Programs for system administrators, programs for the network. Monitoring computers on the local network Download the network monitoring application

Monitoring local network is a continuous process that involves monitoring the production network. The process performs the following functions:

1. Timely detection of errors and malfunctions.
2. Adequate and quick response to errors and malfunctions.

The system administrator monitors the network status.

For ease of use, various software alerts. One such application is the following development — Total Network Monitor from Softinventive Lab.

Monitoring systems

The main requirements that should be in network monitoring software are highlighted:

1. Support all types network connections, including wifi networks.
2. Monitoring network activity.
3. Determination of the detail of system and network services.
4. Analysis remote computers and web servers.

Monitoring systems must provide reports about events over certain time periods. It is important to retain all activity listings and archive them in an appropriate log.

It is necessary to distinguish between tools that provide control over external access to the network and software, which is important for monitoring internal network processes.

Network activity monitoring is defined as follows:

1. An application with a certain period sends requests according to the necessary ip network addresses.
2. If the result of such a request is incorrect or unsuccessful, a signal is sent to the system administrator.
3. Automatic detection of actions that are regulated by the network protocol.

Monitoring methods

There are many methods and tools for monitoring network connections. The features of their use depend on the goals of the process, network configuration, file system etc.

Basic methods:

1. Protocol analyzers. These systems are needed solely to control network traffic.
2. Integrated management and analysis systems. Used for software and hardware environments. Provide control over certain programs, sections of communications and individual devices on the network.
3. Network management. This includes software that collects data about network processes and the state of the hardware unit. All network traffic is monitored.
4. Cable equipment. Certifies and tests cable networks.

The Total Network Monitor program is now one of the most relevant applications for monitoring work networks. The software provides timely tracking of problems, checks the software for relevance and works with anti-virus databases.

Today, the success of many enterprises and organizations depends to a great extent on the reliability and quality of the networks used and network applications. Network monitoring, which refers to the systematic monitoring of key indicators of the functioning of the network and network applications, helps to detect and eliminate emerging and emerging problems in their operation to maintain the quality of user service at the proper level. In addition, network monitoring is essential to ensure information security, since it allows you to identify dangerous user actions and malware.

Types of network monitoring

There are passive and active network monitoring. With passive monitoring, key indicators of the functioning of the network and network applications are monitored by analyzing the real traffic of the operating network, “observed” at its various points, and with active monitoring, specially generated test traffic is used to determine these indicators.

In turn, there are three main types of passive monitoring: packet-based monitoring (capture and analysis of network packets using monitoring tools), SNMP monitoring (interrogating SNMP devices to obtain information about their status and traffic) and flow-based monitoring (collecting information about traffic flows using xFlow protocols, etc.).

A type of passive monitoring, packet-based network monitoring is performed by passive (not transmitting test traffic) monitoring devices that analyze captured packets.

Optimal connection of passive monitoring devices

IT professionals use various devices Passive monitoring devices (including protocol analyzers, RMON probes, NetFlow collectors, IDS/IPS systems, and probes capable of recording large volumes of network traffic) designed for in-line or out-of-band connection to network lines.

Kaspersky Internet Security

For out-of-band connection of monitoring devices, it is best to use special network taps.

The network tap is connected to the network line break. Passing duplex traffic transmitted over the line through itself, the network tap copies its halves (counter packet flows) into its monitoring ports intended for connecting monitoring devices (see figure). Unlike an Ethernet switch with SPAN ports, a network tap never discards any packets, including defective ones, and thus provides 100% (!) control of traffic on the line.

Network taps do not impact or reduce network reliability because during a power failure, a copper tap remains transparent to monitored traffic, while a fiber tap is a passive device that requires no power at all. Additionally, since a monitoring device connected via a tap does not require an IP address, it is isolated from the network, greatly reducing its exposure to hacker attacks.

A wide range of copper and fiber network taps are available to support a variety of maximum speeds data transfer - from 10 Mbit/s to 100 Gbit/s. In addition to conventional taps, regenerating taps are produced, which are used when the same traffic needs to be controlled using several different devices monitoring simultaneously. The regenerating coupler differs from a conventional tap in the increased number of monitoring ports. If the number of network channels that need to be monitored exceeds the number of available monitoring devices, you can use an aggregation tap, which combines traffic from several monitored channels and outputs the total flow through several of its monitoring ports (see figure). However, the rate of this flow may exceed the capacity of the monitoring device port, resulting in unacceptable packet loss. To reduce the likelihood of packet loss, you need to select an aggregation tap model with a sufficiently large buffer memory.

