Wi-Fi: Access Layer of the Future?

Is Wi-Fi the access layer of the future? Of course it is! As network professionals we all know that outside of the traditional enterprise, it’s the access layer of the now. But when will the traditional enterprise take advantage of it?

Read the rest of this post over at the Aruba Airheads Community: Wi-Fi: Access Layer of the Future?

NetScanTools Pro

We all like tools (sometimes read “toys”). Especially nifty ones. One of the tools I’ve used for years is NetScanTools Pro from NorthWest Performance Software. Kirk Thomas is the founder of the company and you can find him on twitter as @NetScanTools. I’ve talked to him many times on Twitter and he is extremely helpful and very open to input from his customers.

NetScanTools Pro

I was first introduced to NetScanTools Pro by Laura Chappell of Chappell University, where she teaches about protocol analysis and Wireshark. It’s something of a network discovery tool and then some. It has a collection of active and passive discovery tools, various DNS tools, and some packet level tools. The value in most of this is that all the tools are in one place and it has automation to grab lots of information very quickly, though there are a few unique tools. The only downside to this tool is that it’s only on Windows.

Discovery Tools

You can find out a lot about a network by digging through it’s DNS entries, scanning hosts, doing whois lookups, etc. That generally takes time. NST can really speed this up with several automated reports. In just a few minutes it can give you a report for a domain that includes whois records, DNS details, MX records, blacklists, traceroute with geolocation, port scans, and more.

NetScanTools Scanning

NetScanTools running a scan. You can see most of the options here.

This can save a lot of time in discovering information about a network. You don’t have to do everything as an automated scan. You can also run the tools individually.

There are also a number of tools that give you information about the computer and local network that NST is running upon. If it has something to do with the network, NST has a tool to tell you about it.

Testing Tools

NST also includes what I would call testing tools. SMTP testing, which is nice because you can set just about any set of options. You can test authentication, specific encryption settings, whether messages relay, and much more. It’s all the power of directly connecting to port 25 with telnet, but with checkboxes. You can perform SNMP walks and scans, including SNMPv3 support. A TCP terminal, which essentially allows you to telnet to any port, but with the added ability to choose the source port, is also included. Also, a TimeSync tool which is useful for checking NTP servers. How about this set of options for the enhanced ping tool:

More ping options than you know what to do with.

More ping options than you know what to do with.

Packet Tools

There are nice little collection of packet tools that let you generate arbitrary packets, send Wake on LAN packets, capture packets, and playback a capture. The capture app isn’t Wireshark, but it’s convenient and you can always save the capture and open it in Wireshark.

The options for the NetScanTools Pro packet generator

The options for the NetScanTools Pro packet generator

SSL Certificate Scanner

I like this one. Give it a list or range of IPs, and it’ll tell you about the SSL certs. This could be useful to scan a network and check for soon to be expired certificates, for example.

Yep, my SSL cert is still valid

Yep, my SSL cert is still valid

Graphical Traceroute

If you like mtr, you should also like the new Graphical Traceroute tool. Since a picture is worth 1000 words and since it is Graphical Traceroute, I think the best way to describe this tool is with a screenshot.

The new Graphical Traceroute tool is nifty.

The new Graphical Traceroute tool is nifty.

Closing Thoughts

I’ve had this toolset for years. It’s not one I use ever day, but it’s nice to have when I need it. It just has so many tools bundled into one place and most of them support IPv6. It has a free 30 day demo, so give it a shot and explore this toolset.


I use this software and have paid for this software, however, I did receive a nice discount on my last maintenance renewal when I planned to write a blog post about the software.


AAA Poll: Local, TACACS+, or RADIUS?

We are currently authenticating with local users, which is suboptimal for a variety of reasons, though it is simple. I’m deploying centralized authentication using RADIUS with Active Directory, and was curious what other people are doing. I was going to ask on Twitter, but then I thought some people might not want to say in public how they secure their network. It also thought it might be nice if everyone was able to see the results, so here is a poll so we can see how others are doing it.



The Network is the Cloud

The old Sun Microsystems used to have a slogan that said “The network is the computer.” I’ve been thinking about the role of the network, at least in an enterprise, and I think the network is the cloud. No, not the cloud like IaaS, but cloud as in a magic box that everything depends on an is taken for granted.


It used to be that the network was something that was used occasionally for a specific business process. You had to get on the network to check inventory, look up a client record, or some other specific thing. The rest was either done on a local computer or on paper. If a network device reloaded, especially in the middle of the night, no one was likely to notice. The networking team could do maintenance during off hours and the users would be blissfully unaware. They probably didn’t even bother to send notice of the work, because no one cared. Of course, they should have, but that’s a different blog post.

Times have changed. Everything runs on the network now. Important devices like HVAC controllers migrated from dedicated POTS lines to the network. IT may not even have known until they receive a support ticket. Every business process ends up using the network in some way. Monolithic computing services turn into multi-machine clusters that blow up in bizarre ways if the members lose connectivity to each other.

Perhaps an iSCSI SAN pops up. It probably started on dedicated network gear, but after a while gets tied into the main network because running the separate network gets to be a hassle or buying “extra” 10Gb switches isn’t in the budget. It’s so easy to just make it another VLAN and let it converge.

Suddenly, after years of running in a silo, you realize you can’t do things the old way anymore. The network is now a critical service to the entire enterprise. You have to seek network equipment that can be updated without dropping packets. Designs get far more complex as HA becomes critical. Server, network, and application teams have to work together more closely because they need at least a high level understanding of each other’s designs so they can predict the impacts of changes.

Now you need some form of change management. It might not be some formalized processes, but teams at least send emails to each other to make sure there aren’t unexpected problems. There are unexpected problems, anyway. Usually complex interactions that don’t manifest themselves until business hours kick in, it seems.

Every system has become complex. Every system seems to affect every other system in some way. And all of it is running on your network. Your network is the cloud, you just didn’t know it.