Every sysadmin sometimes has to service the computers of acquaintances or make home trips. A proven set of utilities helps him in this matter. Our review will tell only about free, do not require installation and have become the de facto standard.

Autoruns

This program has become the hallmark of Mark Russinovich and Winternals Software (better known by the name of the site - Sysinternals.com), which has long been absorbed by Microsoft. It is now still being developed by the author, but is legally owned by Microsoft's technical department. The current version 13.3 was written in April 2015. With v.13.0 the program has become not only more convenient, it has received a number of new functions, in particular, advanced filtering tools, integration with other system utilities and online services.

Autoruns displays the most complete and most detailed list of autorun components regardless of their type. The utility shows how to load all drivers, programs (including system ones) and their modules by registry keys. It even generates a list of all Windows Explorer extensions, toolbars, autostarting services, and many other objects that other similar programs usually elude.

Color-coding helps you quickly identify standard components that are digitally signed by Microsoft, suspicious files and erroneous strings that refer to non-existent files from a list of hundreds of entries. To disable the ability to autorun any component, just uncheck the box opposite it on the left.

Ghosts of startup objects in Autoruns are highlighted in yellow

Some of the components are automatically loaded only when you log on to the system under a specific account. In Autoruns, you can select the records that correspond to each account and view them separately.

The command line mode also deserves attention. It is extremely convenient for exporting a list of startup items to a text file, creating advanced reports, and selective anti-virus scanning of all suspicious objects. Full help can be found on the website, here I will give an example of a typical command:

Autorunsc -a blt -vrs -vt\u003e C: \\ Autor.log
Here `autorunsc` is a program module launched in command line mode. The `-a` switch indicates that objects to check are listed after it. There are three of them in the example: b - boot execute (that is, everything that is loaded after the system starts and before the user logs in); l - logon, the startup components of a specific user, and t - scheduled tasks. If instead of enumeration blt you specify an asterisk (*), then all autorun objects will be checked.

The `-vrs` and` -vt` switches specify the mode of operation with the online service VirusTotal. The first set sends only those files that are not digitally signed by Microsoft and have not been previously verified. If at least one antivirus out of fifty considers the file to be malicious, a detailed report will open in a separate browser tab. The second set of keys is needed so that each time the tab with the user agreement for using the VirusTotal service does not open and you do not have to confirm your agreement with it.

The Autorunsc report usually comes in tens or hundreds of kilobytes. It is inconvenient to read it on the screen, so in the example the output is redirected to a log file. It is a plain text format encoded in UCS-2 Little Endian. Here is an example of a recording from it with one false positive:

HKLM \\ SOFTWARE \\ Wow6432Node \\ Microsoft \\ Windows \\ CurrentVersion \\ Run Adobe ARM "C: \\ Program Files (x86) \\ Common Files \\ Adobe \\ ARM \\ 1.0 \\ AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.801.10.4720 c : \\ program files (x86) \\ common files \\ adobe \\ arm \\ 1.0 \\ adobearm.exe 20.11.2014 21:03 VT detection: 1/56 VT permalink: (link to VirusTotal report).


Two unsigned drivers turned out to be clean, and one signed one has a VT reaction

Process Explorer

The GUI version of Autoruns can work in conjunction with another utility by the same author - Process Explorer (PE). If you first start PE, and then Autoruns, then in the menu of the latter additional items appear about viewing the properties of each active process from the autorun menu.

In the PE settings, you can specify the desired way to display all active processes: a simple list sorted by name or CPU utilization, or a tree-like list with dependencies. An option is also set there that allows you to check unknown files (determined by hash) in VirusTotal. If you enable it, then after a while the check result will appear on the right. All objects that at least one antivirus swears at will be highlighted in red.

When you press the window is divided horizontally, and the bottom part displays full information about the selected process and its actions in the system. Pressing will bring up an additional window with indicators of CPU, GPU, RAM, I / O intensity, storage and network usage. For each component, the total load and the most resource-intensive process are displayed. For the GPU, even the percentage of occupied video memory and the load on each chip, if there are several, are shown. This is especially true now, since many (malicious) programs actively use video cards for non-graphical computing. This behavior is especially typical for Trojan cryptocurrency miners.

The test trojan does not look suspicious yet, and four antiviruses are already swearing on µTorrent

By right clicking on any process from the PE list, a context menu appears. It duplicates all the functions of the built-in task manager and adds several new ones. In particular, you can send a file corresponding to a suspicious process to VirusTotal for analysis with one click, search for its description on the Internet, make a dump or suspend its execution. A paused process stops responding to any commands (including internal ones) and becomes easier to analyze. After you have dealt with it, you can send the "resume" command through Process Explorer. Of course, unless absolutely necessary, you should not do this with system processes and utilities that perform low-level operations. It is better not to interrupt flashing BIOS / UEFI, changing disk layout, aligning partitions and other similar operations.

