Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Network Monitoring

Posted on 2013-01-15
8
Medium Priority
?
530 Views
Last Modified: 2013-03-02
Hi

I have an industrial network which uses Hirschmann RS20 Ethernet switches in a redundant Fibre ring arrangement. The network unfortunately has evolved and there are unmanaged switches in various places.

The network has a lot of indutrial control gear such as Schneider PLCs, HMI, Rockwell & Siemens PLC's. There are also a few SCADA Systems that regularly poll the PLCs via OPC.

The system also has two safety PLCs that need to communicate with each other. The system has a watchdog time that when it times out will shut the safety system down.

The system regularly shuts down on timeout and also other system seem to have regular timeout issues.

I have been tasked with finding out
a) What is happening on the network.
b) Providing a solution to cure these timeouts.
c) gaining a better understanding of network troubleshooting.

It is a big subject, but I thought the first point of attacks is to see what is happening between the two systems. I have a copy of wireshark but need some guidance in using the product in conjunction with the network switches to enable me to monitor all the traffic.

With the switches on the switches on the network, I can used port mirroring to monitor a specific port using my laptop PC.

Is their any other way or a better way to monitor the network. I am acutely aware that I will need to trawl through an awful lot of data!

The question is fairly vague as I am new to this type of work, although I am reasonably computer literate.
0
Comment
Question by:silchester
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 

Expert Comment

by:thickglasses
ID: 38781715
Hi Silchestor.

WireShark uses promiscuous mode on nic's that will allow it but packet capture on a switch using that software doesnt mean that all traffic will go through that port so capturing in promiscuous mode will not be sufficient to see all traffic on the network.
Have you thought of using a network tap instead?
If there is a timeout between 2 watchdogs then the analysis using taps will be a lot easier.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38782182
Well, it's not so bad for you since Wireshark lets you easily put on the glasses that let you focus on what you want to see in the pile of data. With the display filter options you can tell Wireshark to focus on the communication between the two safety PLC first. Then you can find an event when the watchdog hits and take out the filters to see what else is happening on the network when the PLC loose their connection. If it isn't too secret you might post the pcap file.

Furthermore try to change the unmanaged switches to some managed stuff. When your company is willing pay for regular production outages a few switches don't bother them either.
0
 
LVL 3

Expert Comment

by:Mintar
ID: 38785450
Wireshark is too professional to see what happening on your network.

For free solutions, you can try "WFilter Free" or PRTG. Both can work on a mirroring port.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 10

Expert Comment

by:mat1458
ID: 38786849
Wireshark too professional???? Still one of the most intuitve free tools that are out in the market and when it comes to troubleshooting one of the most important ones. I don't say anything against the other tools but in terms of information completeness and possibilities for the analysis Wireshark is simply great.
0
 

Author Comment

by:silchester
ID: 38823699
I will use the port mirroring function and capture the wireshark information. It may take a week ot two to obtain.

With regard to the unmanaged switches. I will do.

With regard to performance, what does a managed switched give over an unmanaged switch.
Is this just the case the a managed switch provides more visibility and monitoring ability?

Or is there more to it?
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 1500 total points
ID: 38823740
The managed switches don't give you more performance but they allow you to see errors. And that's probably the case in your situation.
0
 

Author Comment

by:silchester
ID: 38946687
I've requested that this question be closed as follows:

Accepted answer: 167 points for mat1458's comment #a38823740
Assisted answer: 166 points for thickglasses's comment #a38781715
Assisted answer: 167 points for Mintar's comment #a38785450
Assisted answer: 0 points for silchester's comment #a38823699

for the following reason:

T
0
 

Author Comment

by:silchester
ID: 38946685
.
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question