?
Solved

TX & RX discards reported in Solarwinds Orion

Posted on 2011-02-23
6
Medium Priority
?
2,306 Views
Last Modified: 2012-05-11
I am using Solarwinds Orion NPM and it is working very well. The question I have is, several of our domain controllers show hundreds of thousands of packet discards per day. I have ran wireshark but can't see any type of malicious looking packets that show up in that high of numbers. How do you figure out what is being discarded?
0
Comment
Question by:allansanmar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:residents
ID: 34964446
I think I would first look at why it is being discarded. I just ran into something similar on a network and the problem was the switch port was starting to flake out. Since the switch was totally 100% full, we replaced it and the problem disappeared and the speed increased. I think I would track it down after hours and see if you could move the switch port the server is plugged into and see if you are still getting so many drops. If so then it may be time to look at the NIC or software.
0
 

Author Comment

by:allansanmar
ID: 34964793
I don't think it's the switchport for several reasons. I have had Cisco TAC look at the switch and evaluate the tech support log, they said the switch looked fine to them. I have also went as far as to hard code the switchport and the server NIC to match (1g full). Also I have this happenning on several Windows DC's in different physical locations and this also happens on 1 of our Exchange servers. Any other thoughts?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34965889
I want to make sure I understand what is actualy discarding the packets.

Does NMP say that Windows says it is discarding the packets, or it is the switch port that is reporting the packets are being discarded?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 57

Expert Comment

by:giltjr
ID: 34965899
IF it is Windows, can you provide the output from:

     netstat -e -s
0
 

Author Comment

by:allansanmar
ID: 34970064
It is being reported by snmp from the servers. Here is the output you requested from 1 of the servers netstat.txt
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 34975989
O.K.,  Typically packets are dropped due to lack of resources.

Outbound packets are dropped because of lack of buffer space normally, the buffers fill up because of network issue, or because you (meaning applications running on the server) are trying to send more data faster than the network can handle.

Inbound packets can be dropped for various reasons here is a list of some of the possible reasons:

    http://tech.groups.yahoo.com/group/discussion-pcausa/message/7959

You could do a packet capture (I use wireshark).  For inbound packets that are dropped you should see the remote site re-sending the data.  

For outbound packets I'm not sure how to see this.  If wireshark sees the packet then more than likely the packet got sent, if wireshark does not see it it got dropped, but I have no clue how to tell.  I would assume that if enough outbound packets got dropped the sending application would report errors.

0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question