Solved

Sniffer question

Posted on 2004-09-09
12
719 Views
Last Modified: 2008-02-01
Hello,
 i have a client that is complaining of slow network traffic. he thiks he has a bad line or a chatty nic. I am not familure with sniffers. what is a good one to download, and any help using would be great. Than kyou in advance
0
Comment
Question by:eberhardt2329
  • 3
  • 2
  • 2
  • +5
12 Comments
 
LVL 11

Expert Comment

by:PennGwyn
Comment Utility
Ethereal!

You can get a little more features and ease of use -- for awhole lot of cash....

Note:  If it's only one user, try replacing his network cable.  CAT5 isn't as tolerant of abuse as many people seem to believe....

0
 

Author Comment

by:eberhardt2329
Comment Utility
it seems to be the whole place web traffic moving files etc. the two I sent to the user are http://www.ethereal.com/, and
  http://www.networkchemistry.com/products/packetyzer/                and I want them to run for a hour each, and send me the files. Any ideas?
0
 
LVL 9

Expert Comment

by:fixnix
Comment Utility
Unless you filter out a lot during the capture (which could be confusing to a new user of Ethereal, see http://home.insight.rr.com/procana/ for a good page on filtering syntax and examples) you definately don't want to capture for an hour.  On a 5 computer LAN segment here, a 5 minute promiscuous capture yields a log file that is painfully slow to sort, manipulate, poke around, and use on a (slow, 1GHz, 128ram) workstation.  On a decent machine 5 mins wouldn't be a problem, depending on your typical network activity and number of workstations, but an hour would just be too much to work with right off the bat.  Capture everything for about a minute or two and have a look.  Hopefully you'll see errors and can set up capture filters honing in on said errors for a longer duration capture if necessary.
0
 
LVL 10

Expert Comment

by:winzig
Comment Utility
Microsoft network monitor isn't bad,  but is extremely difficult to make expert analysis with these tools. In general much better solution is to use managed Switches which are able detect problems on network layer, and sniffers can be used to solve problems L3 layer.
0
 
LVL 1

Expert Comment

by:AbstractAnger
Comment Utility
It's the whole place?
This could be any number of issues... slow backbone (10 MBps on a heavily used network can hurt). It could also be slower at different times of the day of a lot of users are playing around, logging in, (morning, lunch) etc... What kind of pipe do you have coming into the area from the outside world?
0
 

Author Comment

by:eberhardt2329
Comment Utility
I believe they have a t1. I have saved the log file from the sniffer, can I sent this to someone not sure how to put this on here I am using ethereal
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Expert Comment

by:rsburks
Comment Utility
In order to address the real problem... "Why is network traffic SLOW",
I believe we need to know alittle more about the network.  

Do you know the network layout including hubs, switches, number of clients on each node, etc.

Is the traffic slow to the internet or to other clients within the network or both?

Did this problem happen over time or all at once.  over time could indicate too many clients connected thur too many hubs.  Too many hubs on a large network will slow traffic to a crawl.

Solution would be to replace hubs with switches in key places.
 
If it happened all at once, this means something may have broke.  ie, bad cable, chatty NIC, whatever.

If it is a chatty NIC it should only affect that particular node (clients connected directly thur hubs) and not the entire network.  

If it is a bad cable it will only affect either the internet access and not intranet traffic, or visa versa.

So the question is...
is it the entire network that is being affected or just a section?
When and how did the problem start?
Why does the customer believe it is a chatty nic, he may have more information about the problem than he has said.

oh, and btw, with a sniffer, it will only capture packets that it is directly connected to.  
in other words.  if you want to just sniff the packets from a single computer put the sniffer on that computer, if you want to see a section of the entire network, you have to connect the sniffer to a hub on that network(NOT a switch).  A Sniffer will not see traffic on another port of a switch except for broadcast traffic within a subnet.  

0
 
LVL 1

Expert Comment

by:AbstractAnger
Comment Utility
Even if it's a t1, it could just be normal network traffic sucking the life out of the wires. My building is runnning on fiber and I'm connected to a gig backbone.... we have a 9 Mbps pipe to the outside world, but it's slow sometimes. Like I said before, any number of issues could come into play, even if things are working normally.
0
 
LVL 9

Accepted Solution

by:
fixnix earned 500 total points
Comment Utility
eberhardt2329 :

You could send the ethereal log to me if you want, but I probably won't get the chance to look at it until the weekend.  Send to wedgenix at inebraska.com if you want me to take a look when I get the chance.
0
 

Expert Comment

by:darwin_panela
Comment Utility
try to use packetyzer... its a freeware you can download at www.micronet.info
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
Since everyone has already mentioned my favorite remote analysis tools, have you tried just going into the network closet, looking at the switch, and watching which port(s) are lit up all the time?

Cheers,
-Jon

0
 

Author Comment

by:eberhardt2329
Comment Utility
I have not been on site, does anyone know where I can download sniffer plus I like the interface. thank you any other ideas woiudl also be great
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now