Network monitoring tools - which recommended to view all network traffic?
We have a problem on the network in that all users have reported a slow down in the past month.
This is a Windows 2003 / Exchange 2003 Network with about 50 PC's all running Windows XP Pro.
Use is pretty much basic, Outlook 2003for email and WOrd or access to sahred file. They have an old Access 97 based Database application and a few other apps but nothing rocket science.
It has been difficut to get solid information from them but generaly they say Outlook seems to go slow. Some say that Word will go slow when looking at a file, but I am not sure if these are files stored on shared drives or locally (probably shared drives).
Some say at particular times of day things seem to really slow down.
Net result is, I need to see what is going on, on the network and have no idea of tools to do this.
We have three main servers
File / Ap server.
Exchange server
Blackberry server
The blackberry server is the least utilised so would intend to install application on this device.
Would want to be 100% sure whatever application is installed does not have any adverse effect on network performance as it already is bad or to introduce any stability issues to the server it is installed on.
Any recommendations?
Much apprecaited.
This is a Windows 2003 / Exchange 2003 Network with about 50 PC's all running Windows XP Pro.
Use is pretty much basic, Outlook 2003for email and WOrd or access to sahred file. They have an old Access 97 based Database application and a few other apps but nothing rocket science.
It has been difficut to get solid information from them but generaly they say Outlook seems to go slow. Some say that Word will go slow when looking at a file, but I am not sure if these are files stored on shared drives or locally (probably shared drives).
Some say at particular times of day things seem to really slow down.
Net result is, I need to see what is going on, on the network and have no idea of tools to do this.
We have three main servers
File / Ap server.
Exchange server
Blackberry server
The blackberry server is the least utilised so would intend to install application on this device.
Would want to be 100% sure whatever application is installed does not have any adverse effect on network performance as it already is bad or to introduce any stability issues to the server it is installed on.
Any recommendations?
Much apprecaited.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good point Karl, but I'm not super familar with them all and am hoping to at least get the bulk of the problem srted quickly. E.g. If one PC on the network has a virus, do I have to ping each computer from the serer to see the response.
For example I have just discovered that the some users have installed Channel 4 on demand. A channel 4 service which allows you to wathc programs from Channel 4 over the last week. I'm not sure if this service is like BBC iplayer where it also uploads TV data t other users but of course this could have an impact on network.
We do have a Sonicwall Z170, but I am not sure of monitoring features of this off hand. Also the phone network is on the same network. For example, the phone people look after the DHCP server.
So something really simple for a bit of a novice would be great.
For example I have just discovered that the some users have installed Channel 4 on demand. A channel 4 service which allows you to wathc programs from Channel 4 over the last week. I'm not sure if this service is like BBC iplayer where it also uploads TV data t other users but of course this could have an impact on network.
We do have a Sonicwall Z170, but I am not sure of monitoring features of this off hand. Also the phone network is on the same network. For example, the phone people look after the DHCP server.
So something really simple for a bit of a novice would be great.
Any streaming media that is coming over your network will potentially slow your normal network traffic down. I would suggest that you remove admin rights fron your users and uninstall this type of software from client machines.
If you are still having problems after that, then you could try Wireshark.
If you are still having problems after that, then you could try Wireshark.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wireshark looks great. I'm going through this now (download is taking time for some reason).
I'm hoping I can simply install this on the blackberry server and be able to pretty much work out what's going on without too much effort, but any particuarly gotchas I should be aware of feel free to point out.
I am reading FAQ as well, but still takes a bit of time.
I'm hoping I can simply install this on the blackberry server and be able to pretty much work out what's going on without too much effort, but any particuarly gotchas I should be aware of feel free to point out.
I am reading FAQ as well, but still takes a bit of time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good point Jon andI was thinking exactly the same thing. Unless a hub on the network How am I going to see anything.
the other question was do I risk installing the monitoring software directly on the exchange server (which may be the souce of the problem althugh loggin on processor activity is not bad)
Another appliction recoomended to me was Look @ LAN
http://www.lookatlan.com/
Seems a bit more user friendly. If installed on the exchange sever at least I could see if the networ path to the exchange server was gettin busy.
the other question was do I risk installing the monitoring software directly on the exchange server (which may be the souce of the problem althugh loggin on processor activity is not bad)
Another appliction recoomended to me was Look @ LAN
http://www.lookatlan.com/
Seems a bit more user friendly. If installed on the exchange sever at least I could see if the networ path to the exchange server was gettin busy.
Look @ LAN might be able to discover what hosts you have on your network, but it can't overcome the technological limits of a switched network, unless it's doing some thinks ala dsniff which you probably don't want (arpspoofing, etc), so I wouldn't hold your breath on that one.
MRTG is really low overhead, AFAIK. Just turn on SNMP on your local machines, and watch them with MRTG. That will tell you right away if you have a high network load, or a different problem altogether (like an overloaded machine somewhere) - you can even monitor CPU load with MRTG and SNMP, IIRC.
