Category Archives: Blog

Top 6 list of programming top 10 lists

Presented, in no particular order, for your reading pleasure: my top 6 list of programming top 10 lists. To keep this entry concise, I’ve only quoted a brief summary of each item. If any of these sound interesting to you, I encourage you to click through and read the original author’s thoughts in more detail.

Jerry Weinberg: The 10 Commandments of Egoless Programming

 

  1. Understand and accept that you will make mistakes.
  2. You are not your code.
  3. No matter how much “karate” you know, someone else will always know more.
  4. Don’t rewrite code without consultation.
  5. Treat people who know less than you with respect, deference, and patience.
  6. The only constant in the world is change.
  7. The only true authority stems from knowledge, not from position.
  8. Fight for what you believe, but gracefully accept defeat.
  9. Don’t be “the guy in the room.”
  10. Critique code instead of people — be kind to the coder, not to the code.

Dare Obasanjo: Top 10 Signs Your Software Project is Doomed

 

  1. Trying to do too much in the first version.
  2. Taking a major dependency on unproven technology.
  3. Competing with an existing internal project that is either a cash cow or has powerful backers.
  4. The team is understaffed.
  5. “Complex problems require complex solutions”.
  6. Schedule Chicken
  7. Scope Creep
  8. Second System Syndrome
  9. No Entrance Strategy.
  10. Tackling a problem you don’t know how to solve.

Omar Shahine: Top 10 Tips for Working at Microsoft (or Anywhere Else)

 

  1. Process is no substitute for thinking.
  2. Get out of your office.
  3. Use your product (the one your customers will).
  4. Fix things that are broken rather than complain about them being broken. Actions speak better than your complaining.
  5. Make hard problem look easy. Don’t make easy problems look hard.
  6. Use the right communication tool for the job.
  7. Learn to make mistakes.
  8. Keep things simple.
  9. Add value all the time.
  10. Use their product.

Michael McDonough: The Top 10 Things They Never Taught Me in Design School

 

  1. Talent is one-third of the success equation.
  2. 95 percent of any creative profession is shit work.
  3. If everything is equally important, then nothing is very important.
  4. Don’t over-think a problem.
  5. Start with what you know; then remove the unknowns.
  6. Don’t forget your goal.
  7. When you throw your weight around, you usually fall off balance.
  8. The road to hell is paved with good intentions; or, no good deed goes unpunished.
  9. It all comes down to output.
  10. The rest of the world counts.

Andres Taylor: Top 10 Things Ten Years of Professional Software Development Has Taught Me

 

  1. Object orientation is much harder than you think.
  2. The difficult part of software development is communication.
  3. Learn to say no.
  4. If everything is equally important, then nothing is important.
  5. Don’t over-think a problem.
  6. Dive really deep into something, but don’t get hung up.
  7. Learn about the other parts of the software development machine.
  8. Your colleagues are your best teachers.
  9. It all comes down to working software.
  10. Some people are assholes.

Steve Yegge: 10 Great Books

 

  1. The Pragmatic Programmer: From Journeyman to Master
  2. Refactoring: Improving the Design of Existing Code
  3. Design Patterns
  4. Concurrent Programming in Java(TM): Design Principles and Pattern (2nd Edition)
  5. Mastering Regular Expressions, 2nd Edition
  6. The Algorithm Design Manual
  7. The C Programming Language, Second Edition
  8. The Little Schemer
  9. Compilers
  10. WikiWikiWeb

You may wonder why I included a top 10 list from someone who is clearly a designer and not a programmer. I agree with Joey deVilla:

 

Software development is a kissing cousin of engineering (if not an engineering discipline itself), and blends creativity with math and science. That’s why I find that a lot of advice to creative types is also applicable to software developers.

You may also want to contrast and compare my recommended reading list with Steve Yegge’s. And yes, there is a reason Refactoring and Design Patterns aren’t on my list, just as I’m sure there’s a reason Code Complete is not on Steve’s list.

 

Linux Administrator questions

Well well, a new set of questions from the good folks at HP.  I was interested in this position at first but then after the barrage of questions for a temporary position I was thinking that HP may not be a good place to work after all. I love / hate Linux on any given day but I would hope you didn’t have to know all this for every Admin position, more of a programing position I would think.

Linux Kernel:

o   Where is the Linux kernel located in the file system?

/boot  or /dev

o   Where are modules located?

