Temporary slow network. What to look for in a capture?

Posted on 2008-11-14
Medium Priority
Last Modified: 2012-05-05
A customer beleives that they are having network problems. I want to make a capture from a mirrored port on a switch.

How can I see the following in a capture:

- if a switch port is bad?
- if a host have a bad network interface? Bad driver? Wrong speed settings 10/100 half/full Auto and so on?
- if a host are broadcasting (why would it do that?)

Im a beginner on this so please help me on what to look for.
Question by:TANGLAD
  • 2
LVL 21

Expert Comment

ID: 22958336
I would look for
1. broadcasts,
2. network scans (it is virus)
3. broken packets and therefore a lot of retransmits

I would also look at logs on switches and firewall

Author Comment

ID: 22958379
I now how to look for broadcasts in a capture. But how do I see network scans and retransmits in a capture?
LVL 21

Accepted Solution

from_exp earned 2000 total points
ID: 22958401
network scans - just look for patterns, for example it is strange when a single pc is sending out a lot of arp who has requests for the ips not in your subnet
retransmits and broken packets are marked with red in wireshark

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month13 days, 20 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question