Webinar Recap: Top 5 Utilities for Network Engineers

In a recent NetBeez webinar, I presented on “Top 5 Utilities for Network Engineers”, which ended up being one of the most popular webinars we have ever hosted! I talked about the command-line Linux utilities that you can use for troubleshooting, but the time constraints of a live webinar only allowed for a quick demonstration. In saying that, I would like to further explain the utility commands for you to follow along at your own pace.

How can you get access to a Linux console?

If you are new to Linux, there are many options to gain access to a Linux box for free (or at a very low cost):

  1. Mac OS: if you are a Mac user all you have to do is a open a terminal window. The operating system itself is based on Unix, which is a close cousin to Linux.
  2. Windows 10: you can use Linux-like environments such as Cygwin. In addition, in 2016, Windows 10 started supporting Linux as a native application.
  3. Cloud Linux: most major cloud providers like AWS, Azure, GCP, have free-tier offerings that you can use to spin up a Linux box in the cloud.
  4. Linux box: if you want to have your own Linux box, considerinvesting $50-$100 on a single board computers such as the Raspberry Pi, Odroid, or Beaglebone. Also, if you have an old laptop you can install Linux on it.

All of the utility examples below were performed on Debian-based Linux. Note: If you are using some other distribution, things might be slightly different.

The first thing that you need to do for each command is to install it on the OS (if it’s not installed already). Here are the commands to install the five utilities:

The protocol relies on a software agent that runs on each monitored device and replies to queries from a network management server (NMS). The NMS, also called SNMP poller, periodically requests each device utilization values of its resources to get a status update and verify that it’s working properly. If the value of one or more resources reported by the agent exceed a threshold set by the administrator, the server will generate an alert for the network administrator. An SNMP agent uses port UDP 161 to receive requests from a poller. SNMP can also be used to apply configuration changes to devices and, if needed, to send notifications, called traps, to an SNMP trap receiver when an event that requires administrative attention happens on the device itself. An SNMP trap could be generated if, for example, the network interface of a router goes down or if a BGP neighbor becomes unreachable. By default, SNMP traps are sent via UDP to port 162.

Nmap (1997)

Nmap stands for network mapper – it’s mainly used for network security scans.

The nmap ping sweep scans a subnet for any available hosts; it’s one of the most basic commands you can run. Here is what it found in my local subnet:

It took nmap 5.35 seconds to get information on IPs, MACs, OUI lookups, and latencies for each host.
If I scan a specific host I get the following details which include open port information:

And if I want more details on the operating system I can use the “-O” option as follows:

The operating system scan took more than double the time of the previous scan. Keep this in mind that when you try to do operating-system scans fors subnets with many hosts, since it might take awhile to get the results back.

A common use case for nmap is to scan a network before and after a change to make sure that all hosts are connected back to the network after the change. Here is a one-line bash loop that runs the ping sweep command every 5 seconds.

You run this command until you verify all hosts are back, and terminate it by hitting Ctlr+C on your console.
For each one of these utilities you can get detailed information about their capabilities and options by reading their manual. On the console you can just type “man nmap” or “nmap -help”.

The manual can be difficult to read and might be complicated for novice users, in which case, you can find tons of tutorials and guides online. For example, here is an excellent nmap tutorial with many more details: https://hackertarget.com/nmap-tutorial/

The operating system scan took more than double the time of the previous scan. Keep this in mind that when you try to do operating-system scans fors subnets with many hosts, since it might take awhile to get the results back.

A common use case for nmap is to scan a network before and after a change to make sure that all hosts are connected back to the network after the change. Here is a one-line bash loop that runs the ping sweep command every 5 seconds.

Tcpdump (1998)

As the name suggests, tcpdump dumps network traffic onto your terminal window. The simplest command you can use is “tcpdump -i eth0”, which dumps all packets going in and out of interface eth0. Here is a short snippet of the output:

Sorting through all packets going in and out of an interface can be overwhelming. To be productive with tcpdump you need to use the right filters to display only the important packets and traffic. As an example, I can filter packets by host with tcpdmp -i eth0 host or tcpdmp -i eth0 port 53

A common tcpdump use case is to connect your Linux box to a switch’s span port and capture all traffic. In that case, using the right filters is the key to looking at the packets relevant to your issue.

