Temporary slow network. What to look for in a capture?

Posted on 2008-11-14
Last Modified: 2012-05-05
A customer beleives that they are having network problems. I want to make a capture from a mirrored port on a switch.

How can I see the following in a capture:

- if a switch port is bad?
- if a host have a bad network interface? Bad driver? Wrong speed settings 10/100 half/full Auto and so on?
- if a host are broadcasting (why would it do that?)

Im a beginner on this so please help me on what to look for.
Question by:TANGLAD
    LVL 21

    Expert Comment

    I would look for
    1. broadcasts,
    2. network scans (it is virus)
    3. broken packets and therefore a lot of retransmits

    I would also look at logs on switches and firewall
    LVL 1

    Author Comment

    I now how to look for broadcasts in a capture. But how do I see network scans and retransmits in a capture?
    LVL 21

    Accepted Solution

    network scans - just look for patterns, for example it is strange when a single pc is sending out a lot of arp who has requests for the ips not in your subnet
    retransmits and broken packets are marked with red in wireshark

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now