To be an effective network administrator, you have to be part diplomat (when interacting with managers, users, and other IT pros) and part mechanic (when dealing with malfunctioning software and systems). As with mechanics in other trades, you need a specific set of tools to diagnose and correct problems, and these tools can often be quite expensive.
However, every once in a while, free tools come along—and sometimes they're even pretty good. I recently stumbled across some invaluable networking tools from AnalogX, and I was thrilled to discover that the author is a programmer who offers them as freeware to contribute to the general good of techies everywhere.
Although a number of networking tools are available from AnalogX, I am particularly fond of two: HyperTrace and NetStat Live. I am going to introduce these two tools and explain why I think they would make a valuable addition to the virtual toolbox of nearly every administrator.
One of the classic troubleshooting tools for network management is Traceroute. This tool allows you to identify the routing devices between two hosts and determine the time it takes a packet of data to travel between each host. This can be extremely valuable when a network link goes down because it helps you pinpoint where the problem is occurring (ISP, Frame Relay router, VPN server, etc.), especially if you periodically run a Traceroute when things are working so that you are familiar with the various "hops" a packet normally takes.
Traceroute is built into both Windows (using the tracert command) and UNIX/Linux systems (using the traceroute command). There are also online versions of Traceroute on sites such as GeekTools and expanded graphical versions such as VisualRoute.
For the most part, administrators rely heavily on the command line version of Traceroute that comes with Windows and Linux/UNIX. The main problem with this version is that it can be painfully slow. That's where AnalogX's HyperTrace comes in. This powerful tool is a small GUI program (Figure A) that provides the same functionality as Traceroute but produces results much faster.
I ran a trace on the same host with both Traceroute and HyperTrace. For a simple trace on an internal site over a VPN, Traceroute took 17 seconds and HyperTrace took 10 seconds. On a trace of an external site (I used yahoo.com), Traceroute took 38 seconds and HyperTrace took seven seconds.
By default, HyperTrace (like Traceroute) resolves IP addresses to host names. However, HyperTrace also gives you the option to not resolve host names and simply do a trace using IP addresses. This speeds things up dramatically. For example, my trace of yahoo.com took two seconds without resolving.
To select this option, you simply click on the Config button at the bottom of the HyperTrace window. In the Configure dialog box (Figure B), you can enable or disable DNS Lookup and Packet Loss.
If you enable the Packet Loss option, it will display the percentage of packets lost in the Loss column in the HyperTrace window. In my tests, this feature slowed down a trace significantly and didn't provide much value. When working with only IP addresses and without calculating packet loss, I found that HyperTrace produced results almost instantly.
Realistically, measuring bandwidth and network throughput should be easy, but unfortunately, it's fairly difficult to get a truly accurate assessment without purchasing expensive software and/or hardware. NetStat Live (NSL), another free utility from AnalogX, offers some nice metrics that can help analyze true bandwidth as well as bandwidth utilization. It provides a small desktop window filled with information on network data transfer (Figure C).
As you can see, NSL provides information on incoming and outgoing data by showing current throughput, average throughput, and maximum throughput. Underneath these numbers, it graphs the last 60 seconds of throughput. This information can be helpful in verifying the true data rate of a network connection and lets you quickly monitor the real-time data activity of a network connection.
By default, NSL tracks activity on all available network interfaces. One handy configuration option lets you limit NSL's reporting to a single network interface. This is especially helpful when you want to look at a single interface on a multihomed server or monitor a dial-up or VPN interface.
To select the interface you want to monitor, right-click in the NSL window and then select Configure. In the Configure dialog box (Figure D), the TCP/IP Interface drop-down list includes available interfaces. You can select All or select the specific address you would like to monitor.
For this example, I have chosen to monitor a VPN interface. If you look back at Figure C, you can see this interface at the top of the window, below the Local section. You can also configure a remote host by right-clicking on the NSL window, selecting Remote, and then entering an IP address or host name. NSL will ping this host and report the number of hops and milliseconds it takes to reach it from the local machine.
NSL can also monitor system threads and CPU utilization, so that you can pinpoint a slowdown to the system or the network when evaluating a machine that is having a problem. To select the items you want to monitor, right-click on the NSL window and select Statistics, and you will see the list of available items.
I also like the fact that you can go into Configure (Figure D) and set NSL to Always On Top. This allows you to open other applications and run them and watch the changes that occur in the NSL window. This is a great benefit during troubleshooting. To a lesser extent, you can also accomplish this by minimizing NSL. When minimized, NSL goes to the system tray in the form of a triangle with three lights. The bottom light shows the general state of the connection. The light on the right shows data receiving activity, and the light on the left shows data sending activity.
HyperTrace and NetStat Live are two small utilities that can be extremely useful to an administrator. HyperTrace makes the stalwart Traceroute utility much easier and faster to work with. NetStat Live provides a simple and unique tool for monitoring real-time data transmission on a network interface. And the author of these utilities has generously made them freeware to serve the public good. Administrators should put them to good use.
TechRepublic originally published this article on 13 March 2003.