/proc/modules

o   What are kernel modules used for?

There are six main things LKMs are used for:

Device drivers. A device driver is designed for a specific piece of hardware. The kernel uses it to communicate with that piece of hardware without having to know any details of how the hardware works. For example, there is a device driver for ATA disk drives. There is one for NE2000 compatible Ethernet cards. To use any device, the kernel must contain a device driver for it.

Filesystem drivers. A filesystem driver interprets the contents of a filesystem (which is typically the contents of a disk drive) as files and directories and such. There are lots of different ways of storing files and directories and such on disk drives, on network servers, and in other ways. For each way, you need a filesystem driver. For example, there’s a filesystem driver for the ext2 filesystem type used almost universally on Linux disk drives. There is one for the MS-DOS filesystem too, and one for NFS.

System calls. User space programs use system calls to get services from the kernel. For example, there are system calls to read a file, to create a new process, and to shut down the system. Most system calls are integral to the system and very standard, so are always built into the base kernel (no LKM option). But you can invent a system call of your own and install it as an LKM. Or you can decide you don’t like the way Linux does something and override an existing system call with an LKM of your own.

Network drivers. A network driver interprets a network protocol. It feeds and consumes data streams at various layers of the kernel’s networking function. For example, if you want an IPX link in your network, you would use the IPX driver.

TTY line disciplines. These are essentially augmentations of device drivers for terminal devices.

Executable interpreters. An executable interpreter loads and runs an executable. Linux is designed to be able to run executables in various formats, and each must have its own executable interpreter.

o   What command loads kernel modules?

insmod and rmmod, you can let the system do more of the work for you by using the higher level program modprobe.

  • What file is read to load kernel modules on boot?

(typically /etc/modules.conf)

  • What is the function of dracut?

dracut is an event-driven initramfs infrastructure. dracut (the tool) is used to create an initramfs image by copying tools and files from an installed system and combining it with the dracut framework, usually found in /usr/lib/dracut/modules.d.

  • What is the function of initramfs/initrd?

Basically your bootloader (GRUB or LILO) loads the initrd along with the corresponding kernel (just like we initramfs) into the RAM and the kernel mounts the initrd as a temporary root filesystem (early user space) as a “normal” RAM disk and then executes the “linuxrc” and/or “init” file from it. So initrd stands for initial ram disk.

o   What is the typical boot process for Linux?

The “linuxrc” or “init” file is now responsible for loading the “real” root filesystem, typically from hard drive. In case of initrd, pivot_root call is used to mount the real root filesytem. Once the kernel is loaded into the RAM, it runs it’s initialization/boot code.

·        Scripting:

o   What is traditionally put on the first line of a bash script?

#!/bin/bash   ./myscript

o   Can it be on the second line of the script?

No you have to tell the system what command interpreter you need to use.

o   What happens if this entry isn’t there?

The script will run but you will get alot of errors and it severely limits your flexibility.

·        Puppet

  • By default, what is the first manifest file processed on the puppet server?

/etc/puppet/manifests/site.pp which imports other manifest files depending on which host name the client has.

  • What language is puppet written in?

Ruby

·        SELinux

  • What is the function of SELinux?

Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof.

  • How to you enable/disable SELinux?
  • edit the /etc/sysconfig/selinux file. This file is a symlink to /etc/selinux/config.

·        MySQL

  • What is the command to issue a database repair?

/usr/local/mysql/bin/mysqlcheck –all-databases -uUSERNAME -pPASSWORD -r

o   What is the name of the MySQL configuration file?

·        SAN Storage

  • How does a SAN LUN with multiple paths appear in Linux?

/dev/mapper/mpath0>

  • How do you configure a multiple-path LUN Linux to appear as a single path?

Identify the device’s UUID or WWID, Define alias names for your multipath devices.

  • What is the difference between P2P, AL, and Fabric topologies and give examples?

The Point-to-Point topology is the simplest one. Only two ports are used, connected by a link.

The Arbitrated Loop (AL) topology is more involved but less complicated than a Fabric. It can have up to 127 ports, all connected in a serial (loop) fashion.

Fabric is called a switched topology or cross-point switch topology. Routing frames through the various switches is accomplished by having the Fabric Elements interpret the destination address identifier in the frame as it arrives at each Fabric Element. The Fabric can be implemented physically as a single Fabric Element with several F_Ports or as a set of several connected Fabric Elements.

o   How would you define zoning?