Usually, the title of each window contains the name of the application that spawned it, but it happens that they remain unnamed. This is especially true for Trojans that mimic the operation of known programs or small dialog boxes with error codes. Process Explorer has a handy Find Process by Window feature. It is enough to click this button on the top panel and, while holding the left mouse button, move the cursor to the area of \u200b\u200bthe strange window. The corresponding process is automatically highlighted in the PE table.

Test Trojan suspended via Process Explorer

To take advantage of all the features of Process Explorer, you will need to run it with administrator rights and (in some cases) install Debugging Tools for Windows. They can be downloaded separately or downloaded as part of the Windows Driver Kit. The latest version of Process Explorer can be downloaded from the Microsoft website.

Unlocker

Without a doubt, Mark Russinovich is a real guru among the authors of system utilities for Windows, but his programs were created as universal tools. Sometimes it is worth using more highly specialized tools. Such as the creation of the French programmer Cedrick Collomb (Cedrick Collomb). His tiny utility Unlocker can do only one thing: unlock a file system object occupied by any process in order to regain control over it. Although the last version was released in 2013, the program still performs its functions better than all analogues. For example, it allows you to unload dynamic libraries from memory, delete the index.dat file, work with file names that are not allowed in Windows, and perform most actions without rebooting.

Some process is blocking Safari removal

Unloker defines handles of running processes that are currently blocking work with the desired file or directory. This blocking is required to exclude mutual interference between applications in a multitasking environment. During normal operation of the OS and programs, it excludes the accidental deletion of the files used, but sometimes errors occur. As a result of one of them, the application may freeze or remain in memory after closing the window. Then the file system object can remain locked even after it is no longer needed.

Today, the list of active processes for an ordinary user starts from fifty, so you can look for zombies among them for a long time. Unlocker helps you immediately determine which process is blocking the modification or deletion of the selected file or directory. Even if he cannot figure it out due to the limitations of the Win32 API, he will offer to force the desired action: rename, move or delete the object.

Unlocker did not find the reason for blocking, but can delete the rebellious file

Sometimes several programs can access the same directory at once, so several descriptors are defined among the processes blocking it. Unlocker has the ability to unlock all with one button.

Starting from version 1.9.0 64-bit versions of Windows are supported. The utility can be integrated into the explorer context menu or run in graphical mode as a portable application. You can also install the Unlocker Assistant. It will hang in the tray and automatically call Unlocker whenever the user tries to manipulate a locked file. Running with the `-h` switch will display help about the command line mode. The utility is available in forty languages, although there is nothing special to translate in it - everything is already intuitive.

AVZ

Looking at the list of features of the AVZ utility, I would like to call it analytical, not antivirus. Oleg Zaitsev's tiny program has many irreplaceable functions that facilitate the daily tasks of the administrator and the life of an advanced user. It will help you perform a system investigation, restore lost settings of built-in OS components to their default settings, detect any changes since the last audit, find potential security problems, remove Trojans from SPI Winsock and restore Internet connection, identify strange program behavior and detect rootkits of the level kernels.

AVZ contains many system analysis tools

It is better to remove known malware using other antivirus scanners. AVZ will come in handy for fighting an unknown evil, finding holes through which it can seep, and eliminating the consequences of infection. In most cases, AVZ allows you to do without reinstalling the OS, even after a severe virus attack.

You can use AVZ as a portable application, but the full set of utility functions will be revealed only if you install AVZPM - your own kernel-mode driver. It monitors all modules, drivers and active applications, making it easy to identify lurking processes and any technologies for spoofing their identifiers.

AVZGuard is another kernel mode driver that can be activated from the AVZ menu. It delimits the access of active processes by suppressing anti-virus activity on the infected computer. This approach allows you to run any application (including another antivirus) from the AVZ window in protected mode.

One of the tricky anti-malware technologies remains the method of blocking its files and recreating the elements that are deleted by the antivirus the next time the OS is loaded. It is partially bypassed manually with the help of Unlocker, but AVZ has its own technology - Boot Cleaner. This is another kernel-mode driver that extends the Windows built-in Delayed Uninstall on Restart feature. It loads earlier, logs the work done, and can delete registry entries as well as files.

The AVZ antivirus scanner itself also has a lot of know-how. It is able to scan alternative NTFS streams and speed up the scan by excluding files recognized as safe from the Microsoft catalog or its own database. All threats can be searched for by specific types - for example, immediately exclude the HackTool category. There are separate modules for searching for keyboard interceptors, ports opened by Trojan horses and for behavioral analysis. AVZ allows you to copy suspicious and deleted files into separate folders for further detailed study.

Creation of a detailed research protocol at AVZ

The requirement to send reports to AVZ and its System Research module has become a standard practice in many virology forums, where people turn for help in solving non-trivial problems.

