Desktop intermittently loses network connection

Posted on 2004-08-11
Last Modified: 2011-09-20
This is a tough one.  I manage a small NT Server 4.0 - based domain.  There are 2 network devices - a Cisco FastHub 24 port 10/100 Hub and a 24 port NetGear 10/100 hub, connected together for a single collision domain.  These are wired typically through a cat 5 patch panel with drops out to offices and cubes in the office with about 20 computers on the network.  Everything is connected to the internet through an integrated voice/data T1 providing 768k of T1 bandwidth through a VINA router and then through a Sonicwall SOHO/50 firewall.  One of the desktops, a Dell Optiplex with an internal PCI network card, had major spyware and viruses and was running very slowly.  After spybot and adaware did not completely fix the problem, we decided to wipe the HDD and start over, formatting the drive and installing a fresh clean Win2k OS with SP4, all latest security updates, etc.  We also installed the usual apps - Office 2000, Adobe Acrobat, Norton A/V Corporate, Spybot (to immunize), Printer drivers, FileMaker, etc.  The only "non-standard" app is a timekeeping app called Timeslips whose binary files run from the server through a mapped network drive.  Email is Outlook using Exchange Server and .pst files stored on the file server.  Ip addresses are assigned by DHCP server using range for NAT.  

The system seemed to run fine after the rebuild, but shortly after it came back online, it started having weird problems where it would lose it's connection to the network for brief periods.  I ran an extended ping test and found that it would drop 4-10 packets on an intermittent basis, just enough to hang Outlook and cause problems with Explorer when browsing the network.  

So, I did the usual thing - I checked, and then replaced almost all of the physical network connections.  I replaced the Network Card with a new 3com card, changed to a different Cat 5 patch cable on a different wall jack, changed to a different port on the patch panel with a new cable and connected to a different hub from what they had been connected to previously.  This did not resolve the issue.  I then took the machine home, removed a PCI modem that was not being used and put the 3Com card in the PCI slot that was used by the modem.  I then ran an extended ping test on my home network and it did not drop any packets.  I then brought the system back to the office and it is now doing the exact same thing - dropping packets and losing network connection periodically.    When I had the system at home, I also ran 3 loops of the Dell diagnostics that come on a set of 5 floppy disks.  These tests included Memory, PCI, drives, IDE controllers, etc.  Everything passed ok.

Also, at one point at the beginning of this problem I found out that someone in the office added a linksys wireless router and left the DCHP server on so we had a DCHP conflict that affected this particular desktop.  After I cleared that up, it seemed to fix the problem, but that didn't last long as the system started losing it's connection pretty frequently even after the DHCP issue was resolved.

I'm not sure what to do next with this.  It seems that since the system worked ok on my home network, there must be something specific about the office network that is causing the issue.   I don't know what to do next though as the system appears to be working fine in all respects except this and I have already replaced / changed every physical component of the network connection possible.  Could there be some sort of issue with a stuck entry in an ARP cache somewhere?  Some malicious program that is trying to reach this system and is effectively sending a brief DOS attack?  Not sure what to do next....any advice would be appreciated.

Question by:emilysam
LVL 15

Expert Comment

ID: 11774004
Hmm, i would check the cable that runs from this computer location to the patch pannel. You can eliminate the computer, you can eliminate the switch, the only thing remaining, is the cable in the wall.

You could always change the computer of location in this office and see if it continues. Bring it on the switch location, and plug it directly using a new cable to see if it will continue.

Author Comment

ID: 11774046
Already done all of that.  I've tried a different wall jack in the office where the computer is, changed the cable that is connecting the patch panel port to the hub (and it's a different port in the patch panel), and connected to a different port on a different hub and still no luck.
LVL 15

Assisted Solution

adamdrayer earned 200 total points
ID: 11774585

Check the other computer for their NIC "auto-negotiate" settings in the device manager.  It's possible they are hard-coded for 10 or 100.  Make sure the settings are the same for this new computer.  Compare the list of installed Service Packs and hotfixes for computers that are working and those that are not in Add/Remove Programs.

When your connection is dropped, how exactly is the problem manifesting itself?  through an error message?  have you checked the event logs for any problems on startup?

Did you disable the on-board NIC when you installed the PCI ethernet card?  which are you using now?

