Saturday, January 25, 2014

20 software tool untuk Network admin.


FBSysAdminWeekday2 (3)We know how administrators love free tools that make their life easier and, to supplement the list provided on 101 Free Admin Toolshere are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we’re sure you’ll find a gem or two amongst this list – and if you know of any others, leave us a comment below!

1. Microsoft Network Monitor

Microsoft Network Monitor is a packet analyser that allows you to capture, view and analyse network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others.
MicrosoftNetworkMonitor
When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.

2. Nagios

Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling and reporting. The Nagios Core is the heart of the application that contains the core monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as well as add-ons for data visualisation, graphs, load distribution, and MySQL database support, amongst others.
Tip: If you want to try out Nagios without needing to install and configure it from scratch, download Nagios XI from here and enable the free version. Nagios XI is the pre-configured enterprise class version built upon Nagios Core and is backed by a commercial company that offers support and additional features such as more plugins and advanced reporting.
Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven nodes.
NagiosXI
Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host groups and service groups. Once Nagios has had some time to monitor the status of the specified hosts and services, it can start to paint a picture of what the health of your systems look like.

3. BandwidthD

BandwidthD monitors TCP/IP network usage and displays the data it has gathered in the form of graphs and tables over different time periods. Each protocol (HTTP, UDP, ICMP, etc) is color-coded for easier reading. BandwidthD runs discretely as a background service.
bandwidthD
Installation is easy. Download and install Winpcap version 3.0 or above (you’ll already have this installed if you have Wireshark on the same box), unzip BandwidthD to a specified folder, edit the ../etc/bandwidthd.conf file accordingly, double click on the “Install Service” batch file and then start the BandwidthD services from the services.msc console. Once the service is running, give it some time to monitor network traffic and load the index.html page to start viewing bandwidth statistics.

4. EasyNetMonitor

EasyNetMonitor is a super lightweight tool for monitoring local and remote hosts to determine if they are alive or not. It is useful for monitoring critical servers from your desktop, allowing you to get immediate notification (via a balloon popup and/or log file) if a host does not respond to a periodic ping.
EasyNetMonitor
Once you launch EasyNetMonitor, it will appear as an icon in the notification area on your desktop where the IP addresses / host names of the machines you want to monitor can be added. Once you’ve added the machines you wish to monitor, be sure to configure the ping delay time and notification setting.

5. Capsa Free

Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support for over 300 network protocols (including the ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards.
Capsa
When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic statistics, the TCP/UDP conversations, as well as packet analysis.

6. Fiddler

Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and responses before they hit the browser. Fiddler gives you extremely detailed information about HTTP traffic and can be used for testing the performance of your websites or security testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).
Fiddler
When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from the top menu bar onto an open application.

7. NetworkMiner

NetworkMiner captures network packets and then parses the data to extract files and images, helping you to reconstruct events that a user has taken on the network – it can also do this by parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT) that can obtain information such as hostname, operating system and open ports from hosts.
NetworkMiner
In the example above, I set NetworkMiner to capture packets, opened a web browser and searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I saw during my browser session.
When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to initiate the packet capture process.

8. Pandora FMS

Pandora FMS is a performance monitoring, network monitoring and availability management tool that keeps an eye on servers, applications and communications. It has an advanced event correlation system that allows you to create alerts based on events from different sources and notify administrators before an issue escalates.
pandorafms
When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’ node from the left hand navigation pane. From here, you can configure monitoring agents and services.

9. Zenoss Core

Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers, storage, networking and virtualization to provide availability and performance statistics. It also has a high performance event handling system and an advanced notification system.
ZenossCore
Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard that asks you to create user accounts and add your first few devices / hosts to monitor. You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and Advanced tabs to configure Zenoss Core and review reports and events that need attention.

10. PRTG Network Monitor Freeware

PRTG Network Monitor monitors network availability and network usage using a variety of protocols including SNMP, Netflow and WMI. It is a powerful tool that offers an easy to use web-based interface and apps for iOS and Android. Amongst others, PRTG Network Monitor’s key features include:
(1) Comprehensive Network Monitoring which offers more than 170 sensor types for application monitoring, virtual server monitoring, SLA monitoring, QoS monitoring
(2) Flexible Alerting, including 9 different notification methods, status alerts, limit alerts, threshold alerts, conditional alerts, and alert scheduling
(3) In-Depth Reporting, including the ability to create reports in HTML/PDF format, scheduled reports, as well as pre-defined reports (e.g. Top 100 Ping Times) and report templates.
Note: The Freeware version of PRTG Network Monitor is limited to 10 sensors.
PRTGNetworkMonitor
When you launch PRTG Network Monitor, head straight to the configuration wizard to get started. This wizard will run you through the main configuration settings required to get the application up and running, including the adding of servers to monitors and which sensors to use.