Of course, the first-aid kit of an experienced administrator may contain more than a dozen programs, but these four utilities are enough to solve most of the tasks. You can easily find the rest in the collections using the links indicated in the article.

WARNING!

Using system utilities requires understanding the logic of their operation and the structure of the OS itself. Please read the Help before modifying the registry and interfering with active processes.

Subscribe to "Hacker"

A tool case is what separates an experienced professional from a beginner. And in matters related to Linux administration, such a suitcase is perhaps the most important thing.

System administrator programs

In this article, we will not talk about things like Nagios, Puppet, Webmin, or sophisticated Apache log analyzers - you should be aware of all this anyway. Instead, we'll talk about small utilities that can make your life as a sysadmin much easier.

Tmux

Let's start with the basics. As we all know, the main Linux administration tool is an SSH client, either from the OpenSSH suite or standalone like PuTTY or even an Android app. An SSH client allows you to open a remote command line session and safely work with a machine that is thousands of miles away. The only problem is that this is one session and it does not remember the state.

Tmux solves the problem. It is a terminal multiplexer that allows you to open multiple terminals within one SSH session with the ability to close the connection while saving the state.

It works like this. You connect to the remote machine using SSH, then install tmux on it and run it. The tmux console appears on the screen with a status bar at the bottom and one terminal currently running. You can work with it in the same way as usual, plus you have the ability to open new terminals with Ctrl + bc and switch between them with Ctrl + b 0..9 or Ctrl + bp (previous), Ctrl + bn (next ).

When finished, press Ctrl + b d to disconnect from tmux and disconnect from the server. The next time you connect, you run the command

and you can see all previously opened terminals, applications running in them, command history, and so on. Everything is exactly the same as during disconnection from tmux. Moreover, it does not matter at all from which machine you logged in the second time, the tmux session will be completely restored.

Tmuxinator

Allows not only to open terminal windows in full screen. It can divide the screen vertically (Ctrl + b%) and horizontally (Ctrl + b "). This can be used, among other things, to create something like a "monitoring screen": for example, you can run tmux on a remote machine with three open windows, one of which will have the htop monitor, and the other - the tail utility, which displays the latest messages from the desired log, and in one more - the df utility, which shows the fullness of file systems.

At first glance, such a monitor seems very convenient, but what if you need to close it and start tmux with normal full-screen windows, and then reopen the monitor? This can be accomplished with several different tmux sessions. But this is also not ideal, because on another server you will have to configure the same window configuration again.

Solves the problem easier. It allows you to describe the desired window layout and applications launched in them in a configuration file. This config can then be used to quickly start a tmux session anywhere, anytime.

First, create a new config:

$ tmuxinator new NAME

Tmuxinator will open the default text editor defined in the EDITOR variable. At the end of the config there will be lines describing the layout of the windows. To get the layout from the example above, remove them and add the following lines:

windows:
- editor:
layout: tiled
panes:
- sudo tail -f /var/log/vsftpd.log
- watch df -h
- htop

This config describes a tmux layout with one window divided into three panes: last vsftpd log messages, FS full and htop. It remains only to start the session:

$ tmuxinator start NAME

System administrator tools. Tmuxinator

All configs are stored in the ~ / .tmuxinator directory, so they can be easily moved between machines.

Watch

You may have noticed that in the tmuxinator config I used the watch df -h command instead of df -h. This is important, because immediately after the partition table is displayed on the screen, df ends its work, and we need to monitor the state of the disk constantly. This is exactly what the watch utility allows to do. It restarts the df -h command every two seconds, so the information on the screen is always up to date.

Watch can be used to monitor almost anything: machine status (watch uptime), file contents (watch cat file) and directories (watch ls -l directory), you can run your own scripts under watch. With the -n NUMBER option you can change the interval at which the command is restarted, and with the -d flag make watch highlight changes in the output.

Multitail

Another command from the tmuxinator config worth mentioning is sudo tail -f /var/log/vsftpd.log. This command prints the last ten lines of vsftpd's log and waits for new ones. Any admin should be familiar with tail, as well as its counterpart in systemd-based distributions:

$ journalctl -f -u vsftpd

This is the same basic knowledge as the ability to navigate through directories. But tail has a more interesting alternative called MultiTail. In fact, this is the same tail, but in a multi-window version. It allows you to display several logs at once, dividing the screen horizontally:

$ sudo multitail /var/log/vsftpd.log /var/log/nginx/access.log

With systemd and its journald, everything is more complicated:

$ multitail -l "journalctl -f -u vsftpd" -l "journalctl -f -u nginx"

Even harder:

$ multitail -l "journalctl -f -u vsftpd | tr -cd" [: space:] [: print:] "" -l "journalctl -f -u nginx | \u200b\u200btr -cd" [: space:] [: print :] ""

This perversion is needed to remove from the logs special characters that systemd uses to highlight lines.

