Printers compare

Five free, dead-easy IP traffic monitoring tools

When you really need to know what's going on with your network, give one of these free monitors a try.

Monitoring your network can be a real pain. First and foremost, what tool should you use? Everyone you ask will give you a different answer. Each answer will reflect a different set of requirements and, in some cases, fill completely different needs. Here are the five network monitors I prefer, based on two criteria: They're free (as in cost) and easy to use. You might not agree with the choices, but at the price point, you'd be hard pressed to find better solutions.

1: Wireshark

Wireshark (Figure A) has always been my go-to monitor. When most other monitors fail to find what I want, Wireshark doesn't let me down. Wireshark is a cross-platform analyzer that does deep inspection of hundreds of protocols. It does live capture and capture save (for offline browsing), which can be viewed in GUI or tty mode. Wireshark also does VoIP analysis and can read/write many capture formats (tcpdump, Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, and many more).

Figure A

2: Angry IP Scanner

Angry IP Scanner (Figure B) is one of the easiest to use of all the IP scanners. It has a user-friendly GUI that can scan IP addresses (and their ports) in any range. Angry IP Scanner is cross platform and doesn't require installation, so you can use it as a portable scanner. It can get NetBIOS information, favorite IP address range, Web server detection, customizable openers, and much more. This little scanner makes use of mutlithreads, so it's going to be fairly fast. Source code is available on the download page.

Figure B

3: Zenmap

Zenmap (Figure C) is a graphical front end to the cross-platform Nmap tool. Nmap can scan huge networks, is portable, free, and well documented. It's one of the most powerful IP traffic monitors, but that power comes with a price: complexity. Zenmap takes Nmap and makes it more accessible to users who prefer to avoid the command line. That does not mean Zenmap is the easiest of the lot. You still need to use some commands. But Zenmap offers a powerful wizard-like tool to help you through the process.

Figure C

4: Colasoft Capsa Free

If you're an admin used to more Windows-like tools, Capsa Free (Figure D) might be the perfect tool for you. There are actually two versions of Capsa: paid and free. The free version should be enough in most cases. It provides an easy-to-use dashboard you can use to create various types of captures. Capsa Free also offers plenty of alarm configurations so you can be alerted when something occurs. And it can capture more than 300 network protocols, so you won't be missing out on anything with this free tool.

Figure D

5: EtherApe

EtherApe is a Linux-only tool and is molded after the classic etherman monitor. It's unique in that it offers an easy-to-use mapping of IP traffic on your network. It does this in real time and gives you a clear picture of the overall look of your network traffic. You can create filters (using pcap syntax) to make reading the map easier. As you can see in Figure E, a busy network can get rather challenging to read. EtherApe will display both the node and link color with the most-used protocol so it's easier to take a quick glance, even on a busy network.

Figure E

More tools?

A lot of networking monitoring tools are out there, and some of them do more auditing than the tools listed here. But when you really need to know what's going on with your network, one of the above tools will do a great job.

Have you used any of these tools? What other free scanners have you tried?

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

13 comments
Florian Staffort
Florian Staffort

Another great free IP traffic monitoring solution is PRTG Network Monitor: http://www.paessler.com/ip_traffic_monitor. It's developed by Paessler, a German based company I work for. In it's freeware version it offers 10 sensors, which you can easily upgrade if you need more. It also offers a lot of other functionalities besides IP traffic monitoring.

varankhan
varankhan

i am a new network administrator and i am running 500 systems on my network i want to get a report of my network and keep information of network traffic that from which system unicast broadcast streaming and downloding is going too much for these systems which uses too much my internet bandwidth i want to keep them in untrusted zone and continous get the report of these systems and rest of the systems in trusted zone which software which will be best use for this scenario. for this i want to have an eye on a range of ip's 

DWPNS
DWPNS

I'm a Network Administrator in an environment of over 1000 devices and nodes. I use a combination of the following to gather live stats and/or info at a glance. I'm a huge command-line geek so mostly I use Powershell, PCATTCP, iperf, nmap, wireshark, fping, nbtscan, net-snmp, just to name a few but I find for the GUI monitoring that a multi-tool approach works best. Sometimes, I want all the details without all the configuration work, and sometimes I want all the info at a glance so I can run reports, check heart-beat health etc. I use Spiceworks (sometimes), Nagios and Groundworks but always on display is Zenoss Core Dashboard, Packettrap Dashboard and Foglight Dashboards. I can quickly assess which nodes are experiencing problems and don't put all my eggs in one basket. Of course I'm an information freak and understand I may be a bit extreme in my approach.

derwil
derwil

Simple to use. There are two versions Freeware and Professional.

jott0204
jott0204

Spiceworks may not be as popular, but we use it every day. It is very powerful and very easy to use. They even have a training section for anyone that truly wants to use it to it's fullest potential. www.spiceworks.com --James EDIT: NM. I realize that you were looking for more "network 'analyzing' tools." -J

Jimmy Chow
Jimmy Chow

Wireshark very usefull tools, it can see virus pattern on the network.

Rodo1
Rodo1

Small footprint, portable (no install needed).

Realvdude
Realvdude

Determined that a form data from a POST from the client was fragmenting into several packets, and the client request for an updated page based on the form data was being processed sometimes before all of the data packets. I know that the limitation with this is that it will only see packets directed to the computer running it. From my understanding of how network switches work, that is a mute point anyway. I believe that even in promiscuous mode, an adapter will not be able to monitor what does not reach it. Any insight anyone has about monitoring traffic between two "other" ethernet devices would be appreciated.

chriscollingwood
chriscollingwood

If you have managed switches in your network, and the devices of concern are attached to one them, you can use a setting to cause all traffic through a number of ports to be "mirrored" to one port. In effect you put one port on your switch into a sort of selective "reverse promiscuous" mode. Can't remember the commands/settings right now, been a while, and I usually rely on memory getting jogged once I am managing a switch :-). Check your switch documentation (ProCurve use a "mirror" setting option).

100coconuts
100coconuts

The word you are looking for on Cisco gear is "Span". You can Span a port/s to a single monitoring interface. You can also send span traffic to different ports within the network using RSPAN.