11. The Dude

The Dude is a network monitoring tool that monitors devices and alerts you when there is a problem. It can also automatically scan all devices on a given subnet and then draw and layout a map of your network.
TheDude
When you launch The Dude, you first choose to connect to a local or remote network and specify credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and Reports.

12 Splunk

Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic, etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search, reporting and dashboard features to make the most of the collected data. Splunk also allows you to install ‘Apps’ to extend system functionality.
Note: When you first download and install Splunk, it automatically installs the Enterprise version for you to trial for 60 days before switching to the Free version. To switch to the Free version straight away, go to Manager > Licensing.
Splunk
When you login to the Splunk web UI for the first time, add a data source and configure your indexes to get started. Once you do this you can then create reports, build dashboards, and search and analyze data.

13. Angry IP Scanner

Angry IP Scanner is standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBios information, etc).
AngryIpScanner
When you execute the application, go to Tools > Preferences to configure Scanning and Port options, then go to Tools > Fetchers to choose what information to gather from each scanned IP address.

14 ntopng

ntopng (‘ng’ meaning ‘next generation’) is the latest version of the popular network traffic analyzer called ntop. ntopng will sit in the background and gather network traffic, then display network usage information and statistics within a Web UI.
Note: Although originally aimed for use on Unix-based systems, there is a Windows version available for a small fee, or a demo version limited to 2000 packets. If you are comfortable running ntopng on a Unix-based box then you can get the full version for free.
ntopng
The image above shows the ntopng dashboard after a few minutes of network traffic collection. In this example, I am using the Windows version. After installation, I simply executed the redis-server.exe file from ..\Program Files (x86)\Redis and fired up the Web UI (http://127.0.0.1:3000).

15. Total Network Monitor

Total Network Monitor continuously monitors hosts and services on the local network, notifying you of any issues that require attention via a detailed report of the problem. The result of each probe is classified using green, red, or black colors to quickly show whether the probe was successful, had a negative result or wasn’t able to complete.
TotalNetworkMonitor
When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a specified network range automatically and assign the discovered hosts to a group. Alternatively, create a new group manually to start adding devices/hosts individually.

16. NetXMS

NetXMS is a multi-platform network management and monitoring system that offers event management, performance monitoring, alerting, reporting and graphing for the entire IT infrastructure model. NetXMS’s main features include support for multiple operating systems and database engines, distributed network monitoring, auto-discovery, and business impact analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a management console.
NetXMS
Once you login to NetXMS you need to first go to the “Server Configuration” window to change a few settings that are dependent on your network requirements (e.g. changing the number of data collection handlers or enabling network discovery). You can then run the Network Discovery option for NetXMS to automatically discover devices on your network, or add new nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.

17. Xymon

Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive deep into the configuration, performance and real-time statistics of your networking environment. It offers monitoring capabilities with historical data, reporting and performance graphs.
Xymon
Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts that you are going to monitor. Here, you add information such as the host IP address, the network services to be monitored, what URLs to check, and so on.
When you launch the Xymon Web UI, the main page lists the systems and services being monitored by Xymon. Clicking on each system or service allows you to bring up status information about a particular host and then drill down to view specific information such as CPU utilization, memory consumption, RAID status, etc.

18. WirelessNetView

WirelessNetView is a lightweight utility (available as a standalone executable or installation package) that monitors the activity of reachable wireless networks and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.
WirelessNetView
As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi networks in the area and displays information relevant to them (all columns are enabled by default).
Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView. It scans your wireless network and displays a list of all computers and devices that are currently connected, showing information such as IP adddress, MAC address, computer name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.
WirelessNetworkWatcher

19. Xirrus Wi-Fi Inspector

Xirrus Wi-Fi Inspector can be used to search for Wi-Fi networks, manage and troubleshoot connections, verify Wi-Fi coverage, locate Wi-Fi devices and detect rogue Access Points. Xirrus Wi-Fi Inspector comes with built-in connection, quality and speed tests.
XirrusWiFiInspector
Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can run a test, change the layout, edit settings, refresh connections, etc.

20. WireShark

This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.
WireShark
When you launch Wireshark, choose which interface you want to bind to and click the green shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what you need, you can export the data to a file for analysis in another application or use the in-built filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.
Are there any free tools not on this list that you’ve found useful and would like to share with the community? Then leave us a comment below and let us know!
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

About the Author: 

Andrew has over 10 years experience in Quality Assurance, Incident Management, and Pre- and Post-Sales Technical Support roles, as well as recent specialization in Digital Forensics and E-Discovery.
  - See more at: http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/#sthash.PAupfaZ2.dpuf

