How To Detect Dropped Internet Connection Reason - With WireShark?
Good Afternoon All -
I've got a network I'm currently working on which is experiencing issues with their internet. About 3 times an hour, they loose connectivity to the internet. During these times, i cannot even RDP to their SBS server - even when trying to connect to it's IP.
After reviewing many different things, I decided to start WireShark on their server's NIC and capture traffic - hoping to have a captured session when the drop hit. Well, after 2 hours, the log file is already over 1 gig and there's tons of info to go through.
I'm no expert at WireShark, but wanted to know if anyone had suggestions of what to specifically look for or search for to find clues in this gig of data.
Any other ideas would be helpful, too. They recently changed ISPs and are still having drops, so know it must be something internal. All cables have been swapped out so my belief is that it's something with the server or primary router (WatchGuard)
Thanks!
I've got a network I'm currently working on which is experiencing issues with their internet. About 3 times an hour, they loose connectivity to the internet. During these times, i cannot even RDP to their SBS server - even when trying to connect to it's IP.
After reviewing many different things, I decided to start WireShark on their server's NIC and capture traffic - hoping to have a captured session when the drop hit. Well, after 2 hours, the log file is already over 1 gig and there's tons of info to go through.
I'm no expert at WireShark, but wanted to know if anyone had suggestions of what to specifically look for or search for to find clues in this gig of data.
Any other ideas would be helpful, too. They recently changed ISPs and are still having drops, so know it must be something internal. All cables have been swapped out so my belief is that it's something with the server or primary router (WatchGuard)
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can isolate the problem with a simple test running from any computer on the network. Start 2 command prompts. In the first, type "ping www.google.com -t" in the second type "ping 74.125.130.104 -t" As these run see if they both fail at the same time or if only one fails. If the 1st one fails but not the second, then the problem is with your DNS server. If both fail then you are losing connectivity at the router.
If both are failing then setup a ping to your router's internal address and see if it drops. If it does then the problem is in the router, if not then the problem is with your ISP.
I know this does not answer the wireshark question, but I don't believe you're going to see anything based on the data you've captured and your real problem is the loss of connectivity..