Way back in 2015, we reviewed the must-have top free networking tools. And honestly, those reviews have stood the test of time. But now that time has passed, the landscape has changed, and we think it’s worthwhile to review those old choices and possibly add a few new ones.
Laying the Foundation
To build a network, you start with an architecture, draw the design, and analyze and choose the hardware that meets your requirements. Because many organizations need their network to be up and functioning to generate revenue, having the right set of tools to monitor and manage the one you so lovingly created is critical.
But how do you find the best network monitoring tools when there are hundreds of commercial products, freeware tools, and open-source software to choose from? While the debate about free versus commercial goes on, there are tried and tested, free network monitoring tools that many network admins swear by. Below, we will share some of our favorites with you.
Open-source choices are good and can even match commercial tools, but you should know that using open-source monitoring requires a high level of involvement with the tool, which may not perfectly suit your needs. As the saying goes, “Open-source is only free if your time is worthless.”
Open-source monitoring solutions often require a significant investment in time and resources. Missing features may have to be built with the help of community support or an in-house IT team. The second consideration is security, which may become an issue, depending on the tool you select and your enterprise’s security guidelines. Additionally, immediate custom fixes may not be available unless you spend time developing and maintaining them yourself.
When we need a network monitoring tool that is easy to install, and supports monitoring and reporting out of the box, we like SolarWinds® Network Performance Monitor (NPM). NPM acts as a single pane of glass to provide complete and comprehensive network monitoring capabilities that complement some of the essential free tools you may already use.
Because enterprise networks are becoming bigger and more complex, it’s important to put network monitoring and managing solutions in place early in the implementation phase.
What’s on the list?
If you do decide to go the free/open-source route, you should check out the following. It’s our list of the best free network monitoring tools available today.
Nagios® is the great-grand-daddy of monitoring tools, with only ping being more ubiquitous in some circles. Network admins like Nagios because it does everything. Whatever it doesn’t have can be built—or more likely, already has been built by incredibly engaged Nagios community.
There are two versions of Nagios. Nagios Core is open-source and free, and Nagios XI is a commercial tool based on the Nagios Core but with added features. Nagios is popular due to its active development community and external plug-in support. You can create and use external plugins in the form of executable files or Perl® and shell scripts to monitor and collect metrics from every hardware and software used in a network. There are plugins that provide an easier and better GUI, address many limitations in the Core®, and support features, such as auto discovery, extended graphing, notification escalation, and more. Nagios can be overwhelming for beginners as well as enterprises that don’t have enough IT support staff, but it provides good monitoring powers. For support, users can always get help from the Nagios community, or opt for a commercial support package from Nagios Enterprise.
If you have the time to invest in learning and mastering this tool, Nagios Core offers good network monitoring capabilities.
Cacti® is another of the monitoring warhorses that has endured as a go-to for network monitoring needs. It allows you to collect data from almost any network element, including routing and switching systems as well as firewalls, and put that data into robust graphs. If you have a device, it’s possible that Cacti’s active community of developers has created a monitoring template for it.
Cacti supports SNMP polling, which itself covers a wide range of network devices. You can also extend Cacti’s capabilities to use scripts, queries, or commands for data collection, and save it as a template to use for polling other devices for similar datasets. Cacti leverages the power of RRDTool, an open-source data logging and graphing system for creating graphs from the stored datasets. RRDTool’s data consolidation lets you store collected data forever and is limited only by the size of your storage. Cacti also allows you to add multiple users and give them access with or without edit permissions, which is perfect for service providers and enterprises with a large NOC team.
Admittedly complex to set up, Zabbix® comes with a simple and clean GUI that makes it easy to manage, once you get the hang of it. Zabbix supports agentless monitoring using technologies such as SNMP, ICMP, Telnet, SSH, etc., and agent-based monitoring for all Linux® distros, Windows® OS, and Solaris®. It supports a number of databases, including MySQL®, PostgreSQL™, SQLite, Oracle®, and IBM® DB2®. Zabbix’s VMware® monitoring capabilities allow you to customize using any scripting or programming language, which is widely regarded as its best feature.
Zabbix is probably the most widely used open-source network monitoring tool after Nagios.
ntop, which is now ntopng (ng for next generation), is a traffic probe that uses libpcap (for packet capture) to report on network traffic. You can install ntopng on a server with multiple interfaces and use port mirroring or a network tap to feed ntopng with the data packets from the network for analysis. ntopng can analyze traffic even at 10G speeds; report on IP addresses, volume, and bytes for each transaction; sort traffic based on IP, port, and protocol; generate reports for usage; view top talkers; and report on AS information. This level of traffic analysis helps you make informed decisions about capacity planning and QoS design, and helps you find bandwidth-hogging users and applications in the network. ntopng has a commercial version called ntopng pro that comes with some additional features, but the open-source version is good enough to quickly gain insight into traffic behavior. ntop can also integrate with external monitoring applications such as Nagios for alerting and provide data for monitoring.
ntopng has some limitations, but the level of network traffic visibility it provides makes it well worth the effort.
Built on top of MySQL and PostgreSQL, Icinga is Nagios backwards-compatible, meaning if you have an investment in Nagios scripts, you can port them over with relative ease.
Icinga was created in 2009 by the same group of devs that made Nagios, so they knew their stuff. Since then, the developers have made great strides in terms of expanding both functionality and usability since then. As the Nagios pedigree might imply, its primary focus is monitoring infrastructure and services.
