7 Free Tools for Better Visibility Into Your Network
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
January 9, 2020
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt3b93c2005ab37012/64f0d47866539d5786534a8c/Image_1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
What's on your network? It's a simple question, but one that countless security and network management teams struggle to answer because most enterprise networks are dynamic, living things that change at a rapid pace. That change is the key to adapting to a changing business environment — and key to criminals' ability to breach the perimeter and gain access to enterprise assets.
Security teams tend to have a very good idea of what the network looked like on the day it went live. Nevertheless, conversations with consultants (and over drinks at conferences) overflow with complaints and confessions about how those same teams are ignorant of what the network looks like right now. That's a problem. And it becomes a bigger problem when it runs into the reality of the way that criminal hackers work.
Criminal hackers specialize in understanding how a targeted network is configured today. The extent to which they understand every component and interface is the extent to which they can find exploitable vulnerabilities. And those weaknesses are even more vulnerable if the network owner doesn't know they exist.
So one of the first steps in protecting a network is understanding precisely what is there to be protected. There are a number of different commercial products that can help provide an inventory and map of a network. But for many smaller organizations, even lower cost tools can be difficult additions to the security budget. That's why the focus of this article is on free products that provide network visibility and monitoring.
Some of the products on this list are open source and some are not. Several of them may require an investment of time and effort to make up for the lack of a purchase price. Regardless, each of these could be a way for a security team to either get its first solid picture of its current network or augment the view provided by other tools. In either case, visibility is always a good thing.
We're curious; are there free or open source network discovery and monitoring tools that you use? Are there any that you've tried and abandoned? We'd like to hear about your experience — let us know in the comment section, below!
(Image: GoodIdeas VIA Adobe Stock)
Zabbix is free, open source software that can provide real-time monitoring and analysis of thousands of connected devices, from network infrastructure appliances to servers. Zabbix doesn't require agents on monitored components (though there is a Zabbix agent that can be installed), and has community-created templates that can ease the installation for specific purposes.
That "ease" is important, because the learning and installation curves for Zabbix involve steep climbs. Some of that steep grade comes from the sheer number of technologies supported by, and capabilities provided by, Zabbix. The system can ingest data from SNMP, ICMP, Telnet, and SSH sources along with agents on Windows, Solaris, and Linux servers. The configuration and automation can be accomplished with virtually any programming language, making the pre-installation learning curve as shallow as the post-installation curve is steep.
Zabbix has an active community surrounding the system. The company behind Zabbix earns its money from consulting and professional services around the software.
Spiceworks is a lot of things -- market research, consulting, a tech-oriented community -- and a group of free tools that can provide insight into what's living on the network. The network visibility tools are part of a suite of functionality that include trouble ticket tracking and SSL certificate checking, but also include applications for scanning network devices, checking connectivity, and monitoring activity across the net.
Building a complete picture of the network begins with Inventory, the application that scans given network address ranges for any devices that exist. After that, the Connectivity Dashboard will help with ongoing monitoring of device and service connections, while the Port Scanner and Tester can provide a list of all the open and vulnerable ports on the network's devices.
Spiceworks is not a "freemium" model -- a tongue-in-cheek price guide shows a variety of free plans while promising to put you in touch with a sales consultant -- if you're lonely and just want to talk. As with so many of these products, Spiceworks cannot replace expertise, though the Spiceworks events and community can help your personnel get that expertise.
Nagios is the direct descendent of one of networking's most basic analytical tools, ping. Now more than 20 years old, Nagios (a recursive acronym for "Nagios Ain't Gonna Insist On Sainthood") now includes several products for mapping, monitoring, and managing a network. Within all of them, though, Nagios Core is the central product on which all the others are built.
Nagios Core is an event scheduler, event processor, and alert manager with APIs for expansion that include, among others, configuration front ends, performance graphing, auto-discovery, and distributed monitoring. Programming and expansion are possible for the application, which is designed to run as a daemon on Linux platforms.
There are Nagios products that are commercial applications: They include GUI front end, network analyzer, and log server, among others. But the large Nagios community and a collection of open-source projects expanding on Nagios Core's functionality should help many discover and monitor their networks. The more than 7.5 million downloads of Nagios Core indicate that others have come to the same conclusion.
When you first look at the web site for Cacti is a graphical front end for RRDtool, one of the basic applications for network data manipulation. Cacti is a powerful open-source tool in the old-school sense: it allows for almost infinite customization and expansion if the user takes the (considerable) time required to dig into the application and write or integrate the expansion capabilities.
Cacti allows different team members to work on different parts of a dataset simultaneously, and for specific permissions to be given for work on the different sections of data.