Operation of aggregation and network taps

Overloading of the monitoring device can also occur when it is connected to a faster network channel (for example, if an analyzer with a 1GE port is connected to a 10GE channel using a 10-Gigabit tap). To reduce the load on monitoring devices, pre-filtering of spur traffic is widely used so that the device receives only the data it needs to perform its primary functions (for example, related to network intrusion detection). Also, using a load balancing device, high-speed traffic can be divided approximately equally between multiple monitoring devices. In this case, it is often important that the integrity of the transmitted packet streams is maintained, that is, all packets belonging to the same stream must arrive at the same monitoring device in a group of load-balanced devices.

Traffic filtering and load balancing help protect investments in existing monitoring devices as increasingly high-speed network technologies are implemented. The functions of aggregation, regeneration, traffic filtering and load balancing are available in network packet brokers. Thus, if monitoring devices must frequently switch from one monitored channel to another and/or require traffic filtering and load balancing functions, you should connect these devices to network taps or SPAN ports through network packet brokers, rather than directly.

Use a bypass switch if you need to implement a trouble-free inline connection to a monitoring or information security device (for example, IPS). If this device stops functioning for any reason, the bypass switch will direct traffic around it and thereby preserve (for users) the availability of critical services and applications (for more details, see “Solutions for inline connection of monitoring devices”).

Ixia, a Keysight Business, produces a wide range of taps, bypass switches, and network packet brokers in the Vision family. Vision devices switch, aggregate, regenerate, filter and evenly distribute traffic to be monitored across monitoring devices connected to them. The most intelligent broker models in this family - Vision ONE and Vision 7300 - perform a broader set of functions, including deduplication and truncation of packets, providing them with highly accurate timestamps, identifying and monitoring application traffic (for more information, see “Functionality of Ixia monitoring solutions”). To centrally manage Vision network packet brokers installed on a controlled network, Ixia releases the Ixia Fabric Controller (IFC) solution.

The market for network monitoring systems offers a comprehensive new generation Intelligent Monitoring Fabric (IMF) solution from cPacket Networks. Compared with traditional network monitoring systems, the IMF solution has improved scalability, increased productivity, provides a more in-depth analysis of network operation, reduces operating and capital costs. The IMF includes monitoring nodes that have the functions of a network packet broker and a network analyzer.

Cloud control

With cloud computing exploding in popularity, IT professionals must ensure data and application security, optimize cloud performance, and resolve cloud performance issues as quickly as possible. To perform the above tasks, cloud traffic control is required. Such control is provided by the Ixia CloudLens platform, designed to monitor the operation of private, public and hybrid clouds. In the process of monitoring the operation of a public cloud, the CloudLens platform operates in this cloud and provides a monitoring service with traffic filtering capabilities. CloudLens has a unique peer-to-peer architecture that retains all the benefits of cloud computing, including flexibility and on-demand scalability. The peer-to-peer architecture provides direct connections between cloud instances that generate monitored traffic and virtual monitoring devices. Competing solutions use a central node that aggregates and filters traffic. Such a monitoring system is less scalable, more expensive, and less flexible.

CloudLens peer-to-peer architecture

Part of the CloudLens platform is the CloudLens Private solution, focused on monitoring private clouds. This solution forks traffic from virtualized networks, processes the traffic, and delivers monitored packets to virtual or physical monitoring devices.

Take care of monitoring in advance

It is recommended to initially plan the implementation of the monitoring infrastructure as an integral part of the future network and, when building it, to install equipment for connecting monitoring devices along with other network equipment.

When organizing a network monitoring system, it is necessary to provide for the ability to monitor the traffic of critical network channels at the access, distribution and network core levels, as well as in the data center where the enterprise servers are located.

Since many high-speed lines are concentrated in the data center and in the network core, it is recommended to install multiport aggregation taps and network packet brokers there. The use of this equipment will reduce the number of network monitoring devices, since if it is possible to aggregate and switch traffic from key network points, there is no need to install a monitoring device at each of them.

Currently, high-speed network technologies, providing data transfer rates up to 100 Gbit/s. The use of these technologies makes it possible to significantly reduce the number of lines in the network core and reduce the cost of its maintenance, but at the same time the requirements for the reliability of each high-speed line increase, since its failure will affect the operation more users and applications. Obviously, during the operation of a data center or corporate network, the trunk line cannot be disconnected even for a few seconds in order to insert a fiber-optic tap into it to feed the traffic of this line to the monitoring device. Therefore, it is better to install taps on trunk lines initially (even at the stage of deployment of the cable system). This will make it possible in the future, if any problems arise, to quickly connect the necessary monitoring or diagnostic devices to the lines of interest without disconnecting them.

Our programs for system administrators They will help you keep abreast of everything that is happening in the computer park and the enterprise network, respond in a timely manner to equipment failures and software problems, and minimize costs and downtime. This page presents programs for monitoring the network, servers and hosts, for PC inventory, accounting installed programs and licenses, creating reports on the hardware of computers, to account for traffic on the network, to study the network topology and create graphic schemes local networks.