Zoning is very similar to Ethernet VLANs: it lets you fence off traffic. Zoning is more effective than VLANning because there’s no chance that traffic will “leak” between the partitions.

·        Linux Firewall

o   What command is used to add/remove/list Linux kernel firewall rules?

iptables -L INPUT -n –line-numbers , iptables -I INPUT 5 -s ipaddress -j DROP, iptables -L -n –v

·        Linux Ethernet

o   Where is the file location for configuring Ethernet devices for

§  RHEL/Centos/Fedora?

/etc/sysconfig/network-scripts/ifcfg-ethX

§  Debian/Ubuntu?

/etc/network/interfaces

o   How do you create a VLAN tagged interface in Linux?

Create a VLAN file  /etc/sysconfig/network-scripts/ifcfg-eth0.208 and then append  VLAN=yes in the file.  Save and restart /etc/init.d/network restart

o   How do you enable IP forwarding?

On the fly – sysctl -w net.ipv4.ip_forward=1

Permanent – /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Debian could use

/etc/network/options:

ip_forward=no

Then restart the service

·        Linux file system

o   How do you find the list of open files?

lsof

o   What is the major difference between ext2/ext3?

Ext3 has Journaling

o   How do you add a new block device to LVM?

pvcreate /dev/hdb

o   How do you create a new logical volume?

vgextend VolGroup00 /dev/hdb

o   What command is used to partition a block device?

lvextend -L+25G /dev/VolGroup00/LogVol00

·        Linux Distributions

o   What are the architecture differences between RHEL, CentOS, Fedora, Debian, Ubuntu, and SuSE?

In general the different distributions are very similar, and the main differences beyond the package-management tools is the configuration of particular software.For example under a Redhat / CentOS system you’ll install Apache via rpm and the configuration files will live beneath /etc/httpd. Under a Debian/Ubuntu system you’d install via apt-get and find that the configuration files live beneath /etc/apache2.

o   What commands are used to update packages on CentOS and Ubuntu?

yum install ‘package’   &   apt-get install ‘package’

 

Top 6 List of Programming Top 10 Lists

 

Presented, in no particular order, for your reading pleasure: my top 6

list of programming top 10 lists. To keep this entry concise,

I’ve only quoted a brief summary of each item. If any of these

sound interesting to you, I encourage you to click through and read the

original author’s thoughts in more detail.

 

The 10 Commandments of Egoless Programming

 

  1. Understand and accept that you will make mistakes.
  2. You are not your code.
  3. No matter how much “karate” you know, someone else will always know more.
  4. Don’t rewrite code without consultation.
  5. Treat people who know less than you with respect, deference, and patience.
  6. The only constant in the world is change.
  7. The only true authority stems from knowledge, not from position.
  8. Fight for what you believe, but gracefully accept defeat.
  9. Don’t be “the guy in the room.”
  10. Critique code instead of people — be kind to the coder, not to the code.

Dare Obasanjo: Top 10 Signs Your Software Project is Doomed

 

  1. Trying to do too much in the first version.
  2. Taking a major dependency on unproven technology.
  3. Competing with an existing internal project that is either a cash cow or has powerful backers.
  4. The team is understaffed.
  5. “Complex problems require complex solutions”.
  6. Schedule Chicken
  7. Scope Creep
  8. Second System Syndrome
  9. No Entrance Strategy.
  10. Tackling a problem you don’t know how to solve.

Omar Shahine: Top 10 Tips for Working at Microsoft (or Anywhere Else)

 

  1. Process is no substitute for thinking.
  2. Get out of your office.
  3. Use your product (the one your customers will).
  4. Fix things that are broken rather than complain about them being broken.
  5. Actions speak better than your complaining.
  6. Make hard problem look easy. Don’t make easy problems look hard.
  7. Use the right communication tool for the job.
  8. Learn to make mistakes.
  9. Keep things simple.
  10. Add value all the time.
  11. Use their product.

Michael McDonough: The Top 10 Things They Never Taught Me in Design School

 

  1. Talent is one-third of the success equation.
  2. 95 percent of any creative profession is shit work.
  3. If everything is equally important, then nothing is very important.
  4. Don’t over-think a problem.
  5. Start with what you know; then remove the unknowns.
  6. Don’t forget your goal.
  7. When you throw your weight around, you usually fall off balance.
  8. The road to hell is paved with good intentions; or, no good deed goes unpunished.
  9. It all comes down to output.
  10. The rest of the world counts.

