Setting up and maintaining networks used to be something that only “super-geeks” did.
Network engineers and administrators at large enterprises usually have a lot of in-depth technical knowledge about how systems work and how they communicate with each other.
But these days, lots of people have small networks at their homes and small businesses.
They usually don’t have the same sort of specialized knowledge, but they still need to be able to set up and troubleshoot the inevitable problems.
Fortunately, developers have created plenty of open source tools to help both groups accomplish what they need to get done.
Open source tools can help you design, test, deploy, manage, monitor, or secure your network, and some can even help you build your own appliances, routers, or other hardware.
And since both enterprises and homes users are feeling the budget pinch these days, free open source networking tools are becoming more popular than ever.
For this list we’ve collected open source replacements for both enterprise-class networking products and consumer products.
We’ve also tried to give you an idea of the wide variety of open source network-related tools available, but of course, we’re bound to miss a few. Feel free to add your suggestions in the comments below.
Anti-Spam
1.) ASSP Replaces Barracuda Spam and Virus Firewall
Stop spam at your SMTP server with ASSP, the “Anti-Spam SMTP Proxy.” It uses whitelists and Bayesian filtering and supports a wide variety of servers, including Exchange, Lotus Notes, and many others.
Note that this is software, not an appliance like Barracuda, and it only stops spam, not malware. Operating System: OS Independent.
Backup
2.) Bacula Replaces Simpana Backup and Recovery , NetVault, HP StorageWorks EBS
Designed for enterprise users, the Bacula network backup solution finds the middle ground between ease of use and advanced features.
It can scale from a single system to a network of hundreds of thousands. Operating System: Windows, Linux, OS X.
3.) Amanda Replaces Simpana Backup and Recovery, NetVault, HP StorageWorks EBS
Used on more than half a million servers and desktops, Amanda is a tremendously popular client-server backup solution.
It can write to tape and disk at the same time, and it supports both 4096-bit keys with public-key cryptography and 256-bit AES encryption. Operating System: Windows, Linux, OS X.
4.) Partimage Replaces Norton Ghost, NovaBackup, McAfee Online Backup
This disk backup tool includes network support. It’s also helpful for network administrators because it offers the ability to install identical software on a whole fleet of computers at once. Operating System: Linux.
Diagramming
5.) Dia Replaces Microsoft Visio
Inspired by Visio, Dia lets you draw diagrams to show relationships. For network admins, it includes special shapes for making network diagrams, UML diagrams and flowcharts. Operating System: Windows, Linux.
6.) GraphViz Replaces aiSee
This graph visualization program takes your text descriptions and turns them into graphical representations.
It doesn’t handle large graphs as well as aiSee, but works very well for most types of network diagrams. Operating System: Windows, Linux, OS X.
File Transfer
7.) WinSCP Replaces CuteFTP, FTP Commander
While it’s pretty basic, this file transfer client does exactly what it’s supposed to—transfer files from one system to another securely.
It supports SFTP, FTP, and SCP protocols and works from the command line or via one of its two GUIs. Operating System: Windows.
8.) FileZilla Replaces CuteFTP, FTP Commander
Like WinSCP, FileFilla includes a file transfer client, but it also adds a Windows-only module that lets you set up your own FTP server. It supports FTP, SFTP and FTPS. Operating System: Windows, Linux, OS X.
Gateway/Unified Threat Management Appliances
9.) Endian Firewall Community Replaces Check Point Security Gateways, McAfee Unified Threat Management (UTM) Firewall , SonicWall, Symantec Web Gateway
You can spend thousands on a Gateway security appliance to protect your network, or you can make your own with Endian Firewall Community and an old PC.
It includes stateful inspection firewall, VPN, gateway anti-virus, anti-spam, web security, email content filtering, and more.
If you prefer a pre-configured appliance or need support, you can also purchase both hardware and software appliances from Endian. Operating System: Linux.
10.) Untangle Lite Replaces Check Point Security Gateways, McAfee Unified Threat Management (UTM) Firewall , SonicWall, Symantec Web Gateway
Like Endian, Untangle gives you the option of building your own gateway security appliance with free software and your own PC or purchasing an appliance from the company.
It includes a Web filter, virus blocker, spam blocker, ad blocker, firewall, QoS, intrusion prevention, protocol control, OpenVPN, and many other features. Operating System: Linux.
11.) ClearOS Replaces Check Point Security Gateways, McAfee Unified Threat Management (UTM) Firewall , SonicWall, Symantec Web Gateway
Aimed at small businesses, ClearOS combines a gateway, server and networking features in a single download.
Key features include multi-WAN, VPN, firewall, anti-malware, anti-spam, intrusion prevention, content filtering, file and print services, mail server, Web server, groupware, and more.