A network administrator may also find useful programs for searching files on local networks and auditing user access to file resources of servers over the network. All these programs will help the system administrator improve the performance of network devices and servers and ensure the proper level of security in the enterprise network.

10-Strike programs are included in the unified register of Russian computer programs of the Ministry of Communications and can participate in government procurement.

Programs for network administrator, network utilities

Computer Inventory (Pro) 8.5

— a program for inventory and accounting of installed software and hardware on computers on local networks. “Computer Inventory” allows system administrators to keep track of computers on the enterprise network, view the configurations of remote computers and lists of installed programs over the network, and track configuration and software changes. The program contains a powerful report generator. For example, you can create . At planning upgrades can be created report containing computers with insufficient disk space or random access memory . Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike LANState (Pro) 8.8r

— program for monitoring servers and computers on the network, allowing you to visually observe the current state of your network at any time. LANState monitors hosts on the network, tracks connections to network resources, monitors traffic, and signals various events. LANState contains many functions useful for network administrators: sending messages, shutting down remote computers, scanning hosts and ports, receiving various information from remote computers (access to the registry, event log, etc.). Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Network Monitoring (Pro) 5.5

— program for monitoring servers and other network devices, monitors the performance of the network and notifies the administrator of problems. Find out in time about a failure that has occurred (connection loss, server disk space running out, service stop, etc.) and fix the problem with minimal loss of time. The program signals problems using sound, on-screen messages, by e-mail, and can launch external programs and services, as well as reboot computers and services. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

"Software Accounting" 8.5

— a program for inventory and accounting of installed software on computers in local networks. "Software Accounting" allows network administrators to maintain a database of installed programs on network computers and track changes. The program contains a report generator. For example, you can create reports on the presence of certain programs on computers and their quantity.

Local network monitoring: systems and methods of operation

Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Network Diagram 3.33

— program for constructing a local network diagram, allowing you to detect network devices and place them on the map. If your switches support the SNMP protocol, the program will draw connections between devices automatically. All that remains is to move the device icons with the mouse and your network diagram is ready. You can modify the diagram using powerful built-in editing tools, add connections, apply inscriptions, draw areas, fill them with different colors. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Traffic Accounting 3.7

— network traffic accounting program, monitors the volume of downloaded data and the speed of information transfer on the network. You can monitor traffic both on user computers and on switch ports. Alerts allow you to know in time about traffic overload on any port. You can monitor the distribution of loads on the channel in real time, build graphs, diagrams and reports. All collected traffic consumption data is stored in a database for statistical analysis and reporting. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Remote Access 5.0

— program for managing remote computers over the network. You can configure access to computers of network users and administer their PCs remotely. The program provides a Helpdesk mode for providing technical assistance. support for remote clients via the Internet. You can connect to PCs and servers within the network, or access computers on the Internet using accounts or hardware IDs. In this case, there is no need to forward ports through the router/router. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Network File Search (Pro) 2.3r

— program for searching files on local network computers(via NetBios and FTP protocols). Enter a phrase or file masks and search necessary information. When viewing search results, found files can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. You can set filters by file size and modification date. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Connection Monitor (Pro) 4.8r

— program for monitoring network connections of users over the network to a shared folderand files, allows you to find out in time about connections of network users to your computer. The program feeds sound signals, displays alerts on the screen, and keeps a detailed log of connections, which records information about who connected to the network folders computer, what files were opened, etc. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike: Network Scan 3.0 FREE!

— scanner of local networks, IP addresses and hosts. This free program allows you to scan your local network and detect active hosts, computers and servers. Supports scanning of IP address ranges and many protocols for detecting network devices (ICMP ping, searching for open TCP ports, NetBios, SNMP, UPnP, ...). If you have administrator rights, you can read many useful information. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Sets of network programs for system administrators

Software suites for system administrators allow you to save money when purchasing several of our network programs or all at once. Get three programs for the price of two and so on. For example, when purchasing Full set of administrator programs in option " for the organization"(without restrictions on the number of workstations), consisting of all our programs for network administrators, you can save up to 100,000 rubles or 45%!

Other utilities

10-Strike SearchMyDiscs 4.43r

— CD cataloger (CD, DVD).

With its help you will quickly find necessary files on CDs and DVDs in your collection. SearchMyDiscs helps you organize your CD collections and DVD discs, allowing you to find required disk in a few seconds. If you are tired of searching for the right disk every time, this program is for you! Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

10-Strike Log-Analyzer 1.5

— Apache web server Raw log file analyzer. Creates various reports and histograms. The program has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who is coming to you and from where. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Payment and delivery

When ordering programs legal entities Payment by bank transfer is accepted. Invoices are issued in in electronic format, a contract is concluded. Electronic delivery: the distribution kit is downloaded from our website, registration keys are sent after payment by e-mail. After payment, the original contract and documents for accounting are sent to the buyer by mail.