Andres Taylor: Top 10 Things Ten Years of Professional Software Development Has Taught Me

 

  1. Object orientation is much harder than you think.
  2. The difficult part of software development is communication.
  3. Learn to say no.
  4. If everything is equally important, then nothing is important.
  5. Don’t over-think a problem.
  6. Dive really deep into something, but don’t get hung up.
  7. Learn about the other parts of the software development machine.
  8. Your colleagues are your best teachers.
  9. It all comes down to working software.
  10. Some people are assholes.

Steve Yegge: 10 Great Books

 

  1. The Pragmatic Programmer: From Journeyman to Master
  2. Refactoring: Improving the Design of Existing Code
  3. Design Patterns
  4. Concurrent Programming in Java(TM): Design Principles and Pattern (2nd Edition)
  5. Mastering Regular Expressions, 2nd Edition
  6. The Algorithm Design Manual
  7. The C Programming Language, Second Edition
  8. The Little Schemer
  9. Compilers
  10. WikiWikiWeb
  11. You may wonder why I included a top 10 list from someone

who is clearly a designer and not a programmer. I agree with Joey deVilla:

 

Software development is a kissing cousin of engineering

(if not an engineering discipline itself), and blends creativity with math and science.

That’s why I find that a lot of advice to creative types is also applicable to software developers.

 

You may also want to contrast and compare my recommended reading list with Steve Yegge’s.

And yes, there is a reason Refactoring and Design Patterns aren’t on my list,

just as I’m sure there’s a reason Code Complete is not on Steve’s list.

 

Ultimate list of IT support links

 These are the links no IT support professional should be without. While this list is by no means a complete inventory of IT Web sites, it is a place to start when looking for drivers, updates, patches, or troubleshooting information. If your favorite IT support site isn’t listed here, please e-mail us. We will periodically update this list with links to new sites and updates to current sites.

Product Reviews, IT News, Editorial Columns, How-To Guides, etc.
CNET.com
http://www.cnet.com/
CNET is your best online resource for product reviews and pricing information. Find out who sells that new monitor your CEO wants at the lowest price.
GameSpy’s PlanetHardware
http://www.planethardware.com/
Although this site is geared more toward gamers, it contains a lot of useful information on the latest PC hardware.
HardwareCentral
http://www.hardwarecentral.com/
This site offers hardware information, including reviews, editorials, buying guides, and more.
Hardware Extreme
http://www.hwextreme.com/
This is another site geared toward serious IT hobbyists and gamers, but it has plenty of hardware reviews.
Slashdot
http://slashdot.org/
Here, you’ll find a one-stop shop for all things open source, including articles, discussions, and journals.
Tom’s Hardware Guide
http://www.tomshardware.com/
This site is a great source for reviews and guides about the latest computer hardware.
ZDNet
http://www.zdnet.com/
A great place for technology news, product reviews, IT commentary, and more. This site offers anything and everything for the IT professional.

 

Programming, Web development, Scripts, etc.
4GuysFromRolla.com
http://www.4guysfromrolla.com/
If you’re looking for the most current information on ASP, this Web site is for you.
HotScripts.com
http://www.hotscripts.com/
This site is geared toward Web masters and programmers. It compiles Web programming-related information on topics such as ASP, C, Java, XML, PHP, and Perl.
jGuru.com
http://www.jguru.com/
Here, you’ll find forums, articles, FAQs, and more, all focused on Java.
O’Reilly Perl.com
http://www.perl.com/
Perl, Perl, Perl, and nothing but Perl. If you’re a Perl programmer, this site should be on your Favorites list.
Programmers Heaven
http://www.programmersheaven.com/
Although this site is mainly a link database to other sites, it compiles links to some of the most useful programming and development sites on the Web, all in one place.
ScriptSearch.com
http://www.scriptsearch.com/
This is another great resource for programmers and developers, with information on various languages and technologies, including ASP, C, CFML, PHP, XML, Visual Basic, and Java.

 

Downloads, Utilities, Drivers, etc.
Bootdisk.com
http://www.bootdisk.com/
When was the last time you needed a Windows 95 boot disk but didn’t have a Windows 95 machine lying around? Bootdisk.com offers tips, tweaks, files, boot disks, instructions, utilities, links, patches, and updates for advanced DOS and Windows users.
BovisTech
http://www.bovistech.com/
This site is another good resource for boot disks, drivers, Windows/DOS utilities, Config.sys files, and the like.
Download.com
http://download.cnet.com/
This handy site from CNET offers access to more than 20,000 Windows, Macintosh, DOS, Linux, Palm OS, Windows CE, and BeOS software downloads.
Driverzone.com
http://www.driverzone.com/
Go here to find drivers for everything from printers and scanners to video cards and modems.
Moochers.com
http://www.moochers.com/
Moochers.com has tons of software and freeware for Windows and Linux. You’ll find applications, tools, utilities, fonts, icons, etc.
PC Drivers HeadQuarters
http://www.drivershq.com/main_home.html/
This site that provides links to device manufacturer Web sites.
WinDrivers
http://www.windrivers.com/
Go here to locate hard-to-find drivers.

 

Manufacturer Support
Compaq Support
http://www.compaq.com/support/index.html
If you support Compaq equipment, this link is a must have on your Favorites list.
Dell Support
http://support.dell.com/us/en/home.asp
For those who support Dell equipment, make sure to put this on your Favorites list.
Gateway Support
http://www.gateway.com/support/default.asp
There’s no better place for Gateway-specific information.
Hewlett-Packard Product Support
http://www.hp.com/cposupport/eschome.html
If you’re troubleshooting an HP device, start with HP’s site for products support and customer care.
MicronPC Technical Support
http://support.micronpc.com/
Whether you’re looking for information on a Millennia, ClientPro, or GoBook system, Micron’s technical support site has the info you need.
Microsoft Knowledge Base
http://search.support.microsoft.com/kb/c.asp
This is the best place to start when troubleshooting a Microsoft product.
Microsoft Windows
http://www.microsoft.com/windows/default.asp
Go here to find Microsoft’s official site for all things Windows related.

 

General Technology
AllExperts.com
http://www.allexperts.com/central/computing.shtml
This Web site allows you to ask questions of IT experts who have experience in a variety of IT disciplines, including hardware, software, operating systems, programming, and more.
Marshall Brain’s HowStuffWorks
http://www.howstuffworks.com/
Go here to find detailed descriptions of how mechanical devices work, how holidays developed, how the human body works, and much more.
Whatis.com
http://whatis.techtarget.com/
If you need a quick definition of an IT acronym, file extension, or term, this is the site to use. It’s easy, quick, and accurate. (Read TechRepublic’s review of Whatis.com here.)

 

Training & Certification
Brainbench
http://www.brainbench.com/
You’ll find tons of online certifications for a variety of IT and business topics, including Windows, general help desk support, network technical support, Java, C, and Visual Basic to name just a few. A fee is required for some tests.
CramSession
http://www.cramsession.com/
This site offers a plethora of certification information, including downloadable study guides, online sample tests, and more.
ExamCram.com
http://www.examcram.com/
If you’re looking for IT certification study material, this site from Coriolis is for you. ExamCram has study guides, practice tests, and personal trainers for MCSE, CompTIA, and Cisco certifications.
MCSEBraindumps.com
http://www.mcsebraindumps.com/
This is a great site offering information on Windows MCSE, CompTIA, and Novell certifications.
TESTFREE
http://www.testfree.com/
Check out the online practice exams for many MCSE and CNE certifications on this site.

 

Antivirus & Security
Astalavista Group
http://www.astalavista.com/
Don’t let hackers, crackers, phone phreaks, or script kiddies catch you off guard. Find the latest news from the IT underground on this site.
Church of the Swimming Elephant
http://www.cotse.com/
This Web site focuses on a variety of IT security issues. The site offers virus information, bug fixes, tools, and a whole lot more.
Symantec Antivirus Research Center
http://www.sarc.com/
This site is a must-have for users of Norton Antivirus software. Even if you don’t use Norton Antivirus, though, it’s one of best sources of virus information on the Web.
Vmyths.com
http://www.vmyths.com/
Want to know if the latest virus scare is real? Vmyths.com offers straightforward info about computer virus myths, hoaxes, and urban legends. Read TechRepublic’s review of Vmyths.com here.