System administrator tools. Multitail

MultiSSH

Let's go back to SSH. Sometimes the same command has to be executed on several machines. This can be done using the standard shell capabilities:

for host in 192.168.0.1 192.168.0.2; do
ssh $ host "uname -a"
done

Or use a special tool, for example mssh:

$ gem install mssh
$ mssh --hostlist 127.0.0.1,127.0.0.2 "uname -a

Lsof

Another very important tool for any system administrator is lsof (LiSt Open Files). This utility allows you to find out which process / application opened certain files. Run with no arguments, it lists all open files and processes. Flags can be used to make this list more specific. For example, to find out which processes are using the files in the specified directory:

$ sudo lsof + D / var / log /

This feature can come in very handy when trying to unmount the file system, but you get a Device or Resource Busy error. In this case, it is enough to kill the processes that opened the files in the specified file system, and you can unmount it without any problems. Using the -t flag, this can be done in one pass:

# kill -9 lsof -t + D / home
# umount / home

The output can also be filtered using the name of the desired application or user. For example, the following command will show all files opened by processes whose names begin with ssh:

And this will show all the files opened by the user vasya:

Lsof can also be used to list all network connections:

The listing can be limited to a specific port:

Or get a list of all open ports:

$ lsof -iTCP -sTCP: LISTEN

System administrator tools. Lsof

Tcpdump

Any admin has to deal with network service problems. And sometimes in this case you cannot do without, which will clearly show how the exchange of data proceeds and what may go wrong in this process. It is considered the standard among sniffers for Linux, but the choice does not end there. Almost any Linux distribution includes a tcpdump console sniffer by default, which can help you quickly figure out a situation.

Tcpdump launched without any arguments, without further ado, starts printing to the console a list of all packets sent and received on all interfaces of the machine. Using the -i option, you can select the desired interface:

$ sudo tcpdump -i wlp3s0

To limit the scope of tcpdump to only a specific machine and port, you can use this construction:

$ sudo tcpdump -i wlp3s0 host 192.168.31.1 and port 53

You can also force tcpdump to print not only information about packages, but also their contents:

$ sudo tcpdump -i wlp3s0 -X host 192.168.0.1 and port 80

If encryption is used, it doesn't make any sense, but tcpdump can analyze the data transmitted using the HTTP and SMTP protocols.

Another interesting tcpdump skill is filtering packets based on the content of specific bits or bytes in the protocol headers. For this, the following format is used: proto, where proto is the protocol, expr is the offset in bytes from the beginning of the packet header, and size is an optional field indicating the length of the data in question (1 byte by default). For example, to filter only packets with the SYN flag set (initiating a TCP handshake), use this entry:

$ sudo tcpdump "tcp \u003d\u003d 2"

The tcpdump report format is a standard, almost all modern sniffers understand it. Therefore, tcpdump can be used to generate a dump on a remote machine, and then send it to the local one and analyze it using the same Wireshark:

$ ssh tcpdump -w - "port! 22" | wireshark -k -i -

System administrator tools. Tcpdump

Ngrep

Tcpdump is good for its versatility and variety of possibilities, but it is not so easy and convenient to use it to search for specific data within transmitted packets. This task is much better done by ngrep, which is designed to display network packets that match a given mask.

For example, to find the parameters passed by the GET and POST methods within an HTTP session, you can use the following command:

$ sudo ngrep -l -q -d eth0 "^ GET | ^ POST" tcp and port 80

This is how you can analyze SMTP traffic on all network interfaces:

$ sudo ngrep -i "rcpt to | mail from" tcp port smtp

VnStat

There are a lot of systems for traffic accounting and statistics accumulation. They are often built directly into the remote server management system and allow you to analyze costs using visual graphs. But if you are using the console and all you need is to quickly get statistics on interfaces, then the best tool is vnStat.

VnStat is able to accumulate statistics in a continuous mode, storing data between reboots, and it's easy to use. First, install the package and run the vnstat service:

$ sudo systemctl start vnstat
$ sudo vnstat -u

From this moment it will start collecting statistics. To view it, just run the following command (replace wlp3s0 with the name of the required network interface):

$ vnstat -i wlp3s0

Statistics can be specified, for example, display hourly statistics with a graph:

$ vnstat -h wlp3s0

Statistics by day or month:

$ vnstat -d wlp3s0
$ vnstat -m wlp3s0

Using the -t flag, you can get information about ten days with the highest traffic consumption:

$ vnstat -t wlp3s0

To track the current activity on the network interface, vnStat can be run in live mode:

$ vnstat -l -i wlp3s0

In this case, it will show the data transfer rate at the current moment, and after completion of the work, it will display statistics for the entire time of live monitoring.

System administrator utilities. VnStat

Iptraf-ng

Iptraf-ng is another handy tool for monitoring network interfaces. Like vnStat, it allows you to get detailed statistics on channel usage, but the most useful feature is real-time traffic monitoring.