Cheers,
-Jon
MRTG is really low overhead, AFAIK. Just turn on SNMP on your local machines, and watch them with MRTG. That will tell you right away if you have a high network load, or a different problem altogether (like an overloaded machine somewhere) - you can even monitor CPU load with MRTG and SNMP, IIRC.
Cheers,
-Jon
ASKER
OK been looking into MRTG and SNMP and sounds interesting.
So I can get a quick understanding. Do I have to switch SNMP on each Windows XP workstation for this to work?
They also have HP Pro Curve switches that everything goes through 2650-PWR.
Is there anyway I can use these to monitor the traffic. I've never used them before but see they cost £1000 soat that price surely they do something that can show me the traffic rates?
So I can get a quick understanding. Do I have to switch SNMP on each Windows XP workstation for this to work?
They also have HP Pro Curve switches that everything goes through 2650-PWR.
Is there anyway I can use these to monitor the traffic. I've never used them before but see they cost £1000 soat that price surely they do something that can show me the traffic rates?
>Do I have to switch SNMP on each Windows XP workstation for this to work?
I depends what you want to monitor - you can't really monitor things like system (CPU) load without enabling SNMP on the machines on which you want to check the load, but if all you want (for now) is bandwidth monitoring, you sound like you're in luck.
From the little bit of googling I did on your switch, it appears to be a managed switch and support SNMP - this is a good thing, because if your switch behaves as most other managed switches I've dealt with, you only need to enable SNMP on the switch and then you can poll individual switch ports to watch the bandwidth per port.
Cheers,
-Jon
P.S. The hefty price tag for your switch is indeed likely due to the fact that it's a managed switch, and can give you all kinds of nifty info - it might even be able to function as a remote probe for NTOP.
I depends what you want to monitor - you can't really monitor things like system (CPU) load without enabling SNMP on the machines on which you want to check the load, but if all you want (for now) is bandwidth monitoring, you sound like you're in luck.
From the little bit of googling I did on your switch, it appears to be a managed switch and support SNMP - this is a good thing, because if your switch behaves as most other managed switches I've dealt with, you only need to enable SNMP on the switch and then you can poll individual switch ports to watch the bandwidth per port.
Cheers,
-Jon
P.S. The hefty price tag for your switch is indeed likely due to the fact that it's a managed switch, and can give you all kinds of nifty info - it might even be able to function as a remote probe for NTOP.
ASKER
Good stuff.
I spoke to the company that provided the switch and they have told me it's OK to go in and have a look at the switch.
Do you know off hand how I would access it? Is it likely to have an IP address on the network and is there an easy way I can discover this?
Thanks again for your useful input.
I spoke to the company that provided the switch and they have told me it's OK to go in and have a look at the switch.
Do you know off hand how I would access it? Is it likely to have an IP address on the network and is there an easy way I can discover this?
Thanks again for your useful input.
>Do you know off hand how I would access it?
Reading the docs for that switch would be a good place to start. That being said, most managed switches I've dealt with have a serial console port to which you can connect, and/or have a preconfigured IP address (just like your typical SOHO router) to which you can connect (the default login should be found in the docs). If you have a go-to guy for the switch, he should be able to help you connect to and configure it.
The main thing you're looking for is the SNMP community string, and any associated authentication necessary to poll the switch for SNMP info. When I deal with unfamiliar gear, I use a unix utility called snmpwalk to run through all the snmp info (MIB), and find the OIDs (SNMP object IDs) that corresponds to the data I'm looking for. You will probably need to figure out two OIDs for each port (Rx and Tx) - the docs or go-to guy might be able to provide the OIDs if you don't have an SNMP tree-walking utility available to you (actually, Look@LAN might be of some help once you know how to authenticate to the switch and can get Look@LAN to connect to it).
Hope that helps.
Cheers,
-Jon
Reading the docs for that switch would be a good place to start. That being said, most managed switches I've dealt with have a serial console port to which you can connect, and/or have a preconfigured IP address (just like your typical SOHO router) to which you can connect (the default login should be found in the docs). If you have a go-to guy for the switch, he should be able to help you connect to and configure it.
The main thing you're looking for is the SNMP community string, and any associated authentication necessary to poll the switch for SNMP info. When I deal with unfamiliar gear, I use a unix utility called snmpwalk to run through all the snmp info (MIB), and find the OIDs (SNMP object IDs) that corresponds to the data I'm looking for. You will probably need to figure out two OIDs for each port (Rx and Tx) - the docs or go-to guy might be able to provide the OIDs if you don't have an SNMP tree-walking utility available to you (actually, Look@LAN might be of some help once you know how to authenticate to the switch and can get Look@LAN to connect to it).
Hope that helps.
Cheers,
-Jon
ASKER
Many of the comments were useful in this posting. A useful discussion that allowed me to look at various options.
I would suggest using the windows tools first. If you are unsure about any of the tools i would suggest google.
Thanks
Karl