Solved

TX & RX discards reported in Solarwinds Orion

Posted on 2011-02-23
6
2,234 Views
Last Modified: 2012-05-11
I am using Solarwinds Orion NPM and it is working very well. The question I have is, several of our domain controllers show hundreds of thousands of packet discards per day. I have ran wireshark but can't see any type of malicious looking packets that show up in that high of numbers. How do you figure out what is being discarded?
0
Comment
Question by:allansanmar
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:residents
ID: 34964446
I think I would first look at why it is being discarded. I just ran into something similar on a network and the problem was the switch port was starting to flake out. Since the switch was totally 100% full, we replaced it and the problem disappeared and the speed increased. I think I would track it down after hours and see if you could move the switch port the server is plugged into and see if you are still getting so many drops. If so then it may be time to look at the NIC or software.
0
 

Author Comment

by:allansanmar
ID: 34964793
I don't think it's the switchport for several reasons. I have had Cisco TAC look at the switch and evaluate the tech support log, they said the switch looked fine to them. I have also went as far as to hard code the switchport and the server NIC to match (1g full). Also I have this happenning on several Windows DC's in different physical locations and this also happens on 1 of our Exchange servers. Any other thoughts?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34965889
I want to make sure I understand what is actualy discarding the packets.

Does NMP say that Windows says it is discarding the packets, or it is the switch port that is reporting the packets are being discarded?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:giltjr
ID: 34965899
IF it is Windows, can you provide the output from:

     netstat -e -s
0
 

Author Comment

by:allansanmar
ID: 34970064
It is being reported by snmp from the servers. Here is the output you requested from 1 of the servers netstat.txt
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 34975989
O.K.,  Typically packets are dropped due to lack of resources.

Outbound packets are dropped because of lack of buffer space normally, the buffers fill up because of network issue, or because you (meaning applications running on the server) are trying to send more data faster than the network can handle.

Inbound packets can be dropped for various reasons here is a list of some of the possible reasons:

    http://tech.groups.yahoo.com/group/discussion-pcausa/message/7959

You could do a packet capture (I use wireshark).  For inbound packets that are dropped you should see the remote site re-sending the data.  

For outbound packets I'm not sure how to see this.  If wireshark sees the packet then more than likely the packet got sent, if wireshark does not see it it got dropped, but I have no clue how to tell.  I would assume that if enough outbound packets got dropped the sending application would report errors.

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question