Here is an excellent tutorial and a filter breakdown for tcp dump.

Netcat (2007)

Netcat allows you to create connections between two hosts with TCP and UDP traffic. To run this example, you can use two different hosts, or open two console windows on the same host.

We can create a server-client communication by having the server listen on port 20000 for connections with the command  netcat -l -p 20000.On the client console we can connect to this server with netcat 20000. Once the connection is established, anything that we type on client window will appear on the server window and vice versa.

Server window:

Client Window:

You can use this server-client communication to test if a firewall successfully blocks traffic by setting up the server behind the firewall and trying to connect to it from the outside world.

Netcat can also be used as a “quick-and-dirty” way to move files between hosts. Let’s assume we want to move log_file.txt. Here are the the commands you need to run:

Start on the receiving host with:

On the sending host:

Keep in mind that the communication is not encrypted in this case.

iPerf (2003)

iPerf is a performance testing tool that sends TCP or UDP traffic between two hosts and measures the bandwidth it can generate. There are two versions of iPerf. iPerf 2 is the most prolific one since it’s older and more widely used. iPerf3 is more recent, and although it’s very similar in functionality with iPerf2, they are incompatible to each other. At NetBeez, we use iPerf 2.

iPerf needs a source and a destination host to send and receive the traffic. The first step is to start the iPerf server on the receiving side which will wait for iPerf traffic to be sent. The default option is to send TCP traffic, in which case it tries to push as much bandwidth as possible between the source and the destination.


On the sending side we start the iPerf client with the command:

After 10 seconds the test is over, and we see that the client and server were able to achieve 94.2 Mbps.

For UDP traffic we have to use the “-u” option as follows on the server side:


On the sending side, we also have to use the “-u” option. In addition, we can determine the amount of UDP traffic by using the “-b” option as follows:

As requested the client was able to send 3 Mbps of UDP traffic to the server. In addition, UDP iPerf gives the jitter (0.025 ms) and packet loss (0/2552 0%) at the end.
A common use case of iPerf is to prove that “It’s not the Network!”, by verifying that the network can pass a certain amount of traffic.

Speedtest 2016

This is the console version of the Ookla speedtest.net that you can run on your browser. Ookla has close to 5000 servers around the world that can be used to measure how much upload and download bandwidth can be achieved. The difference with iPerf is that, with the speedtest, you don’t have control of the server that is used to test your bandwidth performance. For example, the speedtest measurements can be affected by the number of concurrent tests a server is running.

Here is how to run the speedtest on your console:
<pre”>$ speedtest Retrieving speedtest.net configuration… Testing from Comcast Cable (… Retrieving speedtest.net server list… Selecting best server based on ping… Hosted by SoftLayer Technologies, Inc. (San Jose, CA) [4.34 km]: 24.371 ms Testing download speed……………………………….. Download: 57.64 Mbit/s Testing upload speed………………………………….. Upload: 6.22 Mbit/s

As you can see, it informs me that the server it selected is maintained by Softlayer Technologies, Inc in San Jose (my current location) with latency 24.371 ms. The download and upload speeds achieved are 57.64 Mbps and 6.22 Mbps.

NetBeez GUI Console

All of these tie with the NetBeez dashboard through the GUI console. In a nutshell, NetBeez captures the user experience by using wired and wireless hardware sensors deployed in a WAN or WLAN network. Each sensor can run automatic tests such as ping, dns, http, iperf, and speedtest. Since each sensor is a Linux box, NetBeez gives console access to them through the GUI.

Having NetBeez agents deployed allows you to conduct a quick troubleshooting session without having to get remote access to a local machine, go through firewalls, or connect to a NAT’ed host.