-hogging users and applications in the network. ntopng has a commercial version called ntopng pro that comes with some additional features, but the open-source version is good enough to quickly gain insight into traffic behavior. ntop can also integrate with external monitoring applications such as Nagios for alerting, and provide data for monitoring.
Ntopng has some limitations, but the level of network traffic visibility it provides makes it well worth the effort.
Nmap uses a discovery feature to find hosts in the network that can be used to create a network map. Network admins value it for its ability to gather information from the host about the Operating System, services, or ports that are running or are open, MAC address info, reverse DNS name, and more. Scalability is the other big reason why network admins love Nmap. It can scan a single host or an entire network with “hundreds of thousands” of machines.
When you need to quickly map the hosts in your network, Nmap is your tool.
ipMonitor It’s not a free tool, but you can use a free trial of SolarWinds ® ipMonitor ® for 14 days. ipMonitor is designed to provide essential monitoring for network devices, servers, and applications, offering visibility into the availability, usage, and performance of those critical components. It’s built to be extremely fast to set up, doesn’t require a third-party database or web server, and features easy alerting and reporting, customizable dashboards, built-in remediation capabilities, and even user experience monitoring. Learn More
That’s my list of the best free network monitoring tools. I hope you find it helpful.