Network connection monitoring program. Controlling computers on the local network

Most important tasks for system administrators are monitoring the performance of communication nodes, servers and services necessary for reliable operation of the entire enterprise, as well as maintaining the computer park entrusted to them in proper condition. Nowadays, high-quality computer monitoring in local network Enterprises provide feature-rich programs, many of which are open access.

An effective monitoring application allows IT specialists to monitor the status of network hosts, also in a visual form - on graphical diagrams and diagrams. The program periodically scans the network, studying its topology, and independently creates a diagram of device connections.

Monitoring hosts and network services

In addition to visual monitoring of the condition network devices, software makes it possible to organize checking of hosts and services (including local resources or Internet servers) using a variety of network protocols and configuration and use convenient way alerting system administrators about positive or negative test results. The methods can be different: the appearance of a message on the computer screen of an IT specialist, a special sound, sending an email or SMS to the phone. In some cases, an application for monitoring computers on an enterprise's local network can restart some remote service or execute a script pre-written for it (then some failures will be resolved automatically).

If the program implements such a function, then all devices connected to the network will be clearly displayed on its diagram. Just by looking at their icons, a specialist will understand which of them are working normally and which are not functioning correctly. This feature makes it easier to diagnose group failures. The obtained test results are entered into a single database; As statistical information accumulates, it will be possible to build graphs to study changes in device response and track other parameters being tested.

Modern programs for monitoring computers on a local network make it possible to create a kind of control panel for the enterprise’s network infrastructure, with the help of which the employee responsible for the network can monitor it important elements and check equipment parameters and effectively manage remote hosts. Using the hosts context menu, you can view various data about remote hosts on the network: check SNMP information from switches, access the registries of remote computers, view running processes and event logs, restart services, and perform other actions.

Some programs not only monitor computer resources, but also help keep track of devices and software applications on network PCs. Thanks to them, the system administrator has the opportunity to obtain almost any information about the hardware and software on computers on the corporate network. Data collection takes place remotely, this allows not to interfere with the work of enterprise employees and saves the working time of system administrators.

PC monitoring programs on a local network allow you to keep accurate records of hardware. IT specialists will be able to quickly find out about the loss or malfunction of any component or about its replacement. When changes are detected, they are logged and the network administrator is notified. If you need to monitor certain parameters on user workstations at a specific frequency and receive alerts when they change, it may be possible to set up data collection on a schedule. In this case, computer resources will be monitored automatically.

Many programs not only generate reports on computer components, but also monitor their performance - the functioning is monitored hard drives and their temperature. When a drive overheats or an application predicts that it may fail, the system administrator will see a report containing criticism of the PC's performance with a warning.

Accounting for software and licenses

If necessary, software monitoring software in local enterprise networks allows you to track changes in installed programs. In cases where user rights are not strictly limited, one of the company's employees may install an unwanted or unlicensed application on their computer. When monitoring, when software is installed or uninstalled, any change is recorded and logged. This means that the system administrator will always know which programs were installed and where they were installed or removed from.

Often when monitoring computer resources, serial numbers and program licenses are tracked, the number of software installations is counted, correct use serial numbers. All these measures really help to avoid problems when checking corporate software for licensing purity. In order to increase the level of security and fault tolerance of computers, a number of special monitoring programs have the functions of viewing completed software and system updates and generating a report on the operation of anti-virus software and the relevance of its databases.

Data collected by the program from network computers and displayed on the screen of the system administrator's PC can be included in a report. They can then be printed or exported to a specific database. In addition to automatically collected information, many applications for monitoring computer resources allow you to manually enter serial numbers equipment, office numbers of their users and their contact details.

If the program has a function for generating summary tables, this will allow the IT specialist to find out which device is outdated and it’s time to replace it. The presence of special filters will allow you to set necessary conditions inclusion of a PC in the table. For example, make a list of workstations with a specific brand of processors or certain software applications, memory capacity, with a small amount of free space on disk and other parameters.