Although additional services and support are available with a subscription, the full “enterprise” version of the software is available for free. Operating System: Linux.
Intrusion Detection
12. Open Source Tripwire Replaces Tripwire
Although the full version of Tripwire now has a proprietary license, you can still download the older (2000) version that was open source.
It’s useful for monitoring networks and sending alerts when changes occur. Operating System: Windows, Linux.
13.) AFICK Replaces Tripwire
Designed as a Tripwire replacement, AFICK (“Another File Integrity Checker”) is useful both for security purposes and software management.
It’s designed to be both quick and portable. Operating System: Windows, Linux.
IT Inventory Management
14.) OCS Inventory NG Replaces LANDesk Inventory Manager, Systemhound
This “next generation” inventory tool helps you discover all the hardware and software in use on your network, which you can then track with a tool like GLPI (see below).
It can also help you easily deploy scripts or software across your network. Operating System: OS Independent.
15.) GLPI Replaces LANDesk Inventory Manager, Systemhound
This app creates a database that tracks all of the technical resources of your organization.
It also includes some management functions that allows admins and help desk to staff track open jobs, respond to alerts, etc. Operating System: OS Independent.
Log File Monitoring and Analysis
16.) AWStats Replaces Sawmill, TriGeo
AWStats generates graphs from your log files so that you can analyze statistics from your Web, streaming, ftp, or mail server at a glace.
It processes large files very quickly and supports most popular server tools. Operating System: Windows, Linux, OS X.
17.) Snare Replaces LogLogic, SenSage Log Management
Intersect Alliance offers a number of different open source log file collection and analysis agents under the Snare brand name. A number of commercial products incorporate the Snare agents, including the Snare Server, which is available on the same site. Operating System: Windows, Linux, OS X, others.
Network Firewalls
18.) Devil-Linux Replaces Barricuda NG Firewall, Check Point Appliances
Originally designed as a firewall only, Devil-Linux can also be used as a server and includes a number of networking features.
Unlike most other firewall apps, it’s designed to run completely from a CD-ROM and Flash drive instead of using your system’s hard drive. Operating System: Linux.
19.) Turtle Firewall Replaces Barricuda NG Firewall, Check Point Appliances
Based on Iptables, Turtle Firewall lets you turn an old PC into a Linux-based network firewall. You can configure it via a helpful Web interface or by editing XML files directly. Operating System: Linux.
20.) Shorewall Replaces Barricuda NG Firewall, Check Point Appliances
Shorewall offers “iptables made easy.” The QuickStart Guide offers complete directions on using it to configure a gateway/firewall to protect a single IP address or multiple IP addresses. Operating System: Linux.
21.) Sentry Firewall Replaces Barricuda NG Firewall
This app can operate as a network firewall, server or IDS node. It boots directly from a CD, making it very easy to set up a firewall quickly. Operating System: Linux.
Network Management
22.) OpenNMS Replaces IBM Tivoli Network Manager, OpManager
OpenNMS bills itself as “the world’s first enterprise grade network management application platform developed under the open source model.”
It offers a vast list of features for automated and directed discovery, event and notification management, service assurance and performance management. Operating System: Windows, Linux, OS X, iOS.
23.) RANCID Replaces Orion NCM, CiscoWorks LAN Management Solution
This tool’s unappetizing name doesn’t make much sense until you realize it’s an acronym for Really Awesome New Cisco confIg Differ.
It helps network admins track changes to the network (and solve any resulting problems) by backing up configurations.
In addition to Cisco products, it also supports Juniper routers, Catalyst switches, Foundry switches, Redback NASs, and ADC EZT3 muxes. Operating System: Linux.
24.) Zenoss Core Replaces IBM Tivoli Network Manager, OpManager
Zenoss combines a configuration management database with availability and performance monitoring, event management and reporting.
It also includes a Web portal and dashboards so that administrators can see what’s happening with their IT systems at a glance. Operating System: Linux, OS X.
Network Monitoring
25.) Nagios Replaces Nimsoft, Orion NPM, OpManager
Nagios calls itself “the industry standard in open source monitoring,” and it aims to help identify and resolve IT infrastructure problems before they affect critical business processes.
It sends alerts when it detects problems with your networks, and its reporting and graphs can help with capacity planning.
Note that it can monitor multiple platforms, including Windows, but it runs on Unix-like systems. Operating system: Linux, Unix.
26.) Opsview Community Replaces IBM Tivoli Network Manager, OpManager
Opsview combines several different open source tools, including the Nagios engine, into a single monitoring tool with an easy-to-use Web interface.
The commercial enterprise edition adds support and some additional features. Operating System: Linux.
27.) Munin Replaces Nimsoft, Orion NPM, OpManager
Munin is designed to help network administrators spot trends and figure out the root cause of performance problems.