Issue an invoice (specify necessary programs and types of licenses, your details and the name of the director for the agreement)

All our programs are also presented in the Softkey and AllSoft online stores (follow the “buy” links from our website).

Network monitoring

Introducing ZABBIX - a program for monitoring and analyzing all the main parameters of a local network.

Why do you need a local network monitoring system?

Local network monitoring

The ZABBIX solution allows you to quickly assess and diagnose the state of the local network as a whole, carry out express monitoring of the main parameters of local network servers, and monitor network equipment and workstations.

Server monitoring

The system administrator will always know how much free space left for hard drives, how much the processors and RAM are loaded. Thus, based on objective data, decisions can be made on redistributing the load between servers, upgrading existing servers, or on the need to purchase additional ones.

Prompt notification of emergency situations

The most important function of ZABBIX is to notify personnel of any impending or emerging problems. The operational notification mechanism includes services for sending electronic mail messages (e-mail) and SMS via channels mobile communications. Using remote monitoring of local and computer network Your company's system administrator, even while away from the office, will be able to prevent possible failures and troubleshoot problems that arise.

Emergency prevention

Zabbix can warn the system administrator, for example, that the server's hard drive is about to run out of space, about increased CPU load, or about RAM loading. Thus, the system administrator can take measures to prevent it even before an emergency occurs.

What interface does the local network monitoring system have?

For operational online monitoring of network status, diagnostics and analysis of load parameters of server equipment, ZABBIX provides a convenient WEB interface. Thus, thanks to advanced monitoring and analysis of the basic parameters of the local network, network and server equipment, the system administrator from any location will have access to such critical parameters as decreasing volume disk space, increased load on local network server processors, RAM overload and much more.

What is network monitoring and why is it needed?

How much does the ZABBIX local network remote monitoring system cost?

Why is it profitable for you to order the implementation of a local network monitoring system from us?

Setting up ZABBIX, like any complex software product, requires high qualifications and experience, the work of setting up ZABBIX is very responsible and painstaking. Our system administrators have extensive experience in configuring and supporting remote monitoring systems and are fluent in the technology of its installation and configuration.

Implementation of the ZABBIX network monitoring system includes:

How much does it cost to install and configure a local network monitoring system?

* At large quantities nodes of the same type are given a discount

You can also contact us by phone. Call us!

7 (495) 665-2090

ZABBIX is a completely free application

Zabbix is ​​written and distributed under the GPL General Public License version 2. This means that its source code is freely distributed and available to an unlimited number of people.

Express audit of the local network and preparation of technical specifications

Installing the ZABBIX system on your equipment

Configuring ZABBIX to monitor key local network nodes

Installing ZABBIX clients on the main nodes of the local network

Setting up notifications to the system administrator's email

The mantra of the real estate world is Location, Location, Location. For the world of systems administration, this sacred text should read like this: Visibility, Visibility and Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A disaster inevitably awaits you. Luckily for you, there are many available on the market now. good programs, both commercial and open source code, capable of establishing your network monitoring.

Because good and free is always more tempting than good and expensive, here's a list of open source software that proves its worth every day on networks of all sizes. From device discovery, monitoring network equipment and servers, to identifying network trends, graphically representing monitoring results, and even creating backup copies switch and router configurations - these seven free utilities will most likely surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author Tobias Oetiker saw fit to write a simple charting tool using the ring database originally used for displaying bandwidth router on the local network. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), allowing you to store, process and graphically display dynamic information such as network traffic, processor load, temperature, and so on. RRDTool is now used in a huge number of open source tools. Cacti is the current flagship open source network graphics software and takes MRTG principles to a whole new level.

From disk usage to fan speed in the power supply, if the indicator can be monitored,Cacti will be able to display it and make this data easily accessible.

Cacti is a free program included in the LAMP suite of server software that provides a standardized software platform for creating graphs based on almost any statistical data. If any device or service returns numeric data, then it can most likely be integrated into Cacti. There are templates for monitoring a wide range of equipment - from Linux and Windows servers to Cisco routers and switches - basically anything that communicates using SNMP (Simple Network Management Protocol). network management). There are also collections of third-party templates that further expand the already huge list of Cacti-compatible hardware and software.

Although the standard method for collecting Cacti data is SNMP, Perl or PHP scripts can also be used for this. The software system's framework cleverly separates data collection and graphical display into discrete instances, making it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and individual parts of the charts simply by clicking on them and dragging.

