Top 5 Tools Every Network Admin Needs

Network administration has approximately ten thousand tools, half of which are abandoned GitHub projects. The ones that actually matter are the boring, reliable, been-around-for-decades ones. Here are the five that show up on every serious admin's machine.

Wireshark: The One That Changes How You Think

Wireshark is a packet analyser — it captures raw network traffic and lets you see exactly what's moving across your interfaces. Not summaries. Not logs. The actual packets, every protocol header, every byte of payload you're allowed to see. When something is broken and nobody knows why, Wireshark is usually where the answer hides.

The learning curve is real. Spend a few hours with the display filters and you'll start seeing network problems differently. A DNS resolution that should take 20ms taking 800ms shows up immediately. A misconfigured firewall dropping specific packet types is obvious in the capture when it's invisible everywhere else.

nmap: Network Mapping That Actually Works

nmap scans networks and tells you what's there — hosts, open ports, running services, operating system fingerprints. On a network you manage, it's how you find rogue devices, audit firewall rules, and verify that services are actually listening where they're supposed to be. It took one admin 11 minutes using nmap to find the misconfigured test server that had been exposing port 3306 to the internet for six weeks.

dig: DNS Debugging in One Command

The dig command queries DNS directly, bypassing your OS resolver cache, and returns machine-readable output. When you need to know whether a DNS record has propagated, whether a specific nameserver is returning the right answer, or what TTL a record is set to, dig gives you the truth in under a second. The +trace flag is particularly useful — it walks the entire DNS resolution chain from root servers down, showing you exactly where things break.

MTR: Traceroute With Memory

MTR combines ping and traceroute into a live, updating display. It shows you every hop between your machine and a destination, with real-time packet loss and latency statistics for each hop. A regular traceroute is a snapshot. MTR runs continuously for as long as you leave it open, so you can catch intermittent packet loss that a single traceroute would miss entirely. For diagnosing ISP routing problems, it's irreplaceable.

Netstat / ss: What Your Machine Is Actually Doing

netstat (or its faster modern replacement, ss) shows active network connections and listening ports on the local machine. It answers the question: what's actually connecting to what, right now? Unexpected connections to foreign IPs, services listening on ports they shouldn't, half-open connections piling up — all visible immediately. On a server showing odd behaviour, ss -tulnp should be the second command you run, after checking the process list.