?
Solved

TX & RX discards reported in Solarwinds Orion

Posted on 2011-02-23
6
Medium Priority
?
2,436 Views
Last Modified: 2012-05-11
I am using Solarwinds Orion NPM and it is working very well. The question I have is, several of our domain controllers show hundreds of thousands of packet discards per day. I have ran wireshark but can't see any type of malicious looking packets that show up in that high of numbers. How do you figure out what is being discarded?
0
Comment
Question by:allansanmar
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:residents
ID: 34964446
I think I would first look at why it is being discarded. I just ran into something similar on a network and the problem was the switch port was starting to flake out. Since the switch was totally 100% full, we replaced it and the problem disappeared and the speed increased. I think I would track it down after hours and see if you could move the switch port the server is plugged into and see if you are still getting so many drops. If so then it may be time to look at the NIC or software.
0
 

Author Comment

by:allansanmar
ID: 34964793
I don't think it's the switchport for several reasons. I have had Cisco TAC look at the switch and evaluate the tech support log, they said the switch looked fine to them. I have also went as far as to hard code the switchport and the server NIC to match (1g full). Also I have this happenning on several Windows DC's in different physical locations and this also happens on 1 of our Exchange servers. Any other thoughts?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34965889
I want to make sure I understand what is actualy discarding the packets.

Does NMP say that Windows says it is discarding the packets, or it is the switch port that is reporting the packets are being discarded?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 57

Expert Comment

by:giltjr
ID: 34965899
IF it is Windows, can you provide the output from:

     netstat -e -s
0
 

Author Comment

by:allansanmar
ID: 34970064
It is being reported by snmp from the servers. Here is the output you requested from 1 of the servers netstat.txt
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 34975989
O.K.,  Typically packets are dropped due to lack of resources.

Outbound packets are dropped because of lack of buffer space normally, the buffers fill up because of network issue, or because you (meaning applications running on the server) are trying to send more data faster than the network can handle.

Inbound packets can be dropped for various reasons here is a list of some of the possible reasons:

    http://tech.groups.yahoo.com/group/discussion-pcausa/message/7959

You could do a packet capture (I use wireshark).  For inbound packets that are dropped you should see the remote site re-sending the data.  

For outbound packets I'm not sure how to see this.  If wireshark sees the packet then more than likely the packet got sent, if wireshark does not see it it got dropped, but I have no clue how to tell.  I would assume that if enough outbound packets got dropped the sending application would report errors.

0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question