So, for example, you can quickly look at data from several past years to understand whether current behavior network equipment or server is abnormal, or similar indicators appear regularly. And using Network Weathermap, a PHP plugin for Cacti, you can easily create real-time maps of your network, showing the congestion of communication channels between network devices, implemented using graphs that appear when you hover your mouse over the image of a network channel. Many organizations using Cacti display these maps 24/7 on wall-mounted 42-inch LCD monitors, allowing IT teams to instantly monitor network congestion and link health information.

In summary, Cacti is a powerful toolkit for graphically displaying and trending network performance that can be used to monitor virtually any monitored metric represented in a graph. This decision also supports virtually limitless customization options, which can make it overly complex for certain applications.

Nagios

Nagios is an accomplished software system to monitor a network that has been under active development for many years. Written in C, it allows you to do almost everything that system and network administrators might need from a package application programs for monitoring. The web interface of this program is fast and intuitive, while its server part is extremely reliable.

Nagios can be a challenge for beginners, but the fairly complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, Nagios has a very active community behind it, so various plugins exist for a huge range of hardware and software. From simple ping checks to integration with complex software solutions, such as, for example, WebInject, a free software toolkit written in Perl for testing web applications and web services. Nagios allows you to constantly monitor the status of servers, services, network links and everything else that understands the IP network layer protocol. For example, you can monitor the use of disk space on the server, RAM and CPU load, the use of the FLEXlm license, the air temperature at the server outlet, delays in the WAN and Internet channel, and much more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios does this well: the software platform offers a customizable mechanism for notifications via email, SMS and instant messages of most popular Internet instant messengers, as well as an escalation scheme that can be used to make smart decisions about who, how and when under what circumstances must be notified that under correct setting will help you provide many hours of restful sleep. And the web interface can be used to temporarily pause receiving notifications or confirm a problem has occurred, as well as for administrators to make notes.

In addition, the mapping feature shows all monitored devices in a logical, color-coded representation of where they are on the network, allowing problems to be shown as they occur.

The downside to Nagios is the configuration, as it is best done through the command line, making it much more difficult for newbies to learn. Although people familiar with standard files Linux/Unix configurations, you should not experience any special problems.

The capabilities of Nagios are enormous, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits this tool provides for so many aspects of the network can't be overstated.

Icinga

Icinga started out as a fork of the Nagios monitoring system, but has recently been rewritten into independent decision, known as Icinga 2. On this moment Both versions of the program are in active development and are available for use, while Icinga 1.x is compatible with a large number of plugins and Nagios configuration. Icinga 2 was designed to be less clunky, more performance oriented, and easier to use. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 offers.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks IP, as deep as you can using SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this monitoring software solution and Nagios is the configuration, which can be done through the web interface rather than through configuration files. For those who prefer to manage their configuration externally command line, this functionality will be a real gift.

Icinga integrates with a variety of monitoring and graphing software packages such as PNP4Nagios, inGraph and Graphite, providing robust visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet into switches and search by MAC address to find devices on your network, or you just want to be able to determine the physical location of certain equipment (or perhaps even more where it was previously located is important), then you might be interested in taking a look at NeDi.

NeDi constantly scans the network infrastructure and catalogs devices, tracking everything it discovers.

NeDi is free software, related to LAMP, which regularly scans the MAC addresses and ARP tables on the switches on your network, cataloging each detected device in a local database. This project is not as well known as some others, but it can be a very handy tool when working with corporate networks, where devices are constantly changing and moving.

You can run a search through the NeDi web interface to identify a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, pulling from them serial numbers, firmware and software versions, current timings, module configurations, etc. You can even use NeDi to mark MACs. addresses of devices that have been lost or stolen. If they reappear online, NeDi will notify you.

Discovery is run by a cron process at specified intervals. Configuration is simple, with a single configuration file that allows for much more customization, including the ability to pass devices based on regular expressions or specified network boundaries. NeDi typically uses the Cisco Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connects to them to collect their information. Once the initial configuration is established, device discovery will occur quite quickly.

NeDi can integrate with Cacti to a certain level, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project—now better known as Ntopng to the “new generation”—has come a long way over the past decade. But call it what you want - Ntop or Ntopng - the result is a top-notch network traffic monitoring tool paired with a fast and simple web interface. It is written in C and is completely self-contained. You start one process configured to a specific network interface, and that's all it needs.

Ntop is a web-based packet analysis tool that shows real-time data about network traffic. Information about the data flow through the host and the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and historical network traffic, including the protocol, source, destination, and history of specific transactions, as well as the hosts on both ends. Additionally, you'll find an impressive array of real-time network utilization graphs, charts, and maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even find Nbox, a hardware monitor that is built into Ntop.

