Results 1 to 11 of 11

Thread: Port and packet analyser?

  1. #1
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Port and packet analyser?

    Hi,

    One of my friends is experiencing a very slow network. I was reading this article, and I'm going to try as many of their tips as possible, but a lot of them have to do with monitoring how many packets are being sent from each of the computers on the LAN, and what ports they are using.

    I don't have the ability to check that (or at least, I don't know how), so I was wondering what kind of software are they talking about?

    Would I need a Managed switch to check this, or is it some application that can be installed in the DHCP/DNS/AD server?

    Thanks!

    P.S.: here's the article:
    http://www.zdnet.co.uk/print/?TYPE=s...427t-20000018c

  2. #2
    Will work for beer... nichomach's Avatar
    Join Date
    Jul 2003
    Location
    Preston, Lancs
    Posts
    6,137
    Thanks
    563
    Thanked
    138 times in 99 posts
    • nichomach's system
      • Motherboard:
      • Gigabyte GA-870A-UD3
      • CPU:
      • AMD Phenom II X6 1055T 95W
      • Memory:
      • 16GB DR3
      • Storage:
      • 1x250GB Maxtor SATAII, 1x 400GB Hitachi SATAII
      • Graphics card(s):
      • Zotac GTX 1060 3GB
      • PSU:
      • Coolermaster 500W
      • Case:
      • Coolermaster Elite 430
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Dell 20" TFT
      • Internet:
      • Virgin Media Cable

  3. #3
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    Ethereal on an unmanaged switch will only pick up broadcast traffic - You'll need to connect it to the uplink port ( may need to use a crossover cable as well ) to be able to pick up traffic on every port.
    If its a hub however you'll have no problems.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  4. #4
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by nichomach
    Thanks, this looks great. I read the FAQ and it said it would work on Windows XP (my friend's network uses Simple File Sharing with and XP Pro network, not a Server OS).

    I was wondering if you could just give me a BASIC overview of how to use it. I mean even more basic than the FAQ. Like really simply, is it an application that I install on any random computer on the network and it will do it's thing?

    I'd appreciate it!

  5. #5
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by Moby-Dick
    Ethereal on an unmanaged switch will only pick up broadcast traffic...
    Thanks, Moby. I am using unmanaged switches, but please correct me if I'm wrong.... if I did have a managed switch, would I still need software like Ethereal? Because I thought the whole point of a managed switch was to do this sort of thing (monitor packets, etc).

    Quote Originally Posted by Moby-Dick
    ...You'll need to connect it to the uplink port ( may need to use a crossover cable as well ) to be able to pick up traffic on every port. If its a hub however you'll have no problems.
    My switches have no reserved uplink port... all jacks are identical. Therefore, I guess I will have to use a reversed cross-over cable to simulate an uplink port? Could you please explain where I need to plug this cross-over cable? Is it any random port on the switch gets plugged into the computer with the Ethereal program installed?

    Thanks
    Last edited by latrosicarius; 20-06-2006 at 08:44 PM.

  6. #6
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    If there's no port which can be configured for SPAN/mirroring, and no uplink port exists, then you might be snookered.

    Describe the LAN topology:
    - how many clients, and what OS on each?
    - what make/model are the switch(es)?
    - are they all plugged into the 1 switch or is there a more complex infrastructure?
    - if there is more than 1 switch, is the speed problem present between 2 machines connected to the same switch?
    - are the ports on the switch(es) set to "auto negotiate" or configured for a certain speed/duplex?
    - are the client NICs set to "auto negotiate" or configured for a certain speed/duplex?

    Define "slow network":
    - is this slow to locate machine but file copying is reasonable?
    - is all file copying painfully slow?
    - are all protocols affected (SMB, FTP, SMTP) or just one/some?

    Start with high level troubleshooting - if there is a speed problem between 2 machines in the same switch, disonnected everything else (switches, routers and clients) and see if the problem goes away.

    Is there a common point of "slowness"?
    i.e. machines A,B,C,D on the network and everything that wants to talk to machine B is really slow, while A<->C, A<->D and C<->D is all fine

    Pick a client that exhibits the slow behaviour and run Ethereal on that to capture a trace for, say, 1 minute while you reproduce the symptoms (it's simple enough to do this, there is a "Capture" menu option and once you have selected the interface you click "Start", then "Stop" when done).
    If you can get a bunch of such small traces you can mail them to me and I'll take a look-see.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  7. #7
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by Paul Adams
    If there's no port which can be configured for SPAN/mirroring, and no uplink port exists, then you might be snookered.
    These switches don't have any special jacks. They are only home consumer brands.

    The first thing I'm going to check is lose/faulty connections in the RJ45 heads b/c these are all self-made cables and I was in a rush....

    I'm sorry I have to be such a pain, always asking questions. From your point of view, I bet I look like the blind trying to lead the blind lol. I'll try to answer your points below:

    Quote Originally Posted by Paul Adams
    Describe the LAN topology:
    - how many clients, and what OS on each?
    8 clients, one "server". Not really a server, just a PC with a Simple File Sharing network share and large RAIDed disks. All PCs are Windows XP Pro, including the "server".

