Solved

Network monitoring tools - which  recommended to view all network traffic?

Posted on 2008-06-10
16
751 Views
Last Modified: 2012-06-21
We have a problem on the network in that all users have reported a slow down in the past month.
This is a Windows 2003 / Exchange 2003 Network with about 50 PC's all running Windows XP Pro.

Use is pretty much basic, Outlook 2003for email and WOrd or access to sahred file. They have an old Access 97 based Database application and a few other apps but nothing rocket science.

It has been difficut to get solid information from them but generaly they say Outlook seems to go slow. Some say that Word will go slow when looking at a file, but I am not sure if these are files stored on shared drives or locally (probably shared drives).

Some say at particular times of day things seem to really slow down.

Net result is, I need to see what is going on, on the network and have no idea of tools to do this.

We have three main servers
File / Ap server.
Exchange server
Blackberry server
The blackberry server is the least utilised so would intend to install application on this device.

Would want to be 100% sure whatever application is installed does not have any adverse effect on network performance as it already is bad or to introduce any stability issues to the server it is installed on.

Any recommendations?

Much apprecaited.
0
Comment
Question by:afflik1923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
16 Comments
 
LVL 3

Expert Comment

by:Karl12347
ID: 21749765
If you have decent switches/ hub and routers you should be able to use the management tools integrated in the device. Troubleshooting slow links can easily be troubleshooted using the ping, pathping, traceroute and various other commands. Network monitor tools are packed full of options and can sometimes be overkill for the task.

I would suggest using the windows tools first. If you are unsure about any of the tools i would suggest google.

Thanks
Karl
0
 
LVL 8

Assisted Solution

by:greesh_hem
greesh_hem earned 100 total points
ID: 21749777
Couple of tools that i would suggest would be:

Network monitoring tool --NETMON

ETHEREAL is another good tool for monitoring traffic.
0
 
LVL 3

Assisted Solution

by:3986
3986 earned 100 total points
ID: 21749803
WireShark.

Also install the Winpcap.

ETHEREAL depart log time ago :)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:afflik1923
ID: 21749832
Good point Karl, but I'm not super familar with them all and am hoping to at least get the bulk of the problem srted quickly. E.g. If one PC on the network has a virus, do I have to ping each computer from the serer to see the response.

For example I have just discovered that the some users have installed Channel 4 on demand. A channel 4 service which allows you to wathc programs from Channel 4 over the last week. I'm not sure if this service is like BBC iplayer where it also uploads TV data t other users but of course this could have an impact on network.

We do have a Sonicwall Z170, but I am not sure of monitoring features of this off hand. Also the phone network is on the same network. For example, the phone people look after the DHCP server.

So something really simple for a bit of a novice would be great.
0
 
LVL 3

Expert Comment

by:Karl12347
ID: 21749871
Any streaming media that is coming over your network will potentially slow your normal network traffic down. I would suggest that you remove admin rights fron your users and uninstall this type of software from client machines.

If you are still having problems after that, then you could try Wireshark.
0
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 100 total points
ID: 21749877

Hi,

You need to scan your network using WireShark protocol analyzer:

www.wireshark.org

Incase you don't know how to use WireShark:

http://wiki.wireshark.org/

Mostly networks slow down due to broadcasts caused by any machine which is compromised.
0
 

Author Comment

by:afflik1923
ID: 21750149
Wireshark looks great. I'm going through this now (download is taking time for some reason).

I'm hoping I can simply install this on the blackberry server and be able to pretty much work out what's going on without too much effort, but any particuarly gotchas I should be aware of feel free to point out.

I am reading FAQ as well, but still takes a bit of time.
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 200 total points
ID: 21751392
>Mostly networks slow down due to broadcasts

And broadcasts are all you will see (other than direct traffic to the machine running wireshark), assuming you are using a switch, so it may not be very helpful at all.