Monitoring dengan SNMP dan MRTG di Ubuntu






Tutorial Monitoring Jaringan Menggunakan SNMP dan MRTG pada Ubuntu 12.04

A.      SNMP (Simple Network Management Protocol)
SNMP adalah sebuah protokol yang dirancang untuk memberikan kemampuan kepada pengguna untuk memantau dan mengatur jaringan komputernya secara sistematis dari jarak jauh atau dalam satu pusat kontrol saja. Pengolahan ini dijalankan dengan menggumpulkan data dan melakukan penetapan terhadap variabel-variabel dalam elemen jaringan yang dikelola.
B.       MRTG (Multi Router Traffic Grapher)
       The Multi Router Traffic Grapher (MRTG) adalah sebuah alat yang berfungsi untuk memonitoring traffic       yang masuk kedalam jaringan. MRTG menampilkan halaman web html yang didalamnya terdapat gambar format PNG yang menyediakan representasi visual secara langsung dari traffic yang ada.



C.      ELEMEN – ELEMEN SNMP 
a)     MANAJER
Merupakan pelaksana dan manajemen jaringan. Pada kenyataannya manager ini merupakan komputer biasa yang ada pada jaringan yang mengoperaksikan perangkat lunak untuk manajemen jaringan. Manajer ini terdiri atas satu proses atau lebih yang berkomunikasi dengan agen-agennya dan dalam jaringan. Manajer akan mengumpulkan informasi dari agen dari jaringan yang diminta oleh administrator saja bukan semua informasi yang dimiliki agen.
b)        MIB (MANAGER INFORMATION BASE)
MIB ini dapat dikatakan sebagai struktur basis data variabel dari elemen jaringan yang dikelola. Struktrur ini bersifat hierarki dan memiliki aturan sedemikian rupa sehingga informasi setiap variabel dapat dikelola atau ditetapkan dengan mudah.
c)     AGEN
Agen merupakan perangkat lunak yang dijalankan disetiap elemen jaringan yang dikelola. Setiap agen mempunyai basis data variabel yang bersifat lokal yang menerangkan keadaan dan berkas aktivitasnya dan pengaruhnya terhadap operasi.

TUTORIAL INSTALLASI DAN KONFIGURASI SNMP Untuk Local Host dan Getway:

1.    Buka terminal Ubuntu 12.04, lalu masukkan perintah berikut :
$ sudo su  Perintah untuk masuk kedalam #  
$ masukkan password ubuntu anda
2.  Setelah masuk kedalam rootcek APACHE, SNMP, dan MRTG anda dengan perintah berikut :
$ dpkg –l |grep apache2 Ã  cek APACHE
$ dpkg –l |grep snmp      Ã  cek SNMP
$ dpkg –l |grep mrtg       Ã  cek MRTG
3.  Apabila telah di install SNMP dan MRTG nya, ada baiknya anda me-removenya terlebih dahulu untuk memastikan tidak ada konfigurasi yang telah dilakukan sebelumnya :
$ apt-get remove snmp snmpd --purge

Perintah ini adalah untuk menghapus snmp dan snmpd yang telah ada.Ulangi sekali lagi untuk paket MRTG, caranya :

 #apt-get remove mrtg –purge
$ apt-get remove mrtg
4.  Bila APACHE anda belum ter-install, maka install terlebih dahulu APACHE tersebut dengan memasukkan perintah :
$ apt-get install apache2
5.    Setelah selesai install APACHE, maka lanjutkan meng-install SNMP :
$ apt-get install snmp snmpd
6.    Lalu masukkan perintah berikut untuk mengedit file snmpd.conf :
$ nano /etc/snmp/snmpd.conf
Ketika telah terbuka file tersebut, maka lakukan perubahan pada bagian berikut :
Hilangkan tanda # pada tulisan “ #rocommunity public localhost
Sehingga menjadi “ rocommunitypublic localhost

Dan pada bagian berikut :
Syslocation [Nama Projek]
Syscontact [Nama Depan]

Pada bagian ini, saya mengubahnya menjadi :
 Syslocation JartelLab
Syscontact Fatihul
Perubahan ini dilakukan untuk mengetahui lokasi user yang memonitoring SNMP dan mengetahui identitas serta email dari user.
7.    Lalu restart SNMPD menggunakan perintah :
$ /etc/init.d/snmpd restart
Ini untuk melakukan restart pada file snmpd.conf yang diubah tadi.
8.    Setelah itu, tes localhost nya dengan memasukkan perintah ini :

$ snmpwalk –v 2c –c public(ip Monitoring) 

   Contoh :   #snmpwalk –v 2c –c public localhost |more => untuk jaringan Local

       Contoh :   #snmpwalk –v 2c –c public 172.16.30.1 |more => untuk jaringan LAN

   #snmpwalk –v 2c –c public 172.16.40.1 => Wifi
    
172.16.30.1 merupakan ip gateway dari router PCR, pengetesan ini berguna untuk mengetahui apakah snmp telah ready.