Thanks for the long description it is really helpful.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 11774640
The problem manifests itself as a random loss of network connectivity. Sometimes it lasts a while (>1 min), sometimes a few seconds.  Network apps (email, explorer browsing shared folders, timeslips) tend to lock up when it happens.  I have also noticed the this computer just seems to "run slow".   We don't have identical configurations of systems on the network so it's a little tough to do a direct comparison.  I have however built a couple of systems recently with the same configuration of service packs, hotfixes etc and have had no issues with those.  I will check the negotation settings and see if that has any impact.  That's a good idea.  There is no onboard NIC on this system - it's the low profile desktop model and only has 2 pci slots plus one mini pci slot.  What are your thoughts on putting a sniffer on the connection and trying to associate traffic with the disconnect?  I haven't really used one before so a recommendation for an open source windows based packet sniffer would be helpful....

LVL 15

Expert Comment

ID: 11774693
well you always have

now you said you are running a hub and not a switch?  in this case, a sniffer will show you everything on the network.  I'd say it may be congestion and collisions, but then you'd see it on all the computers, and not just this one.  Just to echo, you've checked the event logs, right?

Author Comment

ID: 11774747
sorry about that.  I haven't checked recently but I did check the eventvwr when it first started happening.  I didn't see anything abnormal.  I suppose it could be congestion on the network but we haven't seen any issues with other computers and there are only 30-35 devices on the network in total.  25 or so desktops, associated network printers, and a couple servers.  I will try Ethereal and recheck the event logs and get back to you.  This case should stay open here as I probably won't be able to continue troubleshooting this until sometime next week.  Thanks for the input so far. If you have other ideas, please pass them along.  Note that regardless of the eventual accepted answer, I am going to award you at least some of the points for your efforts so far  (adamdrayer).

LVL 15

Expert Comment

ID: 11774779
awww.. thanks.  but we'll see... Don't like getting points just cause I jump around and say a bunch of stuff that may be completely off.

Don't worry about leaving this open for as long as you need while you try different things.  Sometimes I'll think about it for a day or two, and it will just pop right in my head.

Author Comment

ID: 11774826
Hey... effort is worth something, even if it doesn't result in the right conclusion. As you know, these things often tend to be a lot of trial and error.  Wouldn't be fair for you to try 10 things and then have someone else swoop in with #11 and get all the points.

LVL 23

Accepted Solution

Tim Holman earned 300 total points
ID: 11794465
Running 2x 24 port hubs connected to each other leaves a pretty big collision domain !

I would look at using a 48 port switch instead, to ensure all PCs get a chance to talk to each other.

You're welcome to sniff to see if anything untoward is going on -

1)  Go to
2)  Under Windows 98/ME/2000/XP/2003 Installers, select a site near you
3)  Download WinPcap_3_0.exe and ethereal-setup-0.10.4.exe
4)  Install WinPcap_3_0 - double click on the WinPcap_3_0.exe file, just
click OK / Yes throughout
5)  Install ethereal-setup-0.10.4 - double click on the file, accept all the
defaults (OK / Yes throughout)
6)  Start the Ethereal application
7)  Go to Capture > Start
8)  Under Interface, select your Internet facing interface.  If you're
unsure, then select one, and continue.  If it displays results, then you've
got the right interface, if your capture is empty, then select another
interface and carry on...
9)  Under Capture Files, put \capture.cap
10)  Click OK
11)  Capturing will commence....
12)  Capture what you need to
13) Go back to Ethereal, click Stop
14)  Analyse the c:\capture.cap file, or send it to me -

Also, remember that a lot of recent viruses will circumvent or disable AV programs, so you may not even know you've got them...

Use these on every machine: make doubly sure you're not infected.  Pretty laborious, but once you've removed viruses and patched your systems (and regularly update the patches, of course), then your less likely to be comprimised.


Author Comment

ID: 12168841
Problem solved. Turned out that a couple other machines on the network were having the same issue but it was not reported.  When I examined the wiring of the network hubs again, I found that they were connected to each other by 3, yes, 3 different patch cables.  A big no no.   Indeed 48 ports was getting to be a pretty big collision domain even after correcting the wiring problem so we upgrade to 2 x 24 port switches and all is well.  

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question