kam_uk
asked on
Troubleshooting dropped connection
Hi
I have an application, App1, running on a Windows 2003 SP2 Server, Server1.
App1 connects to a third party vendor server on the Internet, Vendor1.
App1 is configured to connect to the internet via one of our proxy servers, Proxy1 on port 3000.
For some reason, we are getting errors on the application. I checked the logs of the app, and it appears that the connection to Vendor1 keeps dropping and then reconnecting a few minutes later. Sometimes the drop lasts more than 5 minutes, hence the errors.
I've checked the Application and System logs on Server1, they don't show much.
Any ideas on how to troubleshoot this? I was thinking Wireshark or something but not entirely sure what I should be looking for?
I have an application, App1, running on a Windows 2003 SP2 Server, Server1.
App1 connects to a third party vendor server on the Internet, Vendor1.
App1 is configured to connect to the internet via one of our proxy servers, Proxy1 on port 3000.
For some reason, we are getting errors on the application. I checked the logs of the app, and it appears that the connection to Vendor1 keeps dropping and then reconnecting a few minutes later. Sometimes the drop lasts more than 5 minutes, hence the errors.
I've checked the Application and System logs on Server1, they don't show much.
Any ideas on how to troubleshoot this? I was thinking Wireshark or something but not entirely sure what I should be looking for?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have a switch that has the capability to SPAN the port that your workstation is on, then yes you can leave wireshark on your workstation, or if your workstation and server are on 2 separate switches, then the switches would need to have the capability of a Remote SPAN (RSPAN); basically a SPAN is a switchport analyzer and you are mirroring the port that the server is connected to so that any traffic ingress and egress is sent to the port that your workstation would be on; if you do not have a switch that is capable of being mirrored (SPAN) then your only option is to install wireshark on the server.
What type of switch is the server and your workstation connected to?
Billy
What type of switch is the server and your workstation connected to?
Billy
ASKER
Hi
I'm not sure what type of switches they are, I would need to check with the network people. But my workstation is in London and Server1 is in Manchester, so they are on different switches.
So with SPAN, are you saying that any traffic to/from the server would also be sent to the port my workstatoin was on, so that I could use Wireshark to analyse it?
And RSPAN is effectively the same thing, but if allows the ability to send a copy of that server switchport traffic to another switch (i.e the one that my workstatoin is on), so that wireshark installed locally on my PC could pick it up?
Just three other questions on this if that's ok?
i. Would this not cause a lot of traffic for my workstation switchport?
ii. If we did have RSPAN working, is there any special config change I need to make to Wireshark installed on my machine to pick up the server's traffic rather than my own?
iii. Because the problem is intermittent, we'd need to have this running over the course of a day or two. Would this be recommended with RSPAN because you are sending a lot of traffic over our Manchester-London WAN link? Or is the data sent not really a copy of the entire traffic but a subset to make it easier to analyse?
Thanks again for your help, really appreciate it.
I'm not sure what type of switches they are, I would need to check with the network people. But my workstation is in London and Server1 is in Manchester, so they are on different switches.
So with SPAN, are you saying that any traffic to/from the server would also be sent to the port my workstatoin was on, so that I could use Wireshark to analyse it?
And RSPAN is effectively the same thing, but if allows the ability to send a copy of that server switchport traffic to another switch (i.e the one that my workstatoin is on), so that wireshark installed locally on my PC could pick it up?
Just three other questions on this if that's ok?
i. Would this not cause a lot of traffic for my workstation switchport?
ii. If we did have RSPAN working, is there any special config change I need to make to Wireshark installed on my machine to pick up the server's traffic rather than my own?
iii. Because the problem is intermittent, we'd need to have this running over the course of a day or two. Would this be recommended with RSPAN because you are sending a lot of traffic over our Manchester-London WAN link? Or is the data sent not really a copy of the entire traffic but a subset to make it easier to analyse?
Thanks again for your help, really appreciate it.
Yeah, in your case that would not work unfortunately; you need to have a workstation that is local to the server and SPAN a port; Honestly, your best bet is to install wireshark on the server and then review the data;
To answer the questions:
1. Typically yes
2. The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. Just easier to find an old laptop and use it to capture data
3. the data it an exact copy, so no, I would not send the data across the WAN.
Billy
To answer the questions:
1. Typically yes
2. The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. Just easier to find an old laptop and use it to capture data
3. the data it an exact copy, so no, I would not send the data across the WAN.
Billy
ASKER
Server1 has IP address 192.168.1.1.
My workstation has IP 192.168.10.1
Is it possible for me to run Wireshark on my workstation to capture the data? Or does Wireshark really need to be run on the server itself?