Spiceworks offers many free IT management tools, including inventory management, help desk workflow, and even cloud monitoring, in addition to the network monitoring solution I’m focusing on here. Built on agentless techniques like WMI (for Windows machines) and SNMP (for network and *nix systems), this free tool can provide insights into many network performance issues. You can also set up customizable notifications and restart services from within the app.
Note that Spiceworks is free because most of its revenue comes from the sale of ad displays in its network. It’s a small price to pay for a free solution, but it’s something to think about before you install.
Observium follows the “freemium” model that is now espoused by most of the open-source community—a core set of features for free, with additional options if you pay for them. While the “Community” (i.e., free) version supports an unlimited number of devices, Observium is still careful to say that it’s meant for home lab use. This is bolstered by the fact that the free version cannot scale past a single server. Run this on your corporate network at your own risk!
The free version also enjoys a 6-month patch and update cycle. If you want fixes any faster than twice a year, you’ll have to pay for them. One of the most painful features held back from the free version is the lack of alerting capabilities. Those caveats aside, you get a full auto-discovery of your devices and metrics (using SNMP and standard protocols, as usual).
Related Top Tools for Network Monitoring
There are a few tools that aren’t monitoring solutions per-se but are so incredibly useful to the monitoring professional that we didn’t feel right leaving them out.
Wireshark® is an open-source packet analyzer that uses libpcap (*nix) or winpcap (Windows) to capture packets and display them on its graphical front-end, while also providing good filtering, grouping, and analysis capabilities. It lets users capture traffic at wire speed or read from packet dumps and analyze details at microscopic levels. Wireshark supports almost every protocol, and has functionalities that filter based on packet type, source, destination, etc. It can analyze VoIP calls, plot IO graphs for all traffic from an interface, decrypt many protocols, export the output, and lots more.
Wireshark provides unlimited opportunities to study packets, which makes it a solid go-to for network, system, and security admins.
Nmap uses a discovery feature to find hosts in the network that can be used to create a network map. Network admins value it for its ability to gather information from the host about the Operating System, services, or ports that are running or are open, MAC address info, reverse DNS name, and more.
Scalability is the other big reason why network admins love Nmap. It can scan a single host or an entire network with “hundreds of thousands” of machines.
When you need to quickly map the hosts in your network, Nmap is your tool.
Free Network Monitoring Tools
Most of the tools we’ve focused on in this post have been of the “freemium” variety—a limited set of features (or support) for free, with additional features, support, or offerings available for a cost.
But there is a whole other class of tools which are just free-free. They do a particular task very well, and there is no cost (with the exception of the odd pop-up ad during installation). We wanted to take a moment to dig into a few of the tools that are in “network_utilities” directories on our systems and frequently use.
Also, we want to be clear that the list below isn’t meant to be (or even appear) exhaustive. There are many, MANY useful free network monitoring tools out there, and which ones an IT pro uses is often up to personal preference or the specifics of their work environment. We’re listing out the ones we’ve found in our travels and use often.
Ping is great. Traceroute is better. But both fall short in modern networks (and especially with internet-based targets because the internet is intrinsically multi-path). A packet has multiple ways to get to a target at any moment. You don’t need to know how a SINGLE packet got to the destination; you need to know how ALL the packets are moving through the network across time. Traceroute NG does that and avoids the single biggest roadblock to ping and traceroute accuracy—ICMP suppression—at the same time.
If you are doing simple monitoring, the first question you’re going to want to know is, “is it up?” Following closely on the heels of that is, “how much bandwidth is it using?” Yes, it’s a simplistic question and an answer that may not really point to a problem (because let’s be honest, a circuit that’s 98% utilized most of the time is called “correctly provisioned” in our book), but that doesn’t mean you don’t want to know. This tool gets that information quickly, simply, and displays the results clearly.
We mentioned Wireshark over in the non-monitoring monitoring tools section because of its flexibility, utility, and ubiquity. But the “-ity” that was left out was “simplicity.” That sucker can be HARD to learn to use, especially for new network engineers fresh on the job. This utility will take Wireshark data and parse it out to show some important statistics simply and clearly. Specifically, it collects, compares, and displays the time for a three-way-handshake versus the time-to-first-byte between two systems. Effectively, it shows you whether a perceived slowdown is due to the network (three-way handshake) or application response (time to first byte). This can be an effective way to narrow down your troubleshooting work and focus on solving the right problem faster.
IP SLA is one of the most often-overlooked techniques in a monitoring specialist’s arsenal. Relegated to being “that protocol for VoIP,” the reality is that IP SLA operations can tell you much more than jitter, packet loss, and MOS. You can test a remote DHCP server to see if it has addresses to hand out, check the response of DNS from anywhere within your company, verify that essential services like FTP and HTTP are running, and more.
So, this free tool is something of a secret weapon for engineers who need to get miraculous tasks done on the cheap.
What have we learned?
Here in 2019, monitoring professionals have almost an embarrassment of riches when it comes to free and open-source solutions to help us do our jobs. While none of these free tools are exactly push-button simple to install, maintain, or use, if your budget for tools is close to non-existing and you have the time to invest, they may fit the bill. Otherwise, we’d recommend using a tool like SolarWinds NPM, which is easy to install and supports motioning and reporting right out of the box.