And in case you’re wondering, the name comes from Norse mythology and means “memory.” Operating System: Linux, OS X.
28.) Cacti Replaces Nimsoft, Orion NPM, OpManager
This tool offers a user-friendly interface to manage and graph network data stored in a RRDTool database.
If you have a large network, you’ll probably want a separate plug-in to collect data, such as Spine. Operating System: Windows, Linux.
29.) Ganglia Replaces Nimsoft, Orion NPM, OpManager
Specifically designed for high performance computing systems such as clusters and grids, Ganglia uses a highly scalable hierarchical architecture.
It was built for the UC Berkeley Millennium Project, and you can view a demo of that network’s operation from the site. Operating System: Linux, others.
30.) Zabbix Replaces Nimsoft, Orion NPM, OpManager
This enterprise-class distributed monitoring system can track up to 1 million metrics for 100,000 networked devices.
Commercial support and appliances are also available. Operating System: Windows (agent only), Linux, OS X.
31.) Pandora FMS Replaces Nimsoft, Orion NPM, OpManager
The “FMS” stands for “Flexible Monitoring System,” and it’s apt because Pandora can monitor applications, servers, network equipment, or even stock market trends.
It features an attractive GUI and can create graphs based on both real-time and stored historical data. Operating System: Windows, Linux, OS X.
32.) NDT Replaces NetFlow Traffic Analyzer, Nimsoft, Orion NPM, OpManager
NDT is short for “Network Diagnostic Tool,” and it does just that—diagnosing network performance problems.
It’s a client/server app that requires a Linux server; however, the client can run on any system with Java installed.
It’s not as robust as some of the other full monitoring tools on our list, but it does this one thing very well. Operating System: Linux.
33.) Net-SNMP Replaces Nimsoft, Orion NPM, OpManager
As you might guess from the name, this tool uses SNMP v1, SNMP v2c and SNMP v3 protocols to monitor the health of network equipment.
Because it focuses only on SNMP it’s not as complete as the commercial monitoring software or many of the other open source options on our list. Operating System: Windows, Linux.
Network Simulation
34.) GNS3 Replaces OpNet Modeler, iTrinegy Network Emulator
Useful for research, designing networks, or studying for certifications, GNS3 allows users to experiment with Cisco and Juniper configurations.
It also simulates simple Ethernet, ATM and frame relay switches. Operating System: Windows, Linux, OS X.
Packet Analysis
35.) Wireshark Replaces OmniPeek, CommView
With a huge set of awards to its credits and a huge user base, Wireshark has the right to call itself “the world’s foremost network protocol analyzer.”
Its capabilities include deep packet inspection of hundreds of protocols, live capture and offline analysis, very powerful display filters, rich VoIP analysis, and more. Operating System: Windows, Linux, OS X.
36.) tcpdump Replaces OmniPeek, CommView,
Like Wireshark, tcpdump performs packet analysis, but it doesn’t have nearly as many bells and whistles. It’s a command-line tool that works on Linux only. Operating System: Linux.
37.) WinDump Replaces OmniPeek, CommView
As you might guess from the name, this tool offers a Windows version of tcpdump. Operating System: Windows.
Password Crackers
38.) Ophcrack Replaces Access Data Password Recovery Toolkit, Passware
You shouldn’t need it every day, but every network admin needs to have a password cracker in the toolbox for those occasions when you can’t figure out a password any other way.
Ophcrack offers both brute force and rainbow tables crackers with an easy-to-use GUI. Operating System: Windows, Linux, OS X.
39.) John the Ripper Replaces Access Data Password Recovery Toolkit, Passware
If you suspect an unknown password might be particularly weak, you might want to try John the Ripper.
To use it you’ll also need either the freely available wordlist or one of the larger lists that you can purchase from the site. Operating System: Windows, Linux, OS X.
Remote Access/VPN
40.) OpenVPN Replaces CheckPoint VPN-1, Cisco VPN
With more than 3 million downloads, OpenVPN is probably the most popular open source SSL VPN solution.
It works on all major operating systems (including mobile OSes) and offers multi-mode access, access control, dynamic application deployment, host checking, and more. Operating System: Windows, Linux, OS X, mobile devices
41.) TightVNC Replaces GoToMyPC, Numara Remote Manger
TightVNC’s remote control features include file transfers, video mirror drive support, scaling of the remote desktop, support for two passwords, and more. It’s named for its “Tight” encoding, which works extremely efficiently—a big benefit if you’re operating over a slower Internet connection. Operating System: Windows, Linux.
42.) UltraVNC Replaces GoToMyPC, Numara Remote Manger
Like TightVNC, UltraVNC lets users control one PC while using the keyboard, mouse, and display from another screen.
It’s great for help desk teams and allowing employees to work from home. Features include text chat, file transfer, optional encryption, and more. Operating System: Windows.
