Solved

How To Detect Dropped Internet Connection Reason - With WireShark?

Posted on 2012-04-02
2
848 Views
Last Modified: 2012-04-18
Good Afternoon All -

I've got a network I'm currently working on which is experiencing issues with their internet.  About 3 times an hour, they loose connectivity to the internet.  During these times, i cannot even RDP to their SBS server - even when trying to connect to it's IP.

After reviewing many different things, I decided to start WireShark on their server's NIC and capture traffic - hoping to have a captured session when the drop hit.  Well, after 2 hours, the log file is already over 1 gig and there's tons of info to go through.

I'm no expert at WireShark, but wanted to know if anyone had suggestions of what to specifically look for or search for to find clues in this gig of data.

Any other ideas would be helpful, too.  They recently changed ISPs and are still having drops, so know it must be something internal.  All cables have been swapped out so my belief is that it's something with the server or primary router (WatchGuard)

Thanks!
0
Comment
Question by:BzowK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Expert Comment

by:Frank McCourry
ID: 37797880
Most likely the problem is at the router, not the server.  In most cases the server provides DHCP and DNS for the workstations, only if DNS fails will this cause a problem for the entire network.

You can isolate the problem with a simple test running from any computer on the network.  Start 2 command prompts.  In  the first, type "ping www.google.com -t" in the second type "ping  74.125.130.104 -t"  As these run see if they both fail at the same time or if only one fails.  If the 1st one fails but not the second, then the problem is with your DNS server.  If both fail then you are losing connectivity at the router.  

If both are failing then setup a ping to your router's internal address and see if it drops.  If it does then the problem is in the router, if not then the problem is with your ISP.

I know this does not answer the wireshark question, but I don't believe you're going to see anything based on the data you've captured and your real problem is the loss of connectivity..
0
 
LVL 11

Accepted Solution

by:
Khandakar Ashfaqur Rahman earned 500 total points
ID: 37805674
If you have internet issue you need to troubleshoot by following ways:

1. Check your computers IP configuration is correct.If you use DHCP then check your IP by "ipconfig /all" You can release and renew IP by the "ipconfig /release" and "ipconfig renew" command.
2. Check that you can ping gateway(If your gateway allows ICMP)
3. Tracert 173.194.41.71 and find out the hops.Then check every hops by ping step by step to be sure which hop is causing PKT loss.
4. Then check by  name like www.google.com. If you can ping IP and ping drops by name then it's the reason of your DNS.Use "ipconfig /flushdns" and "ipconfig /registerdns" to clear and register DNS cache.

If you see you have PKT loss into your gateway/router then you could use Wireshark to monitor PKT.Or sometimes usage graph is very much helpful to determine which computer is causing this problem.It might happen some of your computers are infected with virus and broadcasting.So, if you have any graph server like Cacti/MRTG you can check every coputers upload usage.One common symptom is high upload usage.Or you can implement this tool inside your network if you have SNMP supported switch in your network.you can enable SNMP into your switch and use Cacti:
http://www.cacti.net/downloads/packages/Windows/Cacti-0.8.7i.exe

Or if you use Wireshark then you need to filter.However, the common symptoms are :
Check which hosts are uploading too much?
Which hosts are sending mail continiously?
Which hosts are sending traffic to unknown port continiously?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Strange router problem - can't access hotmail.com 14 108
Multicast IGMP Join Group 8 54
Linux Server mapping drive using SSH key 9 50
Wannacry 44 94
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question