System administrator utilities. Iptraf-ng

Iptraf clearly shows which hosts are currently exchanging data, the number of transmitted packets and their volume, as well as flags and ICMP messages. To access this information, select the IP traffic monitor menu item on the main screen.

NetHogs

VnStat and iptraf are handy when it comes to getting data for the entire interface as a whole. But what if you need to know which specific applications are currently communicating with remote hosts?

The NetHogs utility will help you with this. This is a kind of analogue of the top / htop utility for network monitoring. You install the utility, and then run it specifying the required network interface:

$ sudo nethogs wlp3s0

A list of applications that most frequently communicate with remote machines appears on the screen.

Iotop

Since we are talking about the analogs of top, we must mention iotop. This utility allows you to see what processes are performing disk write / read operations. It is better to run it with the -only flag, otherwise, apart from those processes that are currently performing I / O, it will also show some of the other processes that can sleep:

$ sudo iotop --only

System administrator utilities. Iotop

Nmon

It's time to put everything together. Nmon combines the capabilities of many of the utilities reviewed and allows you to get real-time statistics on processor, memory, I / O, kernel performance and other data.

System administrator utilities. Nmon

Nmon is a pseudo-graphical console application. It works like this: you start nmon as root, and then add the information you need to the screen. For example, to add information about the processor load to the screen, press c, RAM fullness - m, I / O - d, network - n, processes - t, file systems - j. This way you can create your own monitor configuration that will display only what you need.

One line

In this article, I have tried to bypass the tools that you should already know. But if you still do not know about them, here is a short list of what may come in handy:

• top / htop - process monitor, shows those who load the processor the most;
• scp - utility for copying files from and to a remote machine via SSH;
• Nmap - a port scanner, allows you to conduct a quick surface penetration test (we already had a detailed article about it);
• netcat is a network Swiss knife that allows, among other things, to manually connect to servers that work with plain text protocols: HTTP, SMTP;
• dd - utility for block copying of data, you can take a file system dump from it;
• mc is a two-pane console file manager.

Instead of a conclusion

Here it should once again be said that this is just the tip of the iceberg, that each admin has his own tools, it is imperative to add the flexibility of Linux, and so on and so forth. But this article is just describing a set of good tools that will make your life easier.

All system administrators, regardless of whether you are administering Windows or Linux, need a specific set of programs, tools and utilities that will help to cope with an unexpected situation, analyze the system or make it easier to solve everyday problems. There are many such solutions,
including open source.

In this article, we will take a look at the best 2016 sysadmin software that you can use in your work. Our list will include not only regular utilities and programs for a specific operating system, but also entire images. Now let's move on to our list.

A good text editor is one of the main tools of the system administrator, since in many situations you have to make changes to the configuration files and it is important to do it very quickly. Vim recently turned 25 years old and is still under active development.

It compares favorably with all other editors in that it allows you to perform text editing
and moving around it very quickly without lifting your fingers from the main keyboard. To do this, the editor has two modes - the command mode, with which you can navigate through the text using the letter keys, as well as execute various commands. The second mode is editing, in which the program turns into a regular editor.

In November, the eighth version of Vim was released, in which the program received many improvements. For example, GTK3 support
and asynchronous I / O for plugins. This editor can work not only on Linux, but also on Windows and MacOS.

2. Htop

Monitoring the load on the operating system is also a very important task that system administrators often face. For example, if you need to find out very urgently which program is overloading the processor or taking up all the available RAM. The htop utility shows in real time a list of all running processes with the ability to sort by the desired parameter, processor use, memory.

In addition, using the utility, you can see the number of threads of the processor core on which the program is running and much more. This is one of the most important utilities on the list of system administrator programs. The program only works on Linux systems.

3. Git

Version control is very important not only in programming. For various scripts, configuration and plain text files, it can also be very useful to restore the previous version.

The Git system was originally developed by Linus Torvaldst to guide the development of the Linux kernel.
But today it is a full-fledged platform, which is used by a very large number of projects.
open source. But it can also be useful in keeping old versions of your config files.

The latest version at the moment is 2.10, which has many useful features. For example, using the git diff command, you can find out exactly which lines and in which files were changed, the deleted lines will be crossed out. The program can be used on Windows and Linux.

Computers don't always work as they should and tend to break down. It is a great practice for system administrators to have a CD or USB drive with a set of tools that will help restore the system or at least data from problem computers.

SystemRescueCD is an actively developing suite of system administrator utilities for all occasions. It is a bootable Linux distribution based on Gentoo that contains various tools for checking hardware, partitioning a disk, recovering data, checking your computer for viruses, setting up your network, and more.

Versions 2.8 and 2.9 were released in 2016. In these versions, the image received updates to various components, including the addition of support for tools for working with btrfs.

