Does anyone know of a good network analyzer and how to operate it?

Our network is increasing sluggish; Internet, shared drives on all servers, and applications residing on our servers.
I know we have a lack of bandwidth but why is that affecting the local network.  I restarted the servers and nothing improved.  What is a good network analyzer, what do I look for when using it, and how do I use it? Thanks.
level9techAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
DCenaculoConnect With a Mentor Commented:
Verify also, if every sever has its tcp/ip properties configured with the IP address of the WINS server. A server can have the WINS server installed on it, but it still needs to have its own IP address configured on the WINS tab in its tcp/ip properties. If it dosn't heve it will not register it self on WINS sever (even if it is the WINS server) and other host will not be able to contact it without makink broadcasts:

The same happens with DNS server.
0
 
maxis2cuteCommented:
wire shark, used to etherral  it is free and good, it is used by many professionals and it comes with help, as does etherpeek.

both can be found on google an dboth have help and directions built in.

0
 
kmotawehCommented:
you can try ethreal or wireshark or observer or microsoft network monitor
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
level9techAuthor Commented:
thanks
0
 
DCenaculoCommented:
Try this:

1st
nbtstat -r on your servers and on some workstations and see if there are some names resolved by broadcast.

You should not have names resolved by broadcast.

2nd
Do you really need those shares on your network ? They put a lot of traffic on your wires. If you want to discuss that a little bit more, please feel free.

We may try to see if there are more things that you can send away like Netbios over tcp/ip for example. If you remove that from your network, it will work very faster, but not everyone can do that. If you are not using workstations older then xp or 2000 you could start thinking about remove netbios, unless you heve some older aplication that especifically requiers it.

I think it's better for you to first try to optimize your network and only after that start studying a network analyser.

If you need more help, please feel free to ask.
0
 
DCenaculoCommented:
It's a good idea to install and configure network monitor to see what are the real problems with each server.

It's a good idea to have the server linked with 1GB and the workstations with only 100Mb for example.

I hope this helps :)
If you need more help, please feel free to ask.
0
 
level9techAuthor Commented:
Dcenaculo,

we have 30 names resolved by broadcast.  what do we do and why is this causing problems?
0
 
level9techAuthor Commented:
30 names resolved by broadcast on the server and 280 names by broadcast on my workstation.
0
 
level9techAuthor Commented:
This is what I got from my computer when running the nbtstat -r command.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\IT>nbtstat -r

    NetBIOS Names Resolution and Registration Statistics
    ----------------------------------------------------

    Resolved By Broadcast     = 280
    Resolved By Name Server   = 98

    Registered By Broadcast   = 29
    Registered By Name Server = 12

    NetBIOS Names Resolved By Broadcast
---------------------------------------------
           TDSQL
           TDSQL
           TDAD01
           TDFS01
           TDSQL
           TDFS01
           TDSALES02
           DATA52

C:\Documents and Settings\IT>
0
 
DCenaculoCommented:
This means that quite everytime a workstation need to comunicate with these hosts, instead of asking directly DNS, or WINS (point-to-point) it has to make broadcast, which slows down youy network.

1st
See what are de definitions of WINS and DNS IP address on your workstations, and servers. See if all of them has WINS and DNS well configured (I'm talking about that information on TCP/IP properties if they are manually configured or with the comand ipconfig/all if they are using a DHCP server).
The idea is that all should use the same WINS and DNS server and that they are well configured everywere.

2nd
Go to these machines:
TDSQL
           TDSQL
           TDAD01
           TDFS01
           TDSQL
           TDFS01
           TDSALES02
           DATA52

and make the same thing. See if they have WINS and DNS server well configured on their tcp/ip properties or if they are receiving the correct IP addresses from DHCP if they are not manually configured.
0
 
DCenaculoCommented:
Execute the IPCONFIG /ALL command on your workstations and see if their network type is Hybrid (it should be).
0
 
level9techAuthor Commented:
What can I do about this?
0
 
level9techAuthor Commented:
All nodes have DHCP enabled and are getting correct IP addresses.  What does the Hybrid do?
0
 
level9techAuthor Commented:
so how can the numerous names resolved by broadcast be stopped?
0
 
DCenaculoCommented:
If you have WINS installed, verify if you dhcp scope options are sending to your client hosts this options also:

015 DNS Domain Name -> Standard -> yourdomain.com (for example)
044 WINS/NBNS Server -> Standard -> Ip address of your WINS server
046 WINS/NBT Node Type -> 0x8
-------------------------------------------
H-Nodes
-------
A station configured with a WINS server is a hybrid-node (h-node) by default. A h-node will request name resolutions from local WINS servers initially, and then will broadcast as a last-ditch effort:
1) NetBIOS Name Cache
2) WINS Server
3) Broadcast
4) LMHOSTS
5) HOSTS
6) DNS Server
0
All Courses

From novice to tech pro — start learning today.