In addition, Ntop includes an API for the Lua scripting programming language, which can be used to support extensions. Ntop can also store host data in RRD files to enable continuous data collection.

One of the most useful uses of Ntopng is to control traffic at a specific location. For example, when some network channels are highlighted in red on your network map, but you don’t know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefits of such network visibility are difficult to overestimate, and it is very easy to obtain. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is ​​a full-blown network and system monitoring tool that integrates multiple functions into a single web console. It can be configured to monitor and collect data from a wide variety of servers and network devices, providing maintenance and performance monitoring for each site.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on controlled systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors, providing detailed data about hypervisor performance and activity. Special attention also focuses on monitoring Java application servers, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; Widely used services such as SMTP and HTTP, as well as ICMP and IPMI for detailed monitoring of network hardware. In addition, custom checks written in Perl, Python or almost any other language can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and issue escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so your script can run on a monitored host if certain event criteria are observed.

The program displays performance data such as network bandwidth and CPU load in graphs and aggregates it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows that display the current status of monitored devices.

Zabbix can be difficult to implement initially, but judicious use of automatic discovery and various templates can alleviate some of the integration difficulties. In addition to being an installable package, Zabbix is ​​available as a virtual appliance for several popular hypervisors.

Observium

Observium is a program for monitoring network equipment and servers, which has a huge list of supported devices that use the SNMP protocol. As LAMP software, Observium is relatively easy to install and configure, requiring the usual Apache, PHP and MySQL installations, database creation, Apache configuration and the like. It installs as its own server with a dedicated URL.

Observium combines system and network monitoring with performance trend analysis. It can be configured to track almost any metrics.

You can login GUI and begin adding hosts and networks, as well as defining auto-discovery ranges and SNMP data, so that Observium can explore the networks around it and collect data on each system it discovers. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to assist in data collection.

All this collected information is available through an easy to use user interface, which provides advanced capabilities for displaying data statistically, as well as in charts and graphs. You can get anything from ping and SNMP response times to graphs of throughput, fragmentation, number of IP packets, etc. Depending on the device, this data may be available for every detected port.

As for servers, Observium can display status information for them central processor, RAM, data storage, swap, temperature, etc. from the event log. You can also enable data collection and graphical display of performance for various services, including Apache, MySQL, BIND, Memcached, Postfix and others.

Observium works well as a virtual machine, so it can quickly become the primary tool for obtaining information about the health of servers and networks. This is a great way to add automatic discovery and graphical representation to any size network.

Too often, IT administrators feel limited in what they can do. Whether we're dealing with a custom software application or an "unsupported" piece of hardware, many of us believe that if the monitoring system can't handle it right away, it won't be possible to get the data we need in that situation. This is, of course, not true. With a little effort, you can make almost anything more visible, accounted for, and controlled.

An example is a custom application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and diagrams, designed in one form or another. If you're already using, say, Cacti, you have several options to output the collected data in the required format. You could, for example, write a simple Perl or PHP script to run database queries and pass those calculations to Cacti, or you could use an SNMP call to the database server using a private MIB (Management Information Base). control information). One way or another, the task can be completed, and done easily, if you have the necessary tools for this.

Most of the free network equipment monitoring utilities listed in this article shouldn't be difficult to access. They have packaged versions available for download for the most popular ones Linux distributions, unless they are initially included in it. In some cases they may be pre-configured as virtual server. Depending on the size of your infrastructure, these tools can take quite a bit of time to configure and configure, but once they're up and running, they'll be a solid foundation for you. At the very least, it's worth at least testing them.

No matter which of these above systems you use to keep an eye on your infrastructure and equipment, it will provide you with at least functionality another system administrator. Although it can’t fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent up front on installation and configuration will pay off in spades. Also, be sure to run a small set of standalone monitoring tools on another server to monitor the main monitoring tool. This is a case where it is always better to watch the observer.

Always in touch, Igor Panov.

If you want to find out how much traffic your Windows computer consumes per certain time, then you need to use third-party solutions. Only current network consumption values ​​are available in Task Manager or Resource Monitor, so these tools are not suitable for monitoring traffic over a specific period. Some routers and modems collect data on traffic consumption - you can view these values ​​by accessing the device admin panel.

Why monitor consumed traffic at all? Traffic accounting is simply necessary when using metered Internet connections, but it can also be useful on unlimited tariffs.

Some Internet providers limit monthly traffic on certain plans. If the limits are exceeded, the user either needs to pay for an additional quota or be content with a reduced connection speed until the end of the reporting period. Traffic monitoring allows you to avoid such unpleasant situations.

Traffic analysis allows you to better understand how much data you consume during a reporting period. This information will be useful when changing your Internet provider or tariff plan.