Program selection

When deciding on the choice of specific software, you should take into account not only its functionality, but also the complexity of the setup procedure. Often the installation of free systems is accompanied by enormous difficulties, as a result of which the setup can last for months and even never end. Therefore, when choosing, you need to carefully weigh all the pros and cons of a particular solution: often not too expensive and not very well-known developments can bring more benefits due to the ease of setup, and therefore saving the system administrator’s working time, which, especially in a large enterprise, requires. there will always be something to spend.

You most likely know that it has a built-in firewall. You may also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But did you know that the Windows firewall can be used to log all connections passing through it?

Windows Firewall logs can be useful in solving specific problems:

  • The program you are using cannot connect to the Internet, although this problem does not occur with other applications. In this case, to troubleshoot the problem, you should check whether the system firewall is blocking the connection requests of this program.
  • You suspect that your computer is being used to transmit data by malware and want to monitor outgoing traffic for suspicious connection requests.
  • You have created new rules for allowing and blocking access and want to ensure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging task, as it requires a lot of manipulation with the settings. We will give a clear algorithm of actions on how to activate the registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of Windows Firewall. Open the Control Panel (right-click on the Start menu, select “Control Panel”), then click the “Windows Firewall” link if the view mode is small/large icons, or select the “System and Security” section, and then “Windows Firewall” ”, if the viewing mode is category.

In the firewall window, select the option in the left navigation menu “ Additional options”.

You will see the following settings screen:

This is the internal technical side of the Windows Firewall. This interface allows you to allow or block program access to the Internet, configure incoming and outgoing traffic. In addition, this is where you can activate the event logging feature - although it is not immediately clear where this can be done.

Accessing log settings

First, select the “Windows Firewall with Advanced Security (Local Computer)” option.

Right-click on it and select the “Properties” option.

A window will open which may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but relates to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a button to configure logging. Each log will correspond to a different profile, but which profile are you using?

Let's look at what each profile means:

  • A domain profile is used to connect to wireless network Wi-Fi when the domain is set by the domain controller. If you are not sure what this means, please do not use this profile.
  • The private profile is used to connect to private networks, including home or personal networks - this is the profile you are most likely to use.
  • The public profile is used to connect to public networks, including restaurants, airports, libraries and other institutions.

If you are using a computer on a home network, go to the “Private Profile” tab. If you are using a public network, go to the “Public Profile” tab. Click the “Configure” button in the “Logging” section on the correct tab.

Activating the event log

In the window that opens, you can configure the location and maximum size magazine. You can set an easy-to-remember location for the log, but the actual location of the log file doesn't really matter. If you want to start event logging, set both the “Log missed packets” and “Log successful connections” drop-down menus to “Yes” and click the “OK” button. Permanent job This feature may cause performance problems, so only enable it when you really need to monitor connections. To disable the logging feature, set the value to “No (default)” in both drop-down menus.

Studying logs

Now the computer will record network activity controlled by the firewall. To view the logs, go to the “Advanced Settings” window, select the “Monitoring” option in the left list, and then in the “Logging Options” section click the “File Name” link.

The network activity log will then open. The contents of the log may be confusing to an inexperienced user. Let's look at the main contents of the log entries:

  1. Date and time of connection.
  2. What happened to the connection? The status “ALLOW” means that the firewall allowed the connection, and the status “DROP” indicates that the connection was blocked by the firewall. If you encounter problems connecting to the network of a particular program, you can definitely determine that the cause of the problem is related to the firewall policy.
  3. Connection type - TCP or UDP.
  4. In order: IP address of the connection source (computer), destination IP address (for example, a web page), and the network port used on the computer. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they could be made by malware.
  5. Whether the data packet was successfully sent or received.

The information in the log will help determine the cause of connection problems. The logs can record other activity, such as the target port or TCP acknowledgment number. If you need more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced network diagnostics

By using Windows Firewall logging, you can analyze the types of data being processed on your computer. In addition, you can determine the causes of network problems related to the firewall or other objects disrupting connections. The activity log allows you to familiarize yourself with the work of the firewall and get a clear picture of what is happening on the network.