    Quote Originally Posted by Paul Adams
    - what make/model are the switch(es)?
    D-Link DGS-1008D 8-Port 10/100/1000 Desktop Switch

    Quote Originally Posted by Paul Adams
    - are they all plugged into the 1 switch or is there a more complex infrastructure?
    There are two switches connected to one D-Link DGL-4100 GamerLounge Broadband Gigabit Gaming Router cable router.

    Quote Originally Posted by Paul Adams
    - if there is more than 1 switch, is the speed problem present between 2 machines connected to the same switch?
    Sorry, don't know... I'm hearing all this second-hand from my friend. I might be able to visit, but it's an hour and a half away lol <-- I'm lazy

    Quote Originally Posted by Paul Adams
    - are the ports on the switch(es) set to "auto negotiate" or configured for a certain speed/duplex?
    - are the client NICs set to "auto negotiate" or configured for a certain speed/duplex?
    The box says they are "auto-sensing 10/100/1000. Not really sure if that's the same thing, but they are definitly unmanaged switches, so there's no settings for this.

    Quote Originally Posted by Paul Adams
    Define "slow network":
    - is this slow to locate machine but file copying is reasonable?
    - is all file copying painfully slow?
    - are all protocols affected (SMB, FTP, SMTP) or just one/some?
    Sorry, don't know any of these things... I know it is important info to provide

    Quote Originally Posted by Paul Adams
    Pick a client that exhibits the slow behaviour and run Ethereal on that...
    Is this possible on my version of switches that have no Monitor port like you mentioned above?

  8. #8
    Senior Member
    Join Date
    Oct 2005
    Posts
    320
    Thanks
    3
    Thanked
    1 time in 1 post
    i can see that the dgs-1008d has qos (quality of service)...is this enabled?

    The gamer router almost certainly has qos enabled as default...maybe they are opposing each other, one giving priority to games, the other to web traffic.

    Try turning qos off on all the routers

  9. #9
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by latrosicarius
    [re: Ethereal]Is this possible on my version of switches that have no Monitor port like you mentioned above?
    Running Ethereal on a machine will capture the network traffic which the switch transmits to it, and packets that leave the client.
    So this covers traffic destined for the client itself and broadcast traffic which is sent to every machine in the subnet.

    By taking simultaneous traces on 2 machines that are slow to communicate you can capture all the necessary information - if there is something "jabbering" on the network then you might see loads of broadcast packets, and if not but the packet latency is long then the switch might be overloaded, underperforming, have QoS enable like pak000 mentioned, or just be plain busted.

    Start with 1 trace on 1 client that is slow while the problem is reproduced, this will at least give something to analyse.

    The details of the problem are essential - simplify the network topology as described to see if it has an impact on performance, this will help isolate the boundaries of the issue before you start with the detailed analysis.

    First step I would take it to remove everything bar 2 machines in the same switch and see if the problem is still present, that is a good starting place - if the problem isn't present then add the networking components one at a time and test between each addition to see if you can identify the requirement for the problem to exist.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  10. #10
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by pak000
    i can see that the dgs-1008d has qos (quality of service)...is this enabled?

    The gamer router almost certainly has qos enabled as default...maybe they are opposing each other, one giving priority to games, the other to web traffic.

    Try turning qos off on all the routers
    Right, okay thanks. It's proprietary name for this particular router is "GameFuel". I can't remember if it's on or off, but I think it's off. I'll make sure tho. Thanks.

    Either way, I doubt that's the problem b/c the network was fine at first, and nobody is smart or interested enough to change any settings while I'm not there.

  11. #11
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by Paul Adams
    Running Ethereal on a machine will capture the network traffic which the switch transmits to it, and packets that leave the client.
    So this covers traffic destined for the client itself and broadcast traffic which is sent to every machine in the subnet.

    By taking simultaneous traces on 2 machines that are slow to communicate you can capture all the necessary information - if there is something "jabbering" on the network then you might see loads of broadcast packets, and if not but the packet latency is long then the switch might be overloaded, underperforming, have QoS enable like pak000 mentioned, or just be plain busted.

    Start with 1 trace on 1 client that is slow while the problem is reproduced, this will at least give something to analyse.

    The details of the problem are essential - simplify the network topology as described to see if it has an impact on performance, this will help isolate the boundaries of the issue before you start with the detailed analysis.

    First step I would take it to remove everything bar 2 machines in the same switch and see if the problem is still present, that is a good starting place - if the problem isn't present then add the networking components one at a time and test between each addition to see if you can identify the requirement for the problem to exist.
    Paul, thanks for the tips. I will do this the next time I go there. I'll also reply back when I find the problem.

    I appreciate everyone's help with this!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. BT ADSL 1 Static IP NAT. Options (routers)
    By ikonia in forum Networking and Broadband
    Replies: 5
    Last Post: 21-12-2005, 07:19 PM
  2. Nero vision express saying:'Burn process failed'
    By johnnr892 in forum Help! Quick Relief From Tech Headaches
    Replies: 15
    Last Post: 11-12-2005, 11:43 PM
  3. Tunneling through port 80
    By Matt1eD in forum Networking and Broadband
    Replies: 7
    Last Post: 29-05-2005, 11:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •