After writing about the importance of network forensics in securing your corporate front lines, I thought it might be helpful to pull together some of the top tools for actually helping protect and maintain your network. Have a suggestion to add to our list? E-mail me at Michael@ITKnowledgeExchange.com or update our community Wiki.
Nominated by our very own CarlosDl, Wireshark is old hat to most networking professionals, but that doesn’t mean it’s anything but a standard issue essential for almost all networking professionals. And, like many of the tools in the networking professionals belt, it’s free and open source.
But what does it actually do? Think tcpdump with a graphical user interface: It’s a packet analyzer that can, for example, read live data from your network and report back what IP addresses are trying to log in to your network. Check out the official Wireshark homepage, or read up on it with free sample pages from the book Wireshark Network Analysis, one of our featured books for networking professionals.
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.
Another free utility (recommended by member HBIT77), and you don’t even have to install it: In Windows, just go run “tasklist.exe” from your friendly terminal. TechNet has some documentation. By default, it just spits out a list of the running processes and some basic information, but by using arguments you can check, for example, what users or systems are running what tasks across your network.
The Command Line in Windows has some more advanced tips, including how to filter output by finding non-responsive tasks, which can be particularly useful when rooting out problems.
Throughout my time at SearchNetworking, one program seemed to pop up more than any other unbidden: Spiceworks. A group of networking vendors got together and decided that rather than paying for traditional advertising and marketing it made more sense to build something useful and expose their brand to users that way.
The result is an easy-to-use network management tool that can help map your network, monitor servers, and even manage your helpdesk queue. It even plugs you into their community of almost a million IT pros, though of course theirs isn’t as great as our own community. More good news: Spiceworks recently doubled the size of networks it officially supports.
- SearchSecurity has a great PDF with a list of useful network security tools.
- SearchSecurity’s Must-haves for your network forensic toolbox