The tools presented below are designed to track traffic on Windows computers. All programs are free and tested on computers running Windows 7 and Windows 10.

– free utility for traffic monitoring in Windows. The program tracks daily, weekly and monthly traffic consumption and displays a widget on the desktop with visualization of data transmission and reception processes.

Users can configure alerts, set provider restrictions, and calculate traffic using the built-in calculator. BitMeter II allows you to run a counter, during which you can monitor various connection metrics.

The Statistics section displays traffic consumption data for the last few hours, days and months. You can view them in graphical or tabular form.

GabNetStats

– portable program for devices Microsoft Windows, which allows you to track consumed traffic and other indicators. The program launched without any glitches on all test systems and immediately began monitoring traffic.

Left clicking on the system tray icon opens a graph and traffic statistics. The widget closes automatically after five seconds, but you can change this behavior and make the widget always appear on your desktop.

The program tracks data bytes sent and received, average connection speed and many other parameters. Select Advanced Statistics to view the total number of packets received and sent, the number of routes and IP addresses, and TCP/IP configuration information.

The developer's website is no longer available, but you can download the program from our website.

Note: To install this program in new versions of Windows 10, it is recommended to configure compatibility with earlier versions Windows versions. To do this, click right click mouse over the downloaded file and select Properties > Compatibility > Run the program in compatibility mode with: previous version Windows.

NetSpeedMonitor shows incoming and outgoing traffic in the taskbar notification area (system tray). Hover your mouse over an icon to view traffic for a specific session, day, or month. Right-clicking opens the available parameters and traffic statistics interface for a certain period.

The program is available as a separate installer and a portable version. The utility is fully compatible with all modern versions of Windows.

Note: portable version gave an error in Windows 10 when trying to start without administrator rights.

When launched, NetTraffic displays a graph of network activity on the desktop with the amount of data sent and received. By default, the window is always shown in the foreground, but you can disable this mode, change window sizes and other operating parameters.

Right-clicking on the icon in the system tray provides access to parameters, statistics and additional tools. In the statistics section, you can view traffic consumption for a selected period or for individual time intervals: month, day or year.

In the settings, you can change the widget design and set a quota for the amount of traffic. Available network utilities include ipconfig, netstat and route.

The program covered free of charge, now new versions have become paid. At the same time, the past free version The utility (Networx 5.5.5) is still available for download on our website and has no limitations in functionality.

Immediately after launch, Networx begins monitoring traffic consumption, and an application icon appears in the system tray. Double clicking on the icon opens statistics: you can view general data, as well as data for the day, week, month, and a breakdown of data by application. For convenience, different data views are placed on separate tabs.

You can use the program to monitor the traffic consumed by individual applications. To do this, go to Settings > General and in the section Watch connections enable the option Ignore local traffic (within the network).

Right-click on the system tray icon to access additional features. You can enable the widget to display on your desktop to monitor your traffic consumption in real time, run a connection speed measurement, or open a screen for setting quotas.

Several network tools are available to users, such as trace route or ping.

comparison table

Unfortunately, some of the tools listed are no longer supported. Without a doubt, it is the most professional traffic monitoring solution with powerful functionality, but the free version of the utility is also no longer supported by the developer.

At the same time, it is worth noting that Microsoft is testing a built-in tool in Windows 10 (version 2003), which is expected to be released in spring 2020.

A hack employee is a disaster for any enterprise or company. Therefore, the question constantly arises of how to monitor an employee’s work computer and ensure that there are no unauthorized actions.

Let us immediately note that the employee must be informed (in writing, with a signature) that covert surveillance of the computer on the local network is being conducted. Perhaps only this fact will help to avoid violations and put the employee on the path of a “hard worker.” If not, then here is the solution for full control over computers on the local network.

Local network monitoring program

So, the software is called “Mipko Employe Monitor” - a version specifically for corporate networks.

After installation and launch, and you can run it from the desktop or by pressing “ctrl+alt+shift+k”, you need to configure the user interface - what exactly needs to be monitored and controlled on the local network.

1. 1. At the top left is a section where you select a user from your network whose log is currently being monitored: when expanded, a list of recorded actions will be displayed (depending on the settings).

1. 2. Now directly about the functionality of “Tools” - “Settings”. For each user, the tracking parameters can be configured individually.

Monitoring allows you to track the following actions:

• - keystrokes;
• - screenshots;
• - activity on social networks;
• - messaging on Skype;
• - websites visited;
• - saving the clipboard;
• - program activity;
• - pictures from a webcam;
• - call recording;
• - operations with files.

Quite extensive functionality. The main thing that an employer is usually interested in when monitoring users on a local network is screenshots and websites visited.

In order not to face claims of interference with personal information (for example, if you set up a view of the web pages you visited and saw personal correspondence on social networks), set the blocking of all social networks and chats, as well as a ban on installing third-party software - only what is required for work.

