tcp/ic traffic anaylizer

tcp/ic traffic anaylizer

Post by buddy » Thu, 09 Nov 2000 04:00:00



What tools would you recommend to analyze why network traffic has suddenly
come to a slow crawl?

Internal traffic in our wide area network is still okay (or appears to be)
but incoming/outgoing thru our internet pipe is really slow!

Mixed enviroment SCO 5.05 tcp/ip (with 1 DNS), win95 tcp/ip, nt tcp/ip, w2k
tcp/ip.  6 wide area SCO servers running mail services etc.  Not much ftp,
mostly just tcp/ip terminal (character) emulation and, from the win
machines, internet access.

Thanx!

 
 
 

tcp/ic traffic anaylizer

Post by Bill Vermilli » Fri, 10 Nov 2000 04:00:00


In article


>What tools would you recommend to analyze why network traffic has
>suddenly come to a slow crawl?
>Internal traffic in our wide area network is still okay (or appears
>to be) but incoming/outgoing thru our internet pipe is really slow!

Maybe your ISP is horribly overloaded.  Run traceroute to the sites
that appear slow, and also pings.  I'd lay odds that the problem is
not on you side.

--


 
 
 

tcp/ic traffic anaylizer

Post by Jeff Lieberman » Fri, 10 Nov 2000 04:00:00



>What tools would you recommend to analyze why network traffic has suddenly
>come to a slow crawl?

ping.

Quote:>Internal traffic in our wide area network is still okay (or appears to be)
>but incoming/outgoing thru our internet pipe is really slow!

ping and MRTG graphing.

Quote:>Mixed enviroment SCO 5.05 tcp/ip (with 1 DNS), win95 tcp/ip, nt tcp/ip, w2k
>tcp/ip.  6 wide area SCO servers running mail services etc.  Not much ftp,
>mostly just tcp/ip terminal (character) emulation and, from the win
>machines, internet access.

I'll assume that the slowdown is NOT application specific and that there
have been no hardware or software changes.

ping will show the latency across the internet and your WAN.  You should
know what is considered normal for your unspecified WAN connection.  You
can also ping workstations locally for checking the local LAN.  MRTG
generates traffic graphs from routers and servers using SNMP.  See:
        http://www.mrtg.org
The historical graphs will show you *WHEN* things changed (which makes
assigning the blame easier), and what is considered normal.  I also use
MRTG to graph latency (ping) to remote links.

The most common slowdown I've found recently is Napster and its
variations.  I recently installed a DSL/cable VPN between two offices
that appeared to have major but erratic slowdowns.  However, every time I
showed up to play troubleshooter, it was just fine.  Eventually, I found
the employee running the Napster software.  These are very difficult to
track down as they do not have an easily identifiable signature or port
number.  Ethereal won't decode it.  I strongly suggest you monitor and
graph you WAN and internet traffic.  Incidently, the way I accidentally
found the culprit was he managed to fill up his 15GB drive with MP3's and
botched the attempt to add an additional drive.

If you wanna play with traffic analyzers, sniffers, and decoders, see:
        http://ethereal.zing.org
or dig through:
        http://packetstorm.securify.com/sniffers/indexdl.shtml
        http://packetstorm.securify.com/sniffers/sniffing-faq.htm
You also have a nice packet sniffer on your NT4 machine called "netmon".
Just install network monitoring client and services on the Network
control panel thingy.  However, the version that comes with NT4 will only
monitor the local NT4 server.  To monitor the rest of the network, you'll
need the version that comes with SMS server.  Also, netmon doesn't decode
anywhere near as many different types of packets as does Ethereal.

--

150 Felker St #D  Santa Cruz CA  95060
831-421-6491 pager   831-429-1240 fax
http://www.cruzio.com/~jeffl/sco/   SCO stuff