5. Clonezilla

Sometimes it is better not to rebuild the system from scratch, but to have a backup of the entire machine so that you can bring the system back to life in a few minutes. Clonezilla is the de facto standard for making backups
and deploying system images to disk. You can create backups as for separate partitions,
and for the entire disk as a whole.

The program can be used from the current system or as a bootable image with a pseudographic interface - Clonezilla Live. Once you have a finished copy, you can very easily recover from a failed configuration or upgrade.

The latest release adds support for detecting Windows BitLocker encrypted volumes, improves EFI support, and updates all software to the latest Debian versions.

6. Docker

Containers are isolated environments that allow you to run multiple systems on a single Linux kernel. All systems are isolated from one another, as well as from the main system. The Docker container configuration tool has been a huge contributor to container development in 2016.

Docker is an open platform that allows you to deploy containers in just a few commands
with the required Linux distributions and run the required software on them. With Docker
you can package a single application with all its dependencies and then run on any distribution that supports Docker.

You can create your own programs and share them with other users. Docker allows companies to choose the system in which the software will run without restricting developers
in tools and programming languages.

In the latest versions of Docker, the ability to check the state of the container and automatic recovery in case of problems have been added, and now Docker containers can work not only in Linux,
but also on Windows.

7. Wireshark

Wireshark is a tool for analyzing traffic passing through a computer and saving network packets. Such a task can arise when analyzing the health of a network, network services, or web applications. The program supports a huge number of protocols, it can even decrypt HTTPS traffic if it has a key.
You can filter all traffic by the required parameters, sort packets, view their contents
and complete information, as well as much more.

The new version of the Wireshark 2.0 program was released in 2015, since then it has been actively developed in this branch. Its interface has been rewritten in Qt5 and also made more intuitive.

8. TightVNC

TightVNC allows you to access the GUI on a remote computer. With this program, you can control your computer remotely without actually being in front of it. Usually administrators manage Linux servers via ssh, however, some users prefer to use a graphical interface for such tasks.

The program has the ability to encrypt VNC traffic, thus making it secure, just like ssh. TightVNC can run on both Linux and Windows. Then you will be able to access your device
from anywhere with internet access.

9. Zenmap

Zenmap is a graphical interface to the popular network scanner, nmap. With this tool
you can very quickly find all the nodes connected to the network, check the network topology, and also see the list of running services on each of the computers.

Also, with the help of the program, you can find potentially dangerous places in the server configuration; many administrators use it to check the availability of nodes or even measure the uptime.

10. Filezilla

Our list of sysadmin utilities is nearing completion. During server administration, you often have to transfer files. Typically this task is performed over FTP. Filezilla is one of the best and most popular FTP file transfer and upload clients. The program interface is split
on two panels, in one of them you see the local computer, and in the other the remote file system of the FTP server.

The program's interface is intuitive and can be used on Windows, Linux and MacOS.

conclusions

In this article, we reviewed programs for the system administrator 2016, which can greatly help you in administering your computer ecosystem. What tools do you use? Write in the comments!

Alchemy Remote Computing 1.4.3
The program allows you to monitor remote computers and control them in the local network without leaving your workplace. The administrator connects to a remote computer via the network and, seeing the desktop of the remote computer on his screen, can launch programs and change work parameters using his keyboard and mouse. Thanks to the encryption of the data transfer protocol, the use of Alchemy Remote Computing is safe even over wide networks.
http://download.com.com/3000-2085-10218076.html?tag\u003dlst-2-5, 1.09 Mb

TMeter 4.4.212
A program for calculating Internet traffic in office and home networks. TMeter works in real time, i.e. the collected statistics are displayed on the screen immediately in graphical or digital form. Thus, you can always see what is loading your Internet channel the most. The program has a powerful system of traffic filters that allows you to count only useful traffic. TMeter is distributed in two versions - free and commercial. Their main difference is that the free version has a limit on the number of filters used to three. This, of course, is not enough for an enterprise, but quite enough for a home LAN.
http://www.tmeter.ru/tmeter/TMeter44.exe, 1.5 Mb

OmniVPN 1.7.3
Free utility to protect your computer from unauthorized access. The program serves not only as a regular firewall, but also as a virtual private network (VPN). It allows you to remotely access your computer, while protecting it from hackers. OmniVPN even works with dynamic IP addresses.
http://www.tucows.com/preview/295100.html, 11.8 Mb

NetworkSearcher 3.4
A powerful utility for quickly finding files and folders on the local network. The program has a fast search engine and allows you to find even hidden system files. With its help, you can search in selected networks, domains, groups, folders, and the navigation is very well thought out. You can set several search criteria at once.
http://www.bgsoft.net/NetworkSearcher.zip, 750 Kb