For many cybersecurity professionals, network discovery starts with Nmap. The network mapping software has been in security and network admin toolkits since 1997. Nmap, available for Linux, Windows, and MacOS, is able to provide a variety of services, including host discovery, OS discovery, version detection, and port scanning. It can go further with reverse DNS name lookup, MAC address reporting, and device type listing.
While Nmap is very capable, the user interface is "old school." That's where Zenmap comes in. While a number of individuals and projects have created front ends for Nmap over the years, Zenmap is the official GUI front end for the network scanner. Zenmap's primary function is to allow Nmap's results to be somewhat more comprehensible, and more easily reached, to new users, but it also brings additional functionality into reach for more experienced users.
Nmap and Zenmap are classic open-source projects supported by very active user communities. Between books, blog posts, and forums, there is information available for any professional or team that wants to add Nmap to their arsenal.
While most of the tools in this article tell you what's attached to a network, Wireshark provides a deep look inside the traffic that's going across the network. Wireshark is available for every major (and many minor) platforms and is capable of decoding a wide variety of network protocols.
Because Wireshark has been around for years, it supports output formats for many different open-source and commercial network analysis and management systems. It will allow for both live and captured data analysis from just about any network source currently available.
Understanding the traffic flowing across a network -- especially the "normal" traffic patterns -- can be critical for being able to do troubleshooting and forensics when something goes wrong. Wireshark is a free tool that lets you take a big bite out of the network traffic visibility problem.
Traceroute is the oldest tool in this article, having been around since 1987. Instead of focusing on either the devices on the network or the contents of the network traffic, traceroute NG focuses on the connections between source and destination in a network connection.
Traceroute is not a tool that provides fancy graphical interfaces or a wide variety of functionality. It is a straightforward tool that gives straightforward, but critical, information: the route that a packet takes between two points on networks.
Traceroute NG adds a very simple graphical interface to the traditional traceroute output. More important, traceroute NG adds a protocol to the traditional traceroute. Classic traceroute does its work through ICMP (UDP) packets that are sent to the destination. Because of their use in certain types of attacks, many firewalls and routers now block most UDP traffic. Traceroute NG adds TCP packets into the mix, which can bypass the filters and (as a bonus) can give a more accurate representation of the time taken to traverse the route.
Traceroute is such a basic tool (on the same level as "ping"), that some people will overlook its use in total network visibility. For understanding how the network is operating, as well as how it's configured, it's a critical too.
Traceroute is the oldest tool in this article, having been around since 1987. Instead of focusing on either the devices on the network or the contents of the network traffic, traceroute NG focuses on the connections between source and destination in a network connection.
Traceroute is not a tool that provides fancy graphical interfaces or a wide variety of functionality. It is a straightforward tool that gives straightforward, but critical, information: the route that a packet takes between two points on networks.
Traceroute NG adds a very simple graphical interface to the traditional traceroute output. More important, traceroute NG adds a protocol to the traditional traceroute. Classic traceroute does its work through ICMP (UDP) packets that are sent to the destination. Because of their use in certain types of attacks, many firewalls and routers now block most UDP traffic. Traceroute NG adds TCP packets into the mix, which can bypass the filters and (as a bonus) can give a more accurate representation of the time taken to traverse the route.
Traceroute is such a basic tool (on the same level as "ping"), that some people will overlook its use in total network visibility. For understanding how the network is operating, as well as how it's configured, it's a critical too.
What's on your network? It's a simple question, but one that countless security and network management teams struggle to answer because most enterprise networks are dynamic, living things that change at a rapid pace. That change is the key to adapting to a changing business environment — and key to criminals' ability to breach the perimeter and gain access to enterprise assets.
Security teams tend to have a very good idea of what the network looked like on the day it went live. Nevertheless, conversations with consultants (and over drinks at conferences) overflow with complaints and confessions about how those same teams are ignorant of what the network looks like right now. That's a problem. And it becomes a bigger problem when it runs into the reality of the way that criminal hackers work.
Criminal hackers specialize in understanding how a targeted network is configured today. The extent to which they understand every component and interface is the extent to which they can find exploitable vulnerabilities. And those weaknesses are even more vulnerable if the network owner doesn't know they exist.
So one of the first steps in protecting a network is understanding precisely what is there to be protected. There are a number of different commercial products that can help provide an inventory and map of a network. But for many smaller organizations, even lower cost tools can be difficult additions to the security budget. That's why the focus of this article is on free products that provide network visibility and monitoring.
Some of the products on this list are open source and some are not. Several of them may require an investment of time and effort to make up for the lack of a purchase price. Regardless, each of these could be a way for a security team to either get its first solid picture of its current network or augment the view provided by other tools. In either case, visibility is always a good thing.
We're curious; are there free or open source network discovery and monitoring tools that you use? Are there any that you've tried and abandoned? We'd like to hear about your experience — let us know in the comment section, below!
(Image: GoodIdeas VIA Adobe Stock)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024