Since the complaint seem to be about local traffic being slow (rather than internet connections being slow), monitoring at the edge (sonicwall) might not be very helpful either.  

You might find some useful info here:

http://www.experts-exchange.com/Networking/Misc/Q_23432378.html

I'd recommend using SNMP, as I mention in the above link.

Cheers,
-Jon
0
 

Author Comment

by:afflik1923
ID: 21751898
Good point Jon andI was thinking exactly the same thing. Unless a hub on the network How am I going to see anything.

the other question was do I risk installing the monitoring software directly on the exchange server (which may be the souce of the problem althugh loggin on processor activity is not bad)

Another appliction recoomended to me was Look @ LAN
http://www.lookatlan.com/
Seems a bit more user friendly. If installed on the exchange sever at least I could see if the networ path to the exchange server was gettin busy.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 21752319
Look @ LAN might be able to discover what hosts you have on your network, but it can't overcome the technological limits of a switched network, unless it's doing some thinks ala dsniff which you probably don't want (arpspoofing, etc), so I wouldn't hold your breath on that one.

MRTG is really low overhead, AFAIK.  Just turn on SNMP on your local machines, and watch them with MRTG.  That will tell you right away if you have a high network load, or a different problem altogether (like an overloaded machine somewhere) - you can even monitor CPU load with MRTG and SNMP, IIRC.

Cheers,
-Jon

0
 

Author Comment

by:afflik1923
ID: 21765302
OK been looking into MRTG and SNMP and sounds interesting.

So I can get a quick understanding. Do I have to switch SNMP on each Windows XP workstation for this to work?

They also have HP Pro Curve switches that everything goes through 2650-PWR.
Is there anyway I can use these to monitor the traffic. I've never used them before but see they cost £1000 soat that price surely they do something that can show me the traffic rates?
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 21766705
>Do I have to switch SNMP on each Windows XP workstation for this to work?

I depends what you want to monitor - you can't really monitor things like system (CPU) load without enabling SNMP on the machines on which you want to check the load, but if all you want (for now) is bandwidth monitoring, you sound like you're in luck.

From the little bit of googling I did on your switch, it appears to be a managed switch and support SNMP - this is a good thing, because if your switch behaves as most other managed switches I've dealt with, you only need to enable SNMP on the switch and then you can poll individual switch ports to watch the bandwidth per port.

Cheers,
-Jon

P.S.  The hefty price tag for your switch is indeed likely due to the fact that it's a managed switch, and can give you all kinds of nifty info - it might even be able to function as a remote probe for NTOP.
0
 

Author Comment

by:afflik1923
ID: 21768348
Good stuff.
I spoke to the company that provided the switch and they have told me it's OK to go in and have a look at the switch.

Do you know off hand how I would access it? Is it likely to have an IP address on the network and is there an easy way I can discover this?

Thanks again for your useful input.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 21773876
>Do you know off hand how I would access it?

Reading the docs for that switch would be a good place to start.  That being said, most managed switches I've dealt with have a serial console port to which you can connect, and/or have a preconfigured IP address (just like your typical SOHO router) to which you can connect (the default login should be found in the docs).  If you have a go-to guy for the switch, he should be able to help you connect to and configure it.

The main thing you're looking for is the SNMP community string, and any associated authentication necessary to poll the switch for SNMP info.  When I deal with unfamiliar gear, I use a unix utility called snmpwalk to run through all the snmp info (MIB), and find the OIDs (SNMP object IDs) that corresponds to the data I'm looking for.  You will probably need to figure out two OIDs for each port (Rx and Tx) - the docs or go-to guy might be able to provide the OIDs if you don't have an SNMP tree-walking utility available to you (actually, Look@LAN might be of some help once you know how to authenticate to the switch and can get Look@LAN to connect to it).

Hope that helps.

Cheers,
-Jon
0
 

Author Closing Comment

by:afflik1923
ID: 31465672
Many of the comments were useful in this posting. A useful discussion that allowed me to look at various options.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question