Solved

How To Detect Dropped Internet Connection Reason - With WireShark?

Posted on 2012-04-02
2
831 Views
Last Modified: 2012-04-18
Good Afternoon All -

I've got a network I'm currently working on which is experiencing issues with their internet.  About 3 times an hour, they loose connectivity to the internet.  During these times, i cannot even RDP to their SBS server - even when trying to connect to it's IP.

After reviewing many different things, I decided to start WireShark on their server's NIC and capture traffic - hoping to have a captured session when the drop hit.  Well, after 2 hours, the log file is already over 1 gig and there's tons of info to go through.

I'm no expert at WireShark, but wanted to know if anyone had suggestions of what to specifically look for or search for to find clues in this gig of data.

Any other ideas would be helpful, too.  They recently changed ISPs and are still having drops, so know it must be something internal.  All cables have been swapped out so my belief is that it's something with the server or primary router (WatchGuard)

Thanks!
0
Comment
Question by:BzowK
2 Comments
 
LVL 9

Expert Comment

by:Frank McCourry
ID: 37797880
Most likely the problem is at the router, not the server.  In most cases the server provides DHCP and DNS for the workstations, only if DNS fails will this cause a problem for the entire network.

You can isolate the problem with a simple test running from any computer on the network.  Start 2 command prompts.  In  the first, type "ping www.google.com -t" in the second type "ping  74.125.130.104 -t"  As these run see if they both fail at the same time or if only one fails.  If the 1st one fails but not the second, then the problem is with your DNS server.  If both fail then you are losing connectivity at the router.  

If both are failing then setup a ping to your router's internal address and see if it drops.  If it does then the problem is in the router, if not then the problem is with your ISP.

I know this does not answer the wireshark question, but I don't believe you're going to see anything based on the data you've captured and your real problem is the loss of connectivity..
0
 
LVL 11

Accepted Solution

by:
Khandakar Ashfaqur Rahman earned 500 total points
ID: 37805674
If you have internet issue you need to troubleshoot by following ways:

1. Check your computers IP configuration is correct.If you use DHCP then check your IP by "ipconfig /all" You can release and renew IP by the "ipconfig /release" and "ipconfig renew" command.
2. Check that you can ping gateway(If your gateway allows ICMP)
3. Tracert 173.194.41.71 and find out the hops.Then check every hops by ping step by step to be sure which hop is causing PKT loss.
4. Then check by  name like www.google.com. If you can ping IP and ping drops by name then it's the reason of your DNS.Use "ipconfig /flushdns" and "ipconfig /registerdns" to clear and register DNS cache.

If you see you have PKT loss into your gateway/router then you could use Wireshark to monitor PKT.Or sometimes usage graph is very much helpful to determine which computer is causing this problem.It might happen some of your computers are infected with virus and broadcasting.So, if you have any graph server like Cacti/MRTG you can check every coputers upload usage.One common symptom is high upload usage.Or you can implement this tool inside your network if you have SNMP supported switch in your network.you can enable SNMP into your switch and use Cacti:
http://www.cacti.net/downloads/packages/Windows/Cacti-0.8.7i.exe

Or if you use Wireshark then you need to filter.However, the common symptoms are :
Check which hosts are uploading too much?
Which hosts are sending mail continiously?
Which hosts are sending traffic to unknown port continiously?
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
parental control on huwei HG658b 1 26
Cisco 5508 WLC software upgrade 2 71
Manage ASA using outside IP 14 62
Best adsl router for small MS network 6 42
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question