Top 20 Free Network Monitoring and Analysis Tools for Sys Admins

The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins

FBSysAdminWeekday2 (3)We know how administrators love free tools that make their life easier and, to supplement the list provided on 101 Free Admin Toolshere are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we’re sure you’ll find a gem or two amongst this list – and if you know of any others, leave us a comment below!

 

1. Microsoft Network Monitor

Microsoft Network Monitor is a packet analyser that allows you to capture, view and analyse network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others.

MicrosoftNetworkMonitor

When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.

2. Nagios

Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling and reporting. The Nagios Core is the heart of the application that contains the core monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as well as add-ons for data visualisation, graphs, load distribution, and MySQL database support, amongst others.

Tip: If you want to try out Nagios without needing to install and configure it from scratch, download Nagios XI from here and enable the free version. Nagios XI is the pre-configured enterprise class version built upon Nagios Core and is backed by a commercial company that offers support and additional features such as more plugins and advanced reporting.

Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven nodes.

NagiosXI

Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host groups and service groups. Once Nagios has had some time to monitor the status of the specified hosts and services, it can start to paint a picture of what the health of your systems look like.

3. BandwidthD

BandwidthD monitors TCP/IP network usage and displays the data it has gathered in the form of graphs and tables over different time periods. Each protocol (HTTP, UDP, ICMP, etc) is color-coded for easier reading. BandwidthD runs discretely as a background service.

bandwidthD

Installation is easy. Download and install Winpcap version 3.0 or above (you’ll already have this installed if you have Wireshark on the same box), unzip BandwidthD to a specified folder, edit the ../etc/bandwidthd.conf file accordingly, double click on the “Install Service” batch file and then start the BandwidthD services from the services.msc console. Once the service is running, give it some time to monitor network traffic and load the index.html page to start viewing bandwidth statistics.

4. EasyNetMonitor

EasyNetMonitor is a super lightweight tool for monitoring local and remote hosts to determine if they are alive or not. It is useful for monitoring critical servers from your desktop, allowing you to get immediate notification (via a balloon popup and/or log file) if a host does not respond to a periodic ping.

EasyNetMonitor

Once you launch EasyNetMonitor, it will appear as an icon in the notification area on your desktop where the IP addresses / host names of the machines you want to monitor can be added. Once you’ve added the machines you wish to monitor, be sure to configure the ping delay time and notification setting.

5. Capsa Free

Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support for over 300 network protocols (including the ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards.

Capsa

When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic statistics, the TCP/UDP conversations, as well as packet analysis.

6. Fiddler

Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and responses before they hit the browser. Fiddler gives you extremely detailed information about HTTP traffic and can be used for testing the performance of your websites or security testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).

Fiddler

When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from the top menu bar onto an open application.

7. NetworkMiner

NetworkMiner captures network packets and then parses the data to extract files and images, helping you to reconstruct events that a user has taken on the network – it can also do this by parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT) that can obtain information such as hostname, operating system and open ports from hosts.

NetworkMiner

In the example above, I set NetworkMiner to capture packets, opened a web browser and searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I saw during my browser session.

When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to initiate the packet capture process.

8. Pandora FMS

Pandora FMS is a performance monitoring, network monitoring and availability management tool that keeps an eye on servers, applications and communications. It has an advanced event correlation system that allows you to create alerts based on events from different sources and notify administrators before an issue escalates.

pandorafms

When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’ node from the left hand navigation pane. From here, you can configure monitoring agents and services.

9. Zenoss Core

Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers, storage, networking and virtualization to provide availability and performance statistics. It also has a high performance event handling system and an advanced notification system.

ZenossCore

Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard that asks you to create user accounts and add your first few devices / hosts to monitor. You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and Advanced tabs to configure Zenoss Core and review reports and events that need attention.

10. PRTG Network Monitor Freeware

PRTG Network Monitor monitors network availability and network usage using a variety of protocols including SNMP, Netflow and WMI. It is a powerful tool that offers an easy to use web-based interface and apps for iOS and Android. Amongst others, PRTG Network Monitor’s key features include:

(1) Comprehensive Network Monitoring which offers more than 170 sensor types for application monitoring, virtual server monitoring, SLA monitoring, QoS monitoring

(2) Flexible Alerting, including 9 different notification methods, status alerts, limit alerts, threshold alerts, conditional alerts, and alert scheduling

(3) In-Depth Reporting, including the ability to create reports in HTML/PDF format, scheduled reports, as well as pre-defined reports (e.g. Top 100 Ping Times) and report templates.

Note: The Freeware version of PRTG Network Monitor is limited to 10 sensors.

PRTGNetworkMonitor

When you launch PRTG Network Monitor, head straight to the configuration wizard to get started. This wizard will run you through the main configuration settings required to get the application up and running, including the adding of servers to monitors and which sensors to use.

11. The Dude

The Dude is a network monitoring tool that monitors devices and alerts you when there is a problem. It can also automatically scan all devices on a given subnet and then draw and layout a map of your network.

TheDude

When you launch The Dude, you first choose to connect to a local or remote network and specify credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and Reports.

12 Splunk

Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic, etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search, reporting and dashboard features to make the most of the collected data. Splunk also allows you to install ‘Apps’ to extend system functionality.

Note: When you first download and install Splunk, it automatically installs the Enterprise version for you to trial for 60 days before switching to the Free version. To switch to the Free version straight away, go to Manager > Licensing.

Splunk

When you login to the Splunk web UI for the first time, add a data source and configure your indexes to get started. Once you do this you can then create reports, build dashboards, and search and analyze data.

13. Angry IP Scanner

Angry IP Scanner is standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBios information, etc).

AngryIpScanner

When you execute the application, go to Tools > Preferences to configure Scanning and Port options, then go to Tools > Fetchers to choose what information to gather from each scanned IP address.

14 ntopng

ntopng (‘ng’ meaning ‘next generation’) is the latest version of the popular network traffic analyzer called ntop. ntopng will sit in the background and gather network traffic, then display network usage information and statistics within a Web UI.

Note: Although originally aimed for use on Unix-based systems, there is a Windows version available for a small fee, or a demo version limited to 2000 packets. If you are comfortable running ntopng on a Unix-based box then you can get the full version for free.

ntopng

The image above shows the ntopng dashboard after a few minutes of network traffic collection. In this example, I am using the Windows version. After installation, I simply executed the redis-server.exe file from ..\Program Files (x86)\Redis and fired up the Web UI (http://127.0.0.1:3000).

15. Total Network Monitor

Total Network Monitor continuously monitors hosts and services on the local network, notifying you of any issues that require attention via a detailed report of the problem. The result of each probe is classified using green, red, or black colors to quickly show whether the probe was successful, had a negative result or wasn’t able to complete.

TotalNetworkMonitor

When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a specified network range automatically and assign the discovered hosts to a group. Alternatively, create a new group manually to start adding devices/hosts individually.

16. NetXMS

NetXMS is a multi-platform network management and monitoring system that offers event management, performance monitoring, alerting, reporting and graphing for the entire IT infrastructure model. NetXMS’s main features include support for multiple operating systems and database engines, distributed network monitoring, auto-discovery, and business impact analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a management console.

NetXMS

Once you login to NetXMS you need to first go to the “Server Configuration” window to change a few settings that are dependent on your network requirements (e.g. changing the number of data collection handlers or enabling network discovery). You can then run the Network Discovery option for NetXMS to automatically discover devices on your network, or add new nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.

17. Xymon

Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive deep into the configuration, performance and real-time statistics of your networking environment. It offers monitoring capabilities with historical data, reporting and performance graphs.

Xymon

Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts that you are going to monitor. Here, you add information such as the host IP address, the network services to be monitored, what URLs to check, and so on.

When you launch the Xymon Web UI, the main page lists the systems and services being monitored by Xymon. Clicking on each system or service allows you to bring up status information about a particular host and then drill down to view specific information such as CPU utilization, memory consumption, RAID status, etc.

18. WirelessNetView

WirelessNetView is a lightweight utility (available as a standalone executable or installation package) that monitors the activity of reachable wireless networks and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.

WirelessNetView

As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi networks in the area and displays information relevant to them (all columns are enabled by default).

Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView. It scans your wireless network and displays a list of all computers and devices that are currently connected, showing information such as IP adddress, MAC address, computer name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.

WirelessNetworkWatcher

19. Xirrus Wi-Fi Inspector

Xirrus Wi-Fi Inspector can be used to search for Wi-Fi networks, manage and troubleshoot connections, verify Wi-Fi coverage, locate Wi-Fi devices and detect rogue Access Points. Xirrus Wi-Fi Inspector comes with built-in connection, quality and speed tests.