Maka akan muncul seperti berikut :



 TUTORIAL INSTALLASI DAN KONFIGURASI MRTG
1.    Install MRTG :
$ apt-get install mrtg
Untuk menginstal MRTG dan secara Otomatis akan diletakkan di var/www/mrtg(nama folder) 
2.    Buat folder mrtg di dalam www dengan cara :
$ mkdir /var/www/(nama folder)
Contoh 1 untuk localhost:
$ mkdir /var/www/mrtg/localhost
Contoh 2 untuk getway :
$ mkdir /var/www/mrtg

3.    Konfigurasi MRTG
cfgmaker --global ‘workdir: /var/www/(nama folder yang telah dibuat tadi)’ --output /etc/mrtg.cfg public@( Ip yang akan diMonitoring ) 

Contoh 1 untuk localhost:
$ cfgmaker --global ‘workdir: /var/www/mrtg/localhost’ --output /etc/mrtg.cfg public@localhost 
   
Contoh 2 untuk getway:
$ cfgmaker --global ‘workdir: /var/www/mrtg’ --output /etc/mrtg.cfg public@172.16.30.1  
Perintah diatas merupakan konfigurasi dari mrtg
4. Untuk menampilkan grafik dari konfigurasi MRTG, masukkan perintah berikut :
$ indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/(nama folder)/index.html
Contoh 1 untuk localhost:
$ indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/localhost/index.html
Contoh 2 untuk getway:
$ indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/index.html


Perintah merupakan konfigurasi untuk menampilakan file idex yang akan ditampilkan di web Browser

5.    Setelah selesai, buka Web Browser seperti Mozilla dan ketik URL berikut ini untuk menampilkan grafiknya :
http://localhost/mrtg/             --> Untuk menampilkan Local Host
http://localhost/mrtg/localhost    --> Untuk menampilkan Getway
Perintah diatas untuk memanggil hasil yang akan di monitoring di Local Host


Setelah melakukan Konfigurasi Diatas, Tampilan yang akan muncul pada Web Browser seperti dibawah berikut ini :
           Pada gambar diatas menunjukkan hasil monitoring Local Host dengan mengambil data setiap 5 Minute sekali. Dengan adanya monitoring ini kita bisa mengetahui traffic yang yang terjadi pada Local Host . Pada monitoring Local Host kita tidak perlu memerlukan jaringan yang besar pada saat pengambilan datanya. Graffik yang berwarna hijau adalah menunjukkan kalauTraffic local Host sudah merjalan dan dalm proses pengambilan data.

  MONITORING GATEWAY
1.    Lakukan terlebih dahulu restart SNMPD.
$ /etc/init.d/snmpd restart
2.    Test SNMP nya.
snmpwalk –v 2c –c public (ip gateway)
Contoh :
$ snmpwalk –v 2c –c public 172.16.30.1 Ã  jaringan LAN
$ snmpwalk –v 2c –c public 172.16.40.1 Ã  Wireless
3.    Buat folder MRTG dianjurkan untuk membuat nama berbeda dari sebelumnya.
$ mkdir /var/www/(nama folder)
Contoh :
$ mkdir /var/www/mrtg
4.    Konfigurasi MRTG untuk IP gateway tersebut.
$ cfgmaker --global ‘workdir: /var/www/(nama folder)’ --output /etc/mrtg.cfg public@(ip gateway)
Contoh :
$ cfgmaker --global ‘workdir: /var/www/mrtg’ --output /etc/mrtg.cfgpublic@172.16.30.1
5.    Untuk menampilkan grafik dari konfigurasi MRTG, masukkan perintah berikut :
$ indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/(nama folder)/index.html
Contoh :
$ indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/index.html
6.    Setelah selesai, buka Web Browser seperti Mozilla dan ketik URL berikut ini untuk menampilkan grafiknya : http://localhost/mrtg

    Maka Tampilan yang muncul akan seperti berikut :





                  Pada Gambar Grafik di atas adalah gambar Monitoring Traffic dari Komputer User ke Getway. Traffic yang berwarna hijau adalah traffic kecepatan transfer data dari Komputer Client/ User ke Getway Politeknik Caltex Riau. Dan Traffic dapat di liahat/dimonitor oleh MRTG ini apabila Kmputer User Terhubung dengan Jaringan Getway PCR .

INGAT !!!!! Pada saat konfigurasi di terminal, pastikan bahwa tulisan, tanda baca seperti petik, tanda koma ataupun spasi telah tepat. Karena apabila terjadi kesalahan maka bisa saja konfigurasi menjadi error. Dianjurkan untuk tidak meng-copy perintah-perintah tersebut untuk di paste kan pada terminal karena bisa saja akan terjadi error.


Map Security needs to DevSecOps tools in SDLC.

  Map Security needs to DevSecOps tools in SDLC. Implementing DevSecOps effectively into the SDLC involves adopting the right tools, adaptin...