Found a typo? Highlight and press Ctrl + Enter

Network monitoring programs- This irreplaceable helpers every system administrator. They allow you to quickly respond to anomalous activity within the local network, be aware of all network processes and, thus, automate part of the administrator’s routine activities: primarily those related to ensuring network security. Let's see which local network monitoring programs are the most relevant in 2019.

This top opens with our own development TNM 2 - an extremely affordable and effective software solution for network monitoring of the activities of server machines, which displays the ideal balance between convenience (most free solutions do not have a GUI) and extensive functionality. One of the main programmable components of Total Network Monitor 2 are monitors, which perform checks at the frequency you require. The list of available checks is impressive. They allow you to track almost any parameter, from the availability of servers on the network to checking the status of services.

It is noteworthy that these objects are capable of independently eliminating the primary consequences of problems (that is, all this happens without the direct participation of the system administrator) - for example, rebooting individual services or user devices, activating an antivirus, supplementing the event log with new entries, etc. - in general, everything that the system administrator initially performed manually.

As for reporting, it stores all the information associated with each test that was carried out by the selected monitor. The cost for 1 copy of this application is only 5,000 rubles.

Observium

The Observium application, which is based on the SNMP protocol, allows you not only to examine the status of a network of any scale in real time, but also to analyze its performance level. This solution integrates with equipment from Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and other vendors. Featuring a perfectly designed graphical interface, the software gives system administrators a ton of configuration options, from ranges for auto-discovery to SNMP data needed to collect network information.

They also get access to information about technical specifications all equipment that is currently connected to the network. Observium can present all reports that are generated by analyzing the event log in the form of charts and graphs, clearly demonstrating the “weaknesses” of the network. You can use either a demo version (which, in our experience, is lacking in features) or a paid license, which costs £200 per year.

Nagios

Nagios is an advanced monitoring solution that is managed via a web interface. It is by no means easy to learn, but thanks to its fairly large online community and well-researched documentation, it can be mastered in a few weeks.

Using Nagios system administrators get the opportunity to remotely regulate the amount of load on user or higher-level equipment in the network hierarchy (switches, routers, servers), monitor the level of load on memory reserves in databases, monitor physical indicators parts of network equipment (for example, the temperature of the motherboard, combustion of which is one of the most frequent breakdowns in this area), etc.

When it comes to detecting network anomalies, Nagios automatically sends alarm notifications to an address preset by the system administrator - be it the address email or mobile operator phone number. A free demo version will be available to you for 60 days.

PRTG Network Monitor

PRTG software component, compatible with devices based on Windows OS, is designed for network monitoring. It is not free (only a 30-day trial period is free), it is used not only for scanning devices that at the moment connected to a local network, but can also serve as an excellent assistant in detecting network attacks.

Among the most useful PRTG network services: packet inspection, analysis and saving of statistical data to the database, viewing a network map in real time (the ability to obtain historical information about network behavior is also available), collecting technical parameters about devices connected to the network, as well as analysis load level on network equipment. Note that it is very easy to use - first of all, thanks to an intuitive graphical interface that can be opened using any browser. If necessary, the system administrator can also gain remote access to the application via a web server.

Kismet

Kismet is a useful open-source application for system administrators that allows you to comprehensively analyze network traffic, detect anomalies in it, prevent failures and can be used with systems based on *NIX/Windows/Cygwin/macOS. Kismet is often used specifically for analyzing wireless local networks based on the 802.11 b standard (including even networks with a hidden SSID).

With its help, you can easily find incorrectly configured and even illegally operating access points (which attackers use to intercept traffic) and other hidden devices that could be potentially “harmful” to your network. For these purposes, the application has a very well-developed ability to detect various types of network attacks - both at the network level and at the level of communication channels. As soon as one or more attacks are detected, the system administrator will receive alarm signal and will be able to take measures to eliminate the threat.

WireShark

The free open-source traffic analyzer WireShark provides its users with incredibly advanced functionality and is rightfully recognized as an exemplary solution in the field of network diagnostics. It integrates perfectly with *NIX/Windows/macOS based systems.

Instead of confusing web interfaces and CLIs that require you to enter queries in a special programming language, this solution uses a GUI (although if you need to upgrade WireShark's standard set of features, you can easily program them in Lua).

By deploying and configuring it once on your server, you will receive a centralized element for monitoring the smallest changes in network operation and network protocols. This way, you can detect and identify problems occurring on your network early on.

NeDi

NeDi is completely free software that scans the network by MAC addresses (also among the valid search criteria are IP addresses and DNS) and compiles its own database from them. To operate, this software product uses a web interface.

Thus, you can monitor online all physical devices and their locations within your local network (in fact, you will be able to retrieve data about any network node - from its firmware to its configuration).

Some professionals use NeDi to find devices that are being used illegally (eg stolen). This software uses the CDP/LLDP protocols to connect to switches or routers. This is a very useful, although not easy to learn, solution.

Zabbix

Zabbix monitoring system is universal solution for open source network monitoring that can be configured for individual network models. Basically, it is intended for systems that have a multi-server architecture (in particular, Zabbix integrates with Linux/FreeBSD/Windows servers).

This application allows you to simultaneously manage hundreds of network nodes, which makes it an extremely effective tool in organizing the work of system administrators working in large-scale enterprises. To deploy Zabbix on your local network, you will need to either run software agents (daemons) or use the SNMP protocol (or another protocol for secure remote access); and to manage it you will have to master the web interface in PHP.

In addition, this software provides a complete set of tools for monitoring the status of network hardware. Note that in order to fully experience all the benefits of this solution, your system administrator will need to have at least basic knowledge of Perl or Python (or any other languages ​​that can be used together with Zabbix).

10-Strike: Network Monitoring

“Network Monitoring” is a Russian-language web-based software solution that fully automates all aspects of network security. With its help, system administrators can prevent the spread of virus software over a local network, as well as determine the cause of various technical malfunctions associated with broken cables or failure of individual units of the network infrastructure.

In addition, this software online monitors temperature, voltage, disk space and other parameters via SNMP and WMI. Among its disadvantages are a fairly heavy load on the CPU (which the developer himself honestly warns about) and a high price.

Network Olympus

And our list is completed by another program of ours. Unlike TNM, Network Olympus runs as a service and has a web interface, which gives much more flexibility and ease of use. Main feature– a script designer that allows you to move away from performing primitive checks that do not allow you to take into account certain circumstances of the operation of devices. With its help, you can organize monitoring schemes of any complexity in order to accurately identify problems and malfunctions, as well as automate the process of eliminating them.

The scenario is based on a sensor from which you can build logical chains that, depending on the success of the check, will generate various alerts and actions aimed at solving your problems. Each element of the chain can be edited at any time and will be immediately applied to all devices to which the script is assigned. All network activity will be monitored using an activity log and special reports.

If you have a small network, then you will not need to buy a license - the program will work in free mode.

How to choose a network monitoring program: summary

Unambiguously choose the winner and name the best program monitoring a local network is difficult. But we are of the opinion that our Network Olympus product has many advantages and a very low barrier to entry, because it does not require special training in order to start working with it. In addition, it does not have the disadvantages of open-source solutions, such as lack of updates and poor compatibility (both with OS and TX devices). Thus, thanks to such a solution, you will be able to monitor all events occurring within your local network and respond to them in a timely manner.

This article will, to some extent, be devoted to security. I recently had an idea, how to check which applications are using the Internet connection, where traffic can flow, through which addresses the connection goes, and much more. There are users who also ask this question.

Let's say you have an access point to which only you are connected, but you notice that the connection speed is somehow low, call your provider, they note that everything is fine or something like that. What if someone is connected to your network? You can try using the methods in this article to find out which programs that require an Internet connection he uses. In general, you can use these methods as you please.

Well, let's analyze?

netstat command for analyzing network activity

This method is without using any programs, we just need the command line. Windows has a special netstat utility that analyzes networks, let's use it.

It is advisable to run the command line as an administrator. In Windows 10, you can right-click the Start menu and select the appropriate item.

At the command line, enter the netstat command and see a lot of interesting information:


We see connections, including their ports, addresses, active and pending connections. This is certainly cool, but it’s not enough for us. We would like to find out which program is using the network, for this we can use the –b parameter together with the netstat command, then the command will look like this:

netstat –b

Now the utility that uses the Internet will be visible in square brackets.


