Solved

Network traffice.

Posted on 2008-06-11
7
365 Views
Last Modified: 2011-10-19
Ok here is my problem or at least I think so.  I think my network seams to be slow and I cant even seem to hand multicast our school district went to Altiris  to deploy images to computer other schools are able to image a whole lab of computers with out any problems. I end up getting mixed results some work fine while others seam to time out and hang.  So I downloaded Wireshark and did a quick capture there seam to be a lot of ARP requests going on is this normal.  I dont know much about monitor network traffic but there sure seems like a lot of them.  I would say they make up for almost 90% of what I captured. I have a feeling the equipment can handle multicast but have a sneaking feeling something is miss configured that would speed things up.  All the major switches in my school are 3com 3250s all tied in by fiber in the 3com core builder 9400. Most of my labs have Netgear 16 port switches or 24 in them.  
0
Comment
Question by:dsexton18
  • 4
  • 3
7 Comments
 
LVL 3

Author Comment

by:dsexton18
Comment Utility
ARP made up for 83% of what I Captured.  Is that normal
0
 
LVL 28

Expert Comment

by:Bill Bach
Comment Utility
Post the capture file, and we'll have more information.

Also, please note that a network analyzer can ONLY see traffic bound for that machine.  You would need either a full-duplex tap or a switch configured to route ALL traffic to the monitor port to be able to see ALL traffic.

Since ARP inquiry traffic is broadcast to all nodes, you will always see ARP traffic from EVERY node on the network.  Thus, if you monitor any switched network from an otherwise-idle machine, you will naturally see a bunch of ARP traffic.  If the computer is doing nothing else, and other broadcast traffic is limited, then you'll see a high percentage of ARP packets.

To really get a good picture, replace your core switch with a hub (just temporarily), and monitor everything that comes through for a little while.  You'll see a much better picture of the real traffic.
0
 
LVL 3

Author Comment

by:dsexton18
Comment Utility
I would love to plug in a hub but since I am not the one in charge of the network I probably better not.  I did how ever contact him about my problems.   Attachedk is the text of a 60second captuere I did today.  
network.txt
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 28

Expert Comment

by:Bill Bach
Comment Utility
A quick GREP-based analysios showed that there were about 4900 ARP packets in a 60-second interval, or 81 ARP/Second.  This is probably acceptable for a large network.  If you find the greatest offenders and increase their ARP timeout values, you might be able to reduce this a bit...
0
 
LVL 3

Author Comment

by:dsexton18
Comment Utility
How do I increase the arp time out?
0
 
LVL 28

Accepted Solution

by:
Bill Bach earned 50 total points
Comment Utility
This would be a configuration item on each device.  A quick scan through the 3com manuals should provide this information.  Again, though, this may be quite normal, and changing it may prevent networking changes from resolving as quickly as you might like.

Are you sure that this is a problem?  The level of network traffic (under 100/second) doesn't indicate any real performance issues.  I think you need to look for a different culprit.  I'd start by spanning a trunk port onto the analyzer & see if you see anything there first...
0
 
LVL 3

Author Comment

by:dsexton18
Comment Utility
cool thaks .....i think i finnaly got the network guy convinced there are problems with our network. ....so hopefully he will come out soon.....
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Transparency shows that a company is the kind of business that it wants people to think it is.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now