Network Monitoring Tools for Windows and Linux

By Carla Schroder

The wise network admin employs an array of tools to monitor network activity. There are almost as many monitoring apps as network admins, here are some I’ve found to be useful and versatile. I like color pictures and graphs, you can’t beat scary little red icons for quickly identifying trouble spots.

Big Brother
Available for most major operating systems, including Linux, Windows, Mac, and Netware, Big Brother monitors system and network services. While Big Brother is quite sophisticated and customizable, its reporting concept is simplicity itself: green is good, red is bad. Not only are specific items marked by green or red icons, the status page background color also changes to green or red.

Big Brother operates in real time. It displays the information in both HTML and WML, for display on Web pages, and on WAP-enabled devices, such as wireless phones and PDAs. It uses standard client-server architecture, for networks or single machines. To monitor a single machine simply install the server and client components on the same machine. Use it to monitor CPU status, disk quotas, services, databases- it even comes with a hook for MRTG, Multi-Router Traffic Grapher, for monitoring bandwidth. One very nice use for BB is monitoring your Service Level Agreements- you’ll see quickly if they are not being kept, and have the data to prove it.

Out of the box, Big Brother supports a wide range of testing and reporting; it also supports creating additional plug-ins, written in the language of your choice. It supports email paging, alpha-numeric paging, or even write a custom module for the alert notification of your choice.

Of course, Big Brother uses port 1984, officially assigned by IANA, Internet Assigned Numbers Authority.

The documentation is good, here are a few important points:

On Unix/Linux, it must be installed from source. If you’re not comfortable with this, check the documentation for your OS, also see the Resources section below. Install Big Brother as root, but do not run it as root. Create a user account just for Big Brother, call it anything you like, as long it is not root. You might want to restrict access to BB’s Web or WAP pages, and definitely restrict incoming connections to authorized IPs only, via /etc/security.

MRTG, The Multi-Router Traffic Grapher
MRTG, written in Perl and C, is versatile and endlessly adaptable. MRTG generates HTML pages containing live traffic data in detailed, nicely readable graphs. MRTG uses SNMP (Simple Network Management Protocol) to collect traffic data from routers and other network links. It is helpful to understand SNMP before diving into MRTG.

Warning: CERT has issued an alert concerning multiple vulnerabilities in SNMP. As SNMP is widely used, chances are your network is affected. Please see for details.

One of its nicest features is the efficient way it limits log file size, without losing data. The uses for MRTG are limited only by your imagination. Some users have adapted it to monitor:

inbound and outbound email traffic
CPU load-to-disk usage
FTP usage
Frame relay stats
LDAP server
MRTG works on Unix/Linux/BSD, and Win32.

Now here’s the tool of choice for admins who don’t need a fancy GUI to keep an eye on their IP traffic, just the facts. IPTraf is quick to install and configure, as it does not require any Web-interface futzing. The current stable version is 2.5, for Linux only. IPTraf runs from the command line, and provides a sensible, logically-organized menu interface. IPTraf monitors just about every network protocol and interface there is, some examples are:

packets, bytes, and flags
TCP/UDP breakdown
LAN station monitor- view traffic data on user s PCs
ISDN, Ethernet, PPP
The LAN station monitor tracks nodes by their MAC addresses. As MAC addresses are a bit difficult to relate to, IPTraf allows assigning descriptions in colon-delimited text-format:

009027C57018:Carla_Schroder PC

Don’t put any colons or periods in the MAC address. A really slick benefit of this format is it allows linking to a database- most useful when you have a lot of nodes to track.

And of course there is filtering, to fine-tune the data you wish to view, and logging. IPTraf will even run in the background. View the logs to see what went on when you weren t looking.

IPTraf runs nicely on an older Pentium II, the minimum requirements are PII 200 mhz, 16 megs RAM. Realistically, more RAM is better, at least 64 megs, depending on how many nodes it is monitoring. Plug it in into any IP network.

The final entry in our network monitor roundup is Mon. I quote the creator: “mon is a general-purpose scheduler for monitoring service availability and triggering alerts upon detecting failures.” In other words, it’s a service monitor daemon: ftp, http, smtp, etc., and it sends an alert if they fail.

Mon is extremely configurable and customizable. It was developed to run on Linux, but as it is written in Perl, it is possible to port it to other platforms without too much aggravation. Write your own extensions and modifications, or take advantage of the many community-created tools. Mon is great for the do-it-yourselfer, probably too painful for the admin who wants something that works “out of the box”.

Visit the Web sites of these fine monitors to learn more. Each one has good documentation, and good user mailing lists.

A note on downloading: please be sure to use any method offered to verify the file integrity and authenticity of your downloaded files. MD5 is a common checksum utility, it works on many platforms, including Linux and Windows. You ll often find MD5 signatures in ftp directories, next to their associated files, or in the download instructions on the vendor’s Web site. Simply put the MD5 executable in the same directory as your downloaded file, change to that directory, then type


There may be an extended period of nothing happening before it reports the result. An MD5 signature is a long string of letters and numbers, like


If the signatures don’t match, most likely the download is corrupted, just try it again. Worst case is the ftp server has been compromised by a malicious user.

Reprinted from

Small Business Computing Staff
Small Business Computing Staff
Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.