Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2401
  • Last Modified:

TX & RX discards reported in Solarwinds Orion

I am using Solarwinds Orion NPM and it is working very well. The question I have is, several of our domain controllers show hundreds of thousands of packet discards per day. I have ran wireshark but can't see any type of malicious looking packets that show up in that high of numbers. How do you figure out what is being discarded?
0
allansanmar
Asked:
allansanmar
  • 3
  • 2
1 Solution
 
residentsCommented:
I think I would first look at why it is being discarded. I just ran into something similar on a network and the problem was the switch port was starting to flake out. Since the switch was totally 100% full, we replaced it and the problem disappeared and the speed increased. I think I would track it down after hours and see if you could move the switch port the server is plugged into and see if you are still getting so many drops. If so then it may be time to look at the NIC or software.
0
 
allansanmarAuthor Commented:
I don't think it's the switchport for several reasons. I have had Cisco TAC look at the switch and evaluate the tech support log, they said the switch looked fine to them. I have also went as far as to hard code the switchport and the server NIC to match (1g full). Also I have this happenning on several Windows DC's in different physical locations and this also happens on 1 of our Exchange servers. Any other thoughts?
0
 
giltjrCommented:
I want to make sure I understand what is actualy discarding the packets.

Does NMP say that Windows says it is discarding the packets, or it is the switch port that is reporting the packets are being discarded?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
giltjrCommented:
IF it is Windows, can you provide the output from:

     netstat -e -s
0
 
allansanmarAuthor Commented:
It is being reported by snmp from the servers. Here is the output you requested from 1 of the servers netstat.txt
0
 
giltjrCommented:
O.K.,  Typically packets are dropped due to lack of resources.

Outbound packets are dropped because of lack of buffer space normally, the buffers fill up because of network issue, or because you (meaning applications running on the server) are trying to send more data faster than the network can handle.

Inbound packets can be dropped for various reasons here is a list of some of the possible reasons:

    http://tech.groups.yahoo.com/group/discussion-pcausa/message/7959

You could do a packet capture (I use wireshark).  For inbound packets that are dropped you should see the remote site re-sending the data.  

For outbound packets I'm not sure how to see this.  If wireshark sees the packet then more than likely the packet got sent, if wireshark does not see it it got dropped, but I have no clue how to tell.  I would assume that if enough outbound packets got dropped the sending application would report errors.

0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now