ammartahir1978
asked on
how monitor network
Hi Guys,
I am in kind black whole i have to say: i have a site which is connected through a lease line and i have a continous ping to the site which hardly drop but users on the sites are saying its dropping which i can not see at all.
is there any monitoring tool which i can use which can tell me or give me a log of:
1. when network drops either its network or computer
2. which hardware is causing a drop.
3. how long they are connected for.
well basis is either network is dropping or not.
Regards,
Ammar Tahir
I am in kind black whole i have to say: i have a site which is connected through a lease line and i have a continous ping to the site which hardly drop but users on the sites are saying its dropping which i can not see at all.
is there any monitoring tool which i can use which can tell me or give me a log of:
1. when network drops either its network or computer
2. which hardware is causing a drop.
3. how long they are connected for.
well basis is either network is dropping or not.
Regards,
Ammar Tahir
BTW in case you wonder which is best: tcpdump on the server or on a dedicated box, there are pros and cons:
on the server: easier to setup but if your hardware or network drivers are buggy, tcpdump may report packets that where not sent
on the dedicated box: independent of the server but could miss packets if the packe rate is too high
BTW If the trafic is to high you may want to run tcpdump with a filter for example
tcpdump -w filename.pcap -ni ethX 'icmp or port 80 or port 443'
would capture http(s) and icmp only
You could be even more selective by focusing on a particular client address:
tcpdump -w filename.pcap -ni ethX '(icmp or port 80 or port 443) and host 1.2.3.4'
For even more sophisticated investigation you may consider running tcpdump on the client aswell and then compare the two capture files, but this is rather cumbersome
Another tough: some time problems experienced by user are "side effects" i.e. they do not pertain to the main communication channel between the server and the client but to an auxiliary service like DNS. In such case, monitoring the traffic on the client may be more valuable than on the server side
on the server: easier to setup but if your hardware or network drivers are buggy, tcpdump may report packets that where not sent
on the dedicated box: independent of the server but could miss packets if the packe rate is too high
BTW If the trafic is to high you may want to run tcpdump with a filter for example
tcpdump -w filename.pcap -ni ethX 'icmp or port 80 or port 443'
would capture http(s) and icmp only
You could be even more selective by focusing on a particular client address:
tcpdump -w filename.pcap -ni ethX '(icmp or port 80 or port 443) and host 1.2.3.4'
For even more sophisticated investigation you may consider running tcpdump on the client aswell and then compare the two capture files, but this is rather cumbersome
Another tough: some time problems experienced by user are "side effects" i.e. they do not pertain to the main communication channel between the server and the client but to an auxiliary service like DNS. In such case, monitoring the traffic on the client may be more valuable than on the server side
ASKER
Hi Hugetoon,
I have install the winsharke, can you please help me set it up and how can i see what is going on on my network?
I have install the winsharke, can you please help me set it up and how can i see what is going on on my network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
followup warnings:
1)
Wireshark is a huge and wonderful piece software, something one would call 'killer-app'.
Therefore you might grow addicted sooner than you realize. If you have the feeling that you are going to use it again (and again and again). Investing in a book may spare you some time while you travel the learning curve.
2)
There are many tools around that make the network troubleshooting task easier. Some are free, some very expensive. However so far they only leverage, not replace the understanding of networking issues by the person who uses them.
3)
My (modest) experience shows that almost all networking problems fall into 3 categories
- protocol and technical compliance issues (bad implementation and/or configuration)
- timing issues (inappropriate technologies and/or sizing)
- non networking problems wrongly reported as such (chair-keyboard interface bugs)
1)
Wireshark is a huge and wonderful piece software, something one would call 'killer-app'.
Therefore you might grow addicted sooner than you realize. If you have the feeling that you are going to use it again (and again and again). Investing in a book may spare you some time while you travel the learning curve.
2)
There are many tools around that make the network troubleshooting task easier. Some are free, some very expensive. However so far they only leverage, not replace the understanding of networking issues by the person who uses them.
3)
My (modest) experience shows that almost all networking problems fall into 3 categories
- protocol and technical compliance issues (bad implementation and/or configuration)
- timing issues (inappropriate technologies and/or sizing)
- non networking problems wrongly reported as such (chair-keyboard interface bugs)
ASKER
thank you Hugetoon,
I really like the tool, can you recommend any good book or is it there any available for winshark.
i know i am facing the same problem here as users are reporting wrong information regarding the network. which i have to spend my time on, i need to show to the directors that this is not the case, so basically i am looking for a tool which can give me a readable log and shows the following:
Computer xyz send this amount of data over the network
computer xyz dropped of the network at this time.
you know what i mean as i can read the log but to make it readable for directors i have to show them in plain text
I really like the tool, can you recommend any good book or is it there any available for winshark.
i know i am facing the same problem here as users are reporting wrong information regarding the network. which i have to spend my time on, i need to show to the directors that this is not the case, so basically i am looking for a tool which can give me a readable log and shows the following:
Computer xyz send this amount of data over the network
computer xyz dropped of the network at this time.
you know what i mean as i can read the log but to make it readable for directors i have to show them in plain text
The book I own is "Wireshark & Ethereal Network Protocol Analyzer Toolkit" which doesn't mean there are no others, but this one seems adequate.
For directors: a part scaring red/black colors and graphs from "statistics" menu may be visual enough.
For directors: a part scaring red/black colors and graphs from "statistics" menu may be visual enough.
1) Capture the network packets with tcpdump
- run tcpdump on a dedicated box connected to a port on the same switch as the server, the port should be setup as "monitor" or "mirror" or "span" or any other term used by the switch manufacturer.
or
- run tcpdump on the server
"tcpdump -w <filename> -ni <interface>
2) use wireshark to open and explore the file created by tcpdump. Wireshark has specific meta-fiels "tcp analysis" and coloring rules for specific conditions of the TCP protocol that are a symptom of network problems
"wireshark -nr <filename>"
Specifically look for retransmissions and response times.
Usually the "guilty" equipement is the one that receives the last regular packet (for rst packets this rule may not work)