Router Software
43.) Vyatta Replaces Cisco routers
The highly acclaimed Vyatta networking tools compare very favorably to comparable routers from Cisco.
The company offers extensive resources for enterprise customers, including commercial support, appliances, and subscription-based products, as well as the free core software. Operating System: Linux.
44.) FREESCO Replaces Cisco routers
With FREESCO you can set up an Ethernet bridge or router, a dial-up or leased line router, or a http, dns, ftp, ssh, or print server.
It also includes the standard Linux firewall and NAT to help protect your network. Operating system: Linux.
45.) Tomato Replaces the firmware on Lynksys, Buffalo, and other Broadcom-based routers
Tomato gives you an alternative to the standard firmware on Linksys’ WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54, and other Broadcom-based routers It gives you a bandwidth usage monitor, more advanced QOS and access restrictions, higher limits for P2P, wireless site survey, and other features.
Server Software
46.) WampServer Replaces Microsoft Windows Server
If you want to run Apache, MySQL and PHP on Windows, this download will install all three for you.
It offers a very intuitive interface that makes it easy to set up your Web server how you would like it. Operating System: Windows.
47.) XAMPP Replaces Microsoft Windows Server
Yet another app that aims to make it easier to set up a Web server, XAMMP installs Apache, MySQL, PHP and Perl.
Additional open source tools are also included in the download, but vary depending on which operating system you’re using. Operating System: Windows, Linux, OS X, Solaris.
48.) AppServ Replaces Microsoft Windows Server
It’s developers claim this Apache/PHP/MySQL distribution can be completely installed and configured for use as a Web or database server in less than one minute.
Two quick notes: 1) While AppServ works on Windows, it works better on Linux. 2) The project was developed in Thailand, so some of the English documentation is not quite perfect. Operating System: Windows, Linux.
49.) FreeNAS Replaces Thecus, NetGear ReadyNAS, other NAS products
FreeNAS lets you create your own network attached storage server that supports CIFS (Samba), FTP, NFS, rsync, AFP protocols, iSCSI, S.M.A.R.T., local user authentication, and software RAID.
Because it’s so lightweight (64MB), it can be installed on a Flash drive, as well as a standard hard drive. Operating System: FreeBSD
Vulnerability Testing
50.) BackTrack Replaces Lumension Scan, Sunbelt Network Security Inspector, Saint
The “most widely adopted penetration testing framework in existence,” BackTrack is a complete Linux distribution that incorporates many well-known open source tools that are beneficial for penetration testing, including nmap, OpenVas, Paros Proxy, Burpsuite, W3AF, Metasploit Framework 2 & 3, Social Engineering Toolkit (SET), Ophcrack, XHydra, Netcat and SNORT. It can also boot from a LiveDVD or a thumbdrive. Operating System: Linux.
51.) Metasploit Replaces Lumension Scan, Sunbelt Network Security Inspector, Saint
Metasploit can be used both to determine any weakness in your network or by black or white hats to create new exploits.
For less knowledgeable users, it’s also now available in a commercial “Metasploit Express” penetration testing version with an easy-to-use GUI. Operating System: Windows, Unix.
52.) Nmap Replaces Lumension Scan, Sunbelt Network Security Inspector, Saint Nmap (Network Mapper)
Useful for monitoring which devices are connected to your network and for detecting possible security holes. It can run from the command line or a GUI, and also includes Ncat for debugging and data transfer and Ndiff for spotting the differences between two scans.
It’s also the open source equivalent of a movie star, having been featured in The Matrix Reloaded, Die Hard 4, The Bourne Ultimatum, and several other movies. Operating System: Windows, Linux, OS X.
53.) OpenVAS Replaces Nessus
Several years ago, the Nessus vulnerability scanner moved from an open source license to a proprietary one. OpenVAS is an open source fork that continues development of the original Nessus scanner.
The scanner requires a feed of network vulnerability tests in order to work, but the project also includes an open source daily feed of more than 18,000 of such tests. Operating System: Windows, Linux, OS X.
54.)Sara Replaces Nessus, Lumension Scan, Sunbelt Network Security Inspector, Saint
Although it’s no longer being actively developed, Sara (short for “Security Auditor’s Research Assistant”) is a mature tool that performs a number of different types of vulnerability testing.
It interfaces with many other open source tool and provides “gentle” scanning of networks. Operating System: Windows, Linux, OS X.
Web Filtering
55.) DansGuardian Replaces McAfee Family Protection NetNanny
Dan’s Guardian uses URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering and POST limiting to filter out objectionable content from your network.
The default settings are set up to meet the needs of an elementary school, but they can be easily adjusted to the level that’s appropriate for your organization. Operating System: Linux, OS X.