XirrusWiFiInspector

Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can run a test, change the layout, edit settings, refresh connections, etc.

20. WireShark

This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.

WireShark

When you launch Wireshark, choose which interface you want to bind to and click the green shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what you need, you can export the data to a file for analysis in another application or use the in-built filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.

Are there any free tools not on this list that you’ve found useful and would like to share with the community? Then leave us a comment below and let us know!

– See more at: http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/#sthash.gnpZo0qU.dpuf

Securing SNMPv1

I’ve been developing a secure SNMP process for our labs. Currently we are using just the SNMPv1 with the defaults removed. Craig helped me change the Cisco devices to the new public name and we selected another port for the SNMP monitoring software. The PDU units all have alerts set up now as I move along during the upgrade.

http://www.networkview.com/html/features.html is a great program for locating the mac addresses of the pdu, its slow but that’s what you want sometime, runs through the SNMP, WMI, TCP, IMCP, DNS and will query DHCP. I’ve also used the free version of the Colasoft http://www.colasoft.com/ network monitor to keep an eye on the traffic. Nagios is our alerting system but I find it tedious sometimes to track down rogue systems with it. Colasoft’s product gives me a visual right off the bat, based off the Pcap libraries like Wireshark. I tried the Solarwinds program and it seems to be pretty good but for the 5th time I wound up uninstalling it due to excessive scanning of the network. Not very easy to configure and the auto mode seems to give me only partial network visibility, picking and choosing what it wants to monitor on its own, very annoying.

As our network has become larger and more complex, there is a need to implement network management protocols. From an administrative point of view, this makes
a lot of sense; centralize the administration of the network, and make it
convenient and easy for the administrator to monitor and administer changes
as needed. As usual, however, from the security point of view, these
protocols are a potential for catastrophe.

SNMPv1 has been around for a while.
In fact, a number of the problems with SNMPv1 have been fixed
with the release of SNMPv2. As usual, however, large networks who placed
their original administration burdens on SNMPv1 have been slow to change.
As a result many large corporations, universities, and some small/cheap ISP’s
still run their routers/hubs/bridges/hosts/etc with version 1 enabled, often
in horribly set up configurations.

The SNMP protocol

The SNMP protocol has 5 simple types of messages. They are get-request,
get-next-request, set-request, get response and trap. We will concentrate
on using the get-* messages to retrieve information from remote sites, routers
and the like, and the set-request to manipulate a variety of settings on our
target.

SNMP uses UDP as it transport mechanism. The basic layout of an SNMP packet
is:
+—————————————————————————–+
|IP |UDP|Version|Community|PDU |Request|err.|err. |name|value|name|value| … |
|Hdr|Hdr| | |Type| ID |stat|index| | | | | |
+—————————————————————————–+

Community is SNMP’s authentication mechanism. PDU type is the type of message
being sent (get-request, set request, etc.) Request ID is used to
differentiate between requests. Error status is (obviously) used to transport
error messages, and error index gives the offset of the variable which was in
error. Finally, name and value represent the name of the field requested and
either the value to set it to or the value of it on the remote server. These
are defined by a MIB written in ASN.1, and encoded using a code called BER.
ASN.1 is used to define data and the types and properties of this data.
BER is used to actually transmit the data in a platform independent manner
(similar perhaps to XDR.)

The values that can be fetched and set via SNMP are defined in what is called
the Message Information Base or MIB. The MIB is written in ASN.1, and defines
all the different variable classes, types, variables and whatnot associated
with SNMP. Standard things in the MIB are classes used to define variables
associated with data for statistics and values for the system as a whole, the
interfaces on the system, (possibly) an address translation table, IP, TCP,
UDP, ICMP, and so on, depending on just what kind of system the agent is
running on.

Where exactly do SNMPv1’s security flaws lie? We can narrow them down to
4 general problem areas:
1) Use of UDP as a transport mechanism
2) Use of clear text community names and the presence
of default, over privileged communities
3) Information available
4) Ability to remotely modify parameters.

They’re all related to one another. We’ll go through one by one, define
the problem, and explain how it is exploitable. Unfortunately, most of
SNMPv1 (from here on out, we’ll just call it SNMP) problems stem from its
design, and have no easy solution barring the move to SNMPv2 or some other
network management protocol. Some common sense, however, can minimize the
problems in most situations.