Today I want to show you 7 network engineer tools I’ve used almost every day in my work as a network engineer. We will start with some simple and basic tools and also some advanced stuff. When you’re working as a network engineer or a network administrator you should have a look at all of them. They are all completely free and based on known industry standards.
I don’t want to step into too much detail on every tool, because especially on the last ones, you could to multiple hours of training courses. But I want to give you a brief overview of what they do and how I would recommend you to use them.
Ping is a simple and effective tool to test if a source computer can reach a specific destination computer. It will send a Ping request via the ICMP protocol and check if the destination computer responds to this request.
Ping exists like many network engineer tools on most Operating Systems right out of the box, however, it works a bit different on Windows and Linux. Check out the official ping documentation for Linux and Windows. To change the behavior of ping you can specify different attributes. For example, change the packet size, timeout values, or enforce ipv4 or ipv6 protocol.
Example (on Windows):
In this example, I’m using the ping command to check the hostname google.com. You can see the google server will respond to our Ping requests. It will also show us the delay between the Request and the Response.
Tipp: Although Ping might be an easy and simple tool, you can also do some more advanced stuff with it. For example, you can use it to determine the maximal packet size a destination host can process, to adjust the MTU size.
2. Tracert / Traceroute
In computing, traceroute (on Linux) and tracert (on Windows) are network engineer tools to observe route paths in computer networks. These tools are using the TTL, which basically defines the hop limit, is used to determine all intermediate hops between the source and the destination computer. If you are interested in how this works in detail, check out the Wikipedia page, it has a great article about this. For each hop, it will display the hop number, the IP address or DNS name, and the delay.
Example (on Windows):
Although both commands on Linux and Windows basically do the same thing, they are different in their implementation in the background. Tracert on Windows uses ICMP Requests just like Ping and traceroute on Linux uses UDP Requests.
It is also worth noting that some gateways tend to filter those ECHO Requests. So it might happen that some gateways won’t reply to these packets instead of other ones which do.
Tipp: traceroute / tracert is very useful to troubleshoot network issues based on routing. When you can’t reach a specific destination host you may check the route path. And you can identify the point in the network where the network packet is lost, and investigate at this specific gateway.
Nslookup is of the network engineer tools that are available on Linux and Windows to query the Domain Name System (DNS). It can look up IP addresses by name or other DNS records and also do IP reverse lookups.
In this example, we will look up the IP address of google.com. It will also show the IP address of the DNS server your computer will use to do the lookup. In my example, my computer will use the private router in my network which has the IP address 192.168.0.1.
You can also lookup other DNS records, for example, the MX record. The MX record is used to look up the IP address of the mail server that will be contacted when you send emails to this domain. For example, when you send an email to gmail.com your email server will look up the MX record and try to connect to this IP address.
Tipp: There are many use-cases where nslookup is helpful. For example, if you can’t reach a specific URL or DNS Name, you may check with nslookup if your DNS server is able to resolve that IP. Or if you have any trouble with your DNS server, nslookup is a basic tool to check relevant DNS entries.
IPerf is a nice and easy tool to measure network throughput between two peers. There are many possible use-cases such as to measure network throughput of VPN connections, MPLS connections, SD-WAN, etc. To do that you will need to use this tool on both peers, one as a server and one as a client. You can run several tests such as TCP streams or UDP streams in one or more concurrent connections.
In this example, I’m running IPerf on the server on port 5000. The client will connect to the server and start a TCP stream transferring with x concurrent connections. When the transfer is finished you will see the average bandwidth.
Tipp: IPerf is a useful network engineer tool to check the network throughput on any network connection. For example, measure throughput between VPN peers, SD-WAN connections, etc.
NMap is an advanced network scanner. It’s often used for security audits or networking device inventory. It can be used to scan single hosts to gather information about running services, the used operating system, etc. It can also scan multiple hosts in a vast network environment.
It also offers a huge amount of fine-tuning options on how to perform such scans.
Tipp: NMap is very helpful to troubleshoot network issues on a specific host or service. You can also use it to scan your entire network and do an inventory of all available devices, IP addresses, operating systems, services, etc.
WireShark is a fully-featured network protocol analyzer. You can capture and inspect all network packets that are sent to or being sent by your network interface. You can also save this to a file, or open a file that was created via a tcpdump on another machine and do your research.
WireShark offers a lot of powerful tools to follow certain data streams, identify network protocols, analyze issues on the network layers, or do statistics on them. It is a very complex and powerful tool that is the absolute gold standard in the IT industry when it comes to network protocol analysis.
Tipp: Wireshark is one of the best network engineer tools to troubleshoot network issues. But it’s also very useful to do technical research, for example, study for network certifications or recap how network protocols are working. It usually takes some time to get yourself familiarized with Wireshark. But once you get a better understanding of how to use it, it’s so powerful!
GNS3 is one of the best tools to create a virtual test lab for networking research. It is very common when you want to study for network certifications such as Cisco’s CCNA because it has lot’s of Ciscos network devices. You don’t need any hardware or buy network devices you would need to connect with cables. You can also install GNS3 in a server version that is based on KVM, so you can also add other images of commonly used network devices or clients including Linux, Windows Servers, etc.
Based on what is your hardware power you can even create large and complex network environments to configure devices, do Proofs-of-Concept as well. You can also run it in nested virtualization and install custom firmware images on those network devices.
Tipp: GNS3 is even a better way to research how network protocols are working. Because you can easily build up an entire networking test lab. You can also do packet captures on specific interfaces in your test lab and analyze them in Wireshark. This makes it the best network engineer tool to study for certifications.