Network Troubleshooting - Software Tools#

While designing and deploying network infrastructure is an important part of the job for a network engineer, the reality is that much of their time is consumed with monitoring and troubleshooting. To aid in this goal, software tools have been developed to make identifying and fixing issues faster and easier. In this article, we’ll take a look at some software tools which can help with both of these goals!

Packet Sniffers#

A packet sniffer is a fundamental tool for network troubleshooting. It allows you to capture and analyze network traffic in real time – packet sniffers facilitate network analysis at the most fundamental level, packet by packet. This kind of tool is invaluable for identifying network issues, monitoring data flow, and diagnosing network-related problems. Here’s how it works:

  • A packet sniffer captures packets of data as they traverse the network.

  • It can be used to analyze various network protocols, including TCP/IP, UDP, HTTP, and more.

  • By examining packet headers and payloads, you can pinpoint issues like latency, dropped packets, or suspicious activity.

Imagine you are troubleshooting slow internet connectivity in an office. Using a packet sniffer, you can analyze the traffic to identify bandwidth hogs or anomalies that might be causing the slowdown. You may discover that one user is streaming high-definition videos during work hours, consuming most of the available bandwidth.

In a security context, packet sniffers can also be used to capture and read unencrypted traffic on the network – this might help a blue team spot areas where encryption is not in use….or might give the red team the credentials they are looking for!

Some examples of Packet sniffers include:

Wireshark (Free and Open Source): Wireshark is a widely-used packet sniffer that runs on multiple platforms, including Windows, macOS, and Linux. It provides comprehensive packet analysis capabilities and supports a wide range of protocols. Wireshark is an excellent choice for both beginners and experienced network professionals.

Tcpdump (Free and Open Source): Tcpdump is a command-line packet sniffer available on Unix-like operating systems (including Linux and macOS). It provides a lightweight way to capture and analyze network traffic and is often used by experienced network administrators and security professionals.

Port Scanners#

A port scanner is another essential tool for network troubleshooting. It helps identify open, closed, or filtered ports on a target system or network. Port scanning is crucial for security assessments and ensuring that network services are functioning as expected. They work by:

  • Sending requests to various ports on a target device.

  • Responses received (or lack thereof) indicate the status of the port (open, closed, or filtered).

  • Port scanners can be used to identify potential vulnerabilities or misconfigurations.

Suppose you are responsible for maintaining a web server. You can use a port scanner to check if the necessary ports (e.g., 80 for HTTP or 443 for HTTPS) are open and accessible. If a port scan reveals unexpected results, it may indicate a security issue or a configuration problem. Some software examples include:

Nmap (Free and Open Source): Nmap, short for “Network Mapper,” is a powerful open-source port scanner that is available for Windows, macOS, and Linux. It can quickly scan a target network and provide detailed information about open, closed, and filtered ports. Nmap also has scripting capabilities for advanced network scanning tasks.

Tip: If using Windows, you might prefer the “Zenmap” GUI version of Nmap, which is more user-friendly if you’re not confident with the command line.

Angry IP Scanner (Free and Open Source): Angry IP Scanner is a straightforward and user-friendly open-source port scanner. It is available for Windows, macOS, and Linux and allows you to scan IP addresses and ports quickly. This tool is great for basic network scanning tasks.

Protocol Analyzers#

A protocol analyzer, often referred to as a network analyzer or packet analyzer, allows you to dissect and analyze the communication between networked devices at a granular level. It’s particularly useful for diagnosing complex network problems and ensuring proper protocol implementation. How do they work?:

  • Protocol analyzers decode network packets and display their contents in a human-readable format.

  • They can identify issues such as malformed packets, incorrect sequence numbers, or protocol-specific errors.

Consider a scenario where a file transfer between two servers is failing intermittently. Using a protocol analyzer, you can examine the FTP or SMB protocol traffic to identify any abnormalities, such as retransmissions or authentication failures, which may be causing the issue. Software examples incude:

Ethereal (Now Wireshark) (Free and Open Source): Ethereal, which has now been merged into the Wireshark project, was a popular protocol analyzer. Wireshark, as mentioned earlier, allows you to analyze network packets and decode their contents. It is free, open-source, and available on various platforms.