This is not the only parameter in this command to display full list enter the command netstat –h .


But, as practice shows, many command line utilities do not provide the information that we would like to see, and it is not that convenient. As an alternative, we will use third party software - TCPView.

Monitoring Network Activity with TCPView

You can download the program from here. You don’t even need to install it, you just unpack it and run the utility. It is also free, but does not support the Russian language, but this is not really needed, from this article you will understand how to use it.

So, the TCPView utility monitors networks and shows in the form of a list all programs, ports, addresses and connections connected to the network.


In principle, everything is very clear here, but I will explain some points of the program:

  • Column Process, of course, shows the name of the program or process.
  • Column PID indicates the ID of a process connected to the network.
  • Column Protocol indicates the process log.
  • Column Local address– local address of the process of this computer.
  • Column Local port– local port.
  • Column Remote address indicates the address to which the program is connected.
  • Column State– indicates the connection status.
  • Where indicated Sent Packets And RCVD Packets indicates the number of packets sent and received, same with the columns Bytes.

You can also use the program to right-click on a process and terminate it, or see where it is located.

Address names as shown in the image below can be converted to a local address by pressing hotkeys Ctrl+R.



Other parameters will also change – protocols and domains.

If you see lines of different colors, for example, green, then this means a new connection is starting, if red appears, then the connection is completed.

That's all the basic settings of the program, there are also small parameters, such as setting the font and saving the connection list.

If you liked this program, then be sure to use it. Experienced users will definitely find what purposes to use it for.

Total Network Monitor 2 is a program for constant monitoring and administration of a local network, individual computers, Internet resources, network and system services. TNM will notify you in advance of problems using a variety of means and generate a detailed report of what happened and when.

Network monitoring

you create monitors- objects that periodically check one or another aspect of the operation of a service, server or file system. The monitors are flexibly configured and display the network status in real time.

If any indicators deviate from the norm, the monitor executes the script described in advance actions: for example, a sound signal, notification via e-mail or IM with detailed description incidents, rebooting a remote computer, launching an application, etc.

Turning to network monitoring log, you can always see the history of readings from all monitors and a list of completed actions.

Download for free and start using right now and without functionality limitations!

Health and problem checks

Checks- communication of Total Network Monitor 2 with the outside world. They provide monitors with data for analysis. In our network monitoring utility you will find many checks for all occasions. Querying network protocols to monitor servers, checking services, the event log and Windows registry keys, searching for a string in a file on a remote computer, and much more - TNM does all this with ease.

Checklist

Internet: ICMP TCP HTTP FTP SMTP POP3 IMAP Telnet

Windows: Event Log Service Status Registry Status System Performance

File: File existence File size File comparison Number of files CRC32 file File content Disk space

Alerts and event history

Actions are triggered as soon as something goes wrong. They notify you so that you can fix everything in time. They can provide first aid in administering a local network: reboot a service or remote computer, launch an application, execute a script. Or they can simply add an entry to a separate journal.

List of actions

Warnings: Message box Notification Sound signal Write to file

Alerts: Email Jabber Event Log

Measures: Run the application Execute the script Restart the service Restart the computer

All actions performed and all changes in observed parameters are continuously recorded in the log, forming a clear picture of the state of the network.

Recording checks in the monitor log

Total Network Monitor 2 monitors all running monitors and records necessary information about the work of checks. Any change in the monitor state is recorded in Monitor log:

Statistics and activity chart

Statistics include startup and last check times of the selected monitor, total quantity and the number of green, red and black monitor states. A separate tool can be called activity diagram, which graphically displays the results of checking the selected monitor.

Monitoring actions in the log

TNM records every completed and uncompleted action in Action log, showing the timecode as well as the name and IP address of the target equipment:

Convenient map of network devices

Build a visual plan for your monitoring project with network maps: Place icons of computers, devices, and servers on an enterprise diagram or world map, and depict the network structure using connections.

Color indication next to each device on the network map allows you to quickly determine their status.