Remote monitoring of a computer on a local network

As a rule, the employer is interested in only two aspects - a screenshot of the local network user’s computer and his viewing of web pages (as mentioned above, employees are familiar with this information).

1. 3. Screenshot settings include the following components:

• - selection of time interval, indicated either in minutes or seconds;
• - take a photo when opening a window;
• - take a photo with a mouse click;
• - do not take a photo when you are not active;
• - snapshot mode ( Full Screen, window);
• - and the quality of the image.

1. 4. In the “visited websites” section, it’s even simpler: select the “interception type” and whether to save a screenshot.

1. 5. Now about where all this will be saved or sent. In the settings section “Sending”:

• - first, set the “Log type” and the pop-up list;
• - set in what format the report “HTML” or archive “ZIP” will be saved;
• - select the sorting type and time interval for sending the report;
• - the most basic thing is where the report will be sent: to email/ftp/folder on your computer.
• - then enter your username and password and click “Apply”.

That's it, now the employees are, as they say, “Under the hood” - you can monitor the users of the local network.

You most likely know that it has a built-in firewall. You may also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But did you know that the Windows firewall can be used to log all connections passing through it?

Windows Firewall logs can be useful in solving specific problems:

• The program you are using cannot connect to the Internet, although this problem does not occur with other applications. In this case, to troubleshoot the problem, you should check whether the system firewall is blocking the connection requests of this program.
• You suspect that the computer is being used to transfer data malware and want to monitor outgoing traffic for suspicious connection requests.
• You have created new rules for allowing and blocking access and want to ensure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging as it requires a lot of fiddling with the settings. We will give a clear algorithm of actions on how to activate the registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of Windows Firewall. Open the Control Panel (right-click on the Start menu, select “Control Panel”), then click the “Windows Firewall” link if the view mode is small/large icons, or select the “System and Security” section, and then “Windows Firewall” ”, if the viewing mode is category.

In the firewall window, select the option in the left navigation menu “ Extra options”.

You will see the following settings screen:

This is the internal technical side of the Windows Firewall. This interface allows you to allow or block access of programs to the Internet, configure incoming and outgoing traffic. In addition, this is where you can activate the event logging feature - although it is not immediately clear where this can be done.

Accessing log settings

First, select the “Windows Firewall with Advanced Security (Local Computer)” option.

Right-click on it and select the “Properties” option.

A window will open that may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but relates to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a button to configure logging. Each log will correspond to a different profile, but which profile are you using?

Let's look at what each profile means:

• A domain profile is used to connect to wireless network Wi-Fi when the domain is set by a domain controller. If you are not sure what this means, please do not use this profile.
• The private profile is used to connect to private networks, including home or personal networks - this is the profile you are most likely to use.
• The general profile is used to connect to public networks, including chains of restaurants, airports, libraries and other institutions.

If you are using a computer in home network, go to the “Private Profile” tab. If you are using a public network, go to the “Public Profile” tab. Click the “Configure” button in the “Logging” section on the correct tab.

Activating the event log

In the window that opens, you can configure the location and maximum size magazine. You can set an easy-to-remember location for the log, but the actual location of the log file doesn't really matter. If you want to start event logging, set both the “Log missed packets” and “Log successful connections” drop-down menus to “Yes” and click the “OK” button. Running this feature all the time can cause performance issues, so only enable it when you really need to monitor connections. To disable the logging feature, set the value to “No (default)” in both drop-down menus.

Studying logs

Now the computer will record network activity controlled by the firewall. To view the logs, go to the “Advanced Settings” window, select the “Monitoring” option in the left list, and then in the “Logging Options” section click the “File Name” link.

The network activity log will then open. The contents of the log may be confusing to an inexperienced user. Let's look at the main contents of the log entries:

1. Date and time of connection.
2. What happened to the connection? The status “ALLOW” means that the firewall allowed the connection, and the status “DROP” indicates that the connection was blocked by the firewall. If you encounter problems connecting to the network of a particular program, you can definitely determine that the cause of the problem is related to the firewall policy.
3. Connection type - TCP or UDP.
4. In order: IP address of the connection source (computer), destination IP address (for example, a web page) and used on the computer network port. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they could be made by malware.
5. Whether the data packet was successfully sent or received.

The information in the log will help determine the cause of connection problems. The logs can record other activity, such as the target port or TCP acknowledgment number. If you need more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced network diagnostics

By using Windows Firewall logging, you can analyze the types of data being processed on your computer. In addition, you can determine the causes of network problems related to the firewall or other objects disrupting connections. The activity log allows you to familiarize yourself with the work of the firewall and get a clear picture of what is happening on the network.