Access Administrator Pro v3.9
A new version of the popular data protection software. Access Administrator has a whole range of useful features, but at the same time is very easy to use, which makes it attractive for users of any level. The program will help to establish user groups, passwords for files and folders. It can also be used to specify the time during which access is possible. The utility will not allow itself to be deleted by anyone who does not know the administrator password.
http://www.softheap.com/download/fr.zip, 960 Kb

1 Click And Lock 2.72
The 1Click & Lock utility provides access to the desktop only after a correctly entered password. In the program settings, you can set automatic launch together with the system, block access to the desktop through the icon in the system tray, keep statistics on incorrectly entered passwords, etc. The program also blocks the hot restart keys, thereby increasing the protection of your computer.
http://www.softstack.com/download/1cllock.zip, 1,3 Mb

Anyplace Control 2.3
A small (fits on a floppy disk!) Program for controlling a remote computer. The program displays the screen of another computer and allows you to use your mouse and keyboard to control it. That is, you can work at a remote computer as if you were sitting at it yourself. What's more, you can control multiple machines at the same time. Anyplace Control is very fast, so you can forget that you are working on a remote computer.
http://download.com.com/3000-7240-10235878.html, 1.09 Mb

WinRet 4.8
Free program for creating backups of Windows and Internet Explorer in case of system reinstallation. Usually, before reinstalling, you save all the data you need in the future, but each time you forget about something. Thus, the Favorites folder disappears, and important files recorded in Program Files. With WinRet you will save yourself from this headache forever. Among other things, the program makes copies of the system registry, shortcuts, Outlook Express folders, etc.
, 180 Kb

Desktop DNA v4.6
Desktop DNA is a utility for transferring programs from one computer to another. It does not transfer the applications themselves, keeping only settings, registry entries, etc. The program has a very simple interface and simple settings, so it will not be difficult to determine which files to transfer. If you need to "replicate" a program on a local network, the program can do it simultaneously on several computers. If there is no network, you can save all the settings and transfer them using any media: Zip, CD-R, etc. If suddenly, after transferring data, the system does not work correctly on a remote computer, you can restore all settings using the data backup tool ...
http://www.miramar.com/Products/Small_Office/Download/index.html, 17 Mb

Fortress 2.12
Fortress is a powerful security system that helps you control all the applications running on your computer. Using this program, you can easily detect Trojans, viruses and other harmful applications. As soon as Fortress finds one of these processes, it will be stopped and never started again. When you start a new application, the program will tell you if it is harmful to the system. In addition, Fortress can be used to determine which programs were running on your computer while you were away, as it records all processes.
http://www.jt-labs.com/FortressSetup.zip, 800 Kb

My Drivers 3.0
System crashes are often caused by corrupted drivers. In order not to get into such an unpleasant situation, you need to keep a backup copy of system files on your hard disk. This can be done using the My Drivers program. This utility will easily and quickly identify the installed drivers for various devices, and then make a backup copy of them. You can reserve all drivers together or selectively. In this case, all the necessary files will be placed in a self-extracting * .exe installer.
http://www.qwerks.com/download/6466/mydrivers.exe, 1.61 Mb

Antiy Ghostbusters Standard Edition 4.37
Antiy Ghostbusters Standard Edition is a powerful information security software. It consists of two parts - an anti-hacker utility and an information security tool. Antiy Ghostbusters Standard Edition can detect on your computer and remove various viruses (Trojans, worms) that are disguised in the system, damaging the confidentiality of information. In addition, this program allows you to monitor the system, showing information about the status of ports, IP addresses, etc.
http://download.com.com/3000-2239-10161638.htm, 4.69 Mb

Deskbolt 1.1
This program serves to block access to the computer and fine-tune the desktop. With its help, you can set a password for access or restrict access to some users. In addition, Deskbolt gives you the ability to customize every detail on your desktop, add a clock display, current username, computer name, or any other text. Using the installed hotkeys, you can turn off, restart the computer or change the user.
http://bashware.thecorecommunity.com/downloaddeskbolt.html, 889 Kb

vuBrief 5.0
This program serves to organize large amounts of data and synchronize files between multiple computers. It can be used both in a local network and when the network is not available. In the latter case, an intermediary device is used to synchronize data: floppy disk, FTP server, CDRW, Iomega ZIP, etc.
http://www.vu-software.spb.ru/brief/vu_brief_setup.zip, 3.2 Mb.

P.C. Police 2004
P.C. utility Police lives up to its name. This program keeps a record of all actions performed by the user: registers links, fixes used applications, saves data entered into the clipboard, keeps track of pressed keys, etc. P.C. statistics Police is conducted invisibly to the user, so this program is of particular interest to system administrators and anyone who has to monitor user activities.
http://pc-police.nethint.com/download.htm, 2.5 Mb

Bandwidth Monitor Pro 1.29
A program for collecting statistics on incoming and outgoing network traffic. Flexible configuration of Bandwidth Monitor Pro allows you to optimize the program for various working conditions, keep track of network traffic for any time period - from session reports to monthly analytical statistics. The program runs in the background, and this practically does not affect the system resources of the working machine. Of particular interest to system administrators and users who pay for every megabyte downloaded from the network.