Capsa Free (Free and Paid Versions): Capsa Free is a network protocol analyzer available for Windows. While it offers a free version, there are also paid versions with more advanced features. It provides real-time network monitoring and in-depth analysis of network protocols.

WiFi Analyzers#

WiFi analyzers are specialized tools used to assess the performance and security of wireless networks. They provide insights into signal strength, channel interference, and connected devices. The way they work is:

  • A WiFi analyzer scans the airwaves, detecting nearby access points and their signal strengths.

  • They can help you select optimal channels, identify interference sources, and troubleshoot wireless connectivity issues.

  • They can often also identify rogue acess points!

If users in an office complain about slow WiFi, a WiFi analyzer can reveal if the problem is due to overcrowded channels or interference from neighbouring networks. You can then make informed decisions about adjusting channel configurations or relocating access points to improve performance. Some examples of software include:

inSSIDer (Free and Paid Versions): inSSIDer is a WiFi analyzer that helps you visualize and optimize your wireless network. While it offers a paid version with advanced features, there is also a free version available. inSSIDer provides information about signal strength, channel interference, and neighboring access points.

NetSpot (Free and Paid Versions): NetSpot is a WiFi analysis and survey tool available for Windows and macOS. It helps you visualize your wireless network’s coverage, signal strength, and interference. NetSpot offers a free version and paid versions with additional features for professionals.

Bandwidth Speed Testers#

Bandwidth speed testers help measure the actual speed of an internet connection. They are useful for assessing network performance and verifying whether you are getting the internet speed you are paying for from your service provider. It’s important to remember that a bandwidth speed tester alone can’t identify where an issue is – it’s possible that a slowdown may be either on your network or the service provider’s network. Therefore you’ll often use diagnosistcs from your router, or network monitoring software to check the speed between your device and Gatway router – so, how do bandwith speed testers work?:

  • Bandwidth speed testers initiate download and upload tests to gauge the speed of your internet connection.

  • They provide results in terms of download and upload speeds, as well as ping latency.

If an organization experiences sluggish internet performance, a bandwidth speed tester can help determine whether the issue lies with the internet service provider or an internal network problem. Firstly, a network engineer might check with their router or switches networking monitoring dashboard, or use dedicated network monitoring software to verify that the issue does not lie in the LAN. After this, they can use a bandwidth speed tester - If the test results indicate significantly lower speeds than expected, it may be time to contact the ISP or investigate network congestion.

Some tools include –

Speedtest by Ookla (Free and Paid Versions): Speedtest by Ookla is a widely recognized tool for measuring internet speed. It offers a web-based version and mobile apps for various platforms. While it offers a free version, there are also paid versions for more advanced features. Speedtest provides information about download and upload speeds, as well as ping latency.

Fast.com (Free): Fast.com is a simple and free web-based bandwidth speed tester developed by Netflix. It’s a no-frills tool that quickly measures your internet download speed. It’s convenient for a quick check of your connection’s performance.

Tip: Another (less accurate) way to test network speed on the LAN is to initiate a file transfer between two devices over the network segment you wish to test. Because of protocol overhead as well as other congestion on the link, this approach is not definitive but can give you a quick indication of relative speed. If you usually expect to transfer at roughly 1Gbps and suddenly can’t break 500Mbps, the issue probably lies in the LAN.

Final Words#

Network troubleshooting software tools play a crucial role in identifying, diagnosing, and resolving network issues. Whether you’re dealing with connectivity problems, security concerns, or performance issues, having a toolkit that includes packet sniffers, port scanners, protocol analyzers, WiFi analyzers, and bandwidth speed testers will empower you to efficiently address a wide range of network challenges much more quickly. These tools provide the visibility and data necessary to maintain a reliable and secure network infrastructure. In many circumstances, it’s best to use multiple tools together or to verify individual aspects with command line tools to really narrow down the cause of an issue.