November 27, 2014 at 03:31 PM

Free software for remote control of computers

• Server administration,
• Network technologies ,
• System administration

Remote computer control programs allow you to remotely control another computer over the Internet or on a local network. This is convenient when you need to help a not very experienced user, for example, a relative or friend who is poorly versed in a computer to do something on it, without leaving your comfortable chair and without wasting your nerves and time on telephone conversations. Such programs are also convenient to use for remote work, for example, from home to connect to the office and vice versa - to access your home PC, for system administration of a whole fleet of computers and servers.

Let's conduct a comparative analysis of remote control programs, highlight their advantages and disadvantages.

TeamViewer

One of the most popular programs for remote access, it can be quickly downloaded and installed or immediately launched without installation, even an inexperienced user can handle this. When launched, the program displays a window with an ID and password for accessing this computer, and TeamViewer allows you to connect to another computer by specifying its ID and password.

Benefits:
The program has several basic modes of operation: remote control, file transfer, chat, and demonstration of your desktop. The program allows you to configure round-the-clock access to the computer, which will be convenient for system administration. The speed of work is quite decent, there are versions for all mobile platforms, for various operating systems, which is very pleasing. A simple and straightforward interface plus a number of additional utilities to expand the functionality of the program will be useful for remote support services.

Disadvantages:
Although the program is free, but only for non-commercial use, and when working with it for more than 5 minutes, a number of difficulties arise, for example, TV can block a remote connection session, recognizing it as commercial use. For round-the-clock remote access or administration of several computers, a computer network, you will have to pay for additional program modules. The cost of the program is high.

Outcome:
This program is ideal for a one-time remote connection or using it for short periods of time. It is convenient to use from mobile platforms, but not to administer a large number of computers. You will have to pay extra for additional modules.

LiteManager

A simple, but quite powerful program in terms of capabilities, consists of two parts, the first is Server, which must be installed or run on a remote computer and Viewer, which allows you to control another computer. To work, the program requires a little more skills and experience from the manager, although working as a server is even easier than in TeamViewer, the server can be installed once and no more action is needed from the user, the ID will always be constant, you can even set it yourself manually, which very easy to remember. LiteManager Free version is free for personal and commercial use.

Benefits:
In addition to the main modes of remote access: remote control, file transfer, chat, task manager, registry editor, the program also has unique functions, for example: inventory, screen recording, remote installation. The program is free for use on 30 computers, it can be used for round-the-clock access without any additional modules. There are no time limits. It is possible to set up your own server ID to set up corporate support. The program does not have any restrictions on the operating time and locks.

Disadvantages:
There is not enough client for mobile platforms or other systems, there are restrictions on 30 computers in the free version, to administer more you need to purchase a license. Some specific operating modes are available only in the Pro version.

Outcome:
Litemanager is suitable for providing remote support, for administering several dozen computers absolutely free of charge, for setting up your own remote support service. The cost of the program is the lowest in its segment and the license is not limited in time.

Ammy admin

The program is basically similar to TeamViewer, but a simpler version. There are only the basic modes of operation - viewing and control, file transfer, chat. The program can work without installation, free for non-commercial use.

Benefits:
A simple and lightweight program, you can work both on the Internet and in a local network, has minimal settings and does not require any special skills and abilities. Compared to TeamViewer, the licensing policy is milder.

Disadvantages:
A minimum of functions for remote control, it will be difficult to administer a large park of computers, with long-term use, more than 15 hours a month, the session may be limited or blocked, paid for commercial use,

Outcome:
This program is more suitable for a one-time connection to a computer and not very complex manipulations, for example, as an aid to an inexperienced user in setting up a computer.

RAdmin

One of the first remote control programs and well-known in its circle, I could not help but mention it, more intended for system administration, the main focus is on security. The program consists of two: a server component and a client. It requires installation, it will not be easy for an inexperienced user to figure it out, the program is designed mainly to work by IP address, which is not very convenient for providing those. online support. The program is paid, but it has a free trial period.

Benefits:
The program has high operating speed, especially on a good network, thanks to the desktop capture video driver, increased reliability and security. Intel AMT technology is built in, which allows you to connect to the BIOS of a remote computer and configure it. Only the main modes of operation are implemented: remote control, file transfer, chat, etc.

Disadvantages:
There is almost no way to work without an IP address, i.e. connect by ID. There is no client for mobile systems. No free version, only 30 days trial period. Experienced user skills are required to work with the program. When connecting a video, the driver may disable the Aero graphic shell, sometimes the screen flickers.

Outcome:
The program is more suitable for system administrators to administer computers and servers in a local network. To work over the Internet, you may need to set up a VPN tunnel.