Solved

Network Monitoring

Posted on 2013-01-15
8
515 Views
Last Modified: 2013-03-02
Hi

I have an industrial network which uses Hirschmann RS20 Ethernet switches in a redundant Fibre ring arrangement. The network unfortunately has evolved and there are unmanaged switches in various places.

The network has a lot of indutrial control gear such as Schneider PLCs, HMI, Rockwell & Siemens PLC's. There are also a few SCADA Systems that regularly poll the PLCs via OPC.

The system also has two safety PLCs that need to communicate with each other. The system has a watchdog time that when it times out will shut the safety system down.

The system regularly shuts down on timeout and also other system seem to have regular timeout issues.

I have been tasked with finding out
a) What is happening on the network.
b) Providing a solution to cure these timeouts.
c) gaining a better understanding of network troubleshooting.

It is a big subject, but I thought the first point of attacks is to see what is happening between the two systems. I have a copy of wireshark but need some guidance in using the product in conjunction with the network switches to enable me to monitor all the traffic.

With the switches on the switches on the network, I can used port mirroring to monitor a specific port using my laptop PC.

Is their any other way or a better way to monitor the network. I am acutely aware that I will need to trawl through an awful lot of data!

The question is fairly vague as I am new to this type of work, although I am reasonably computer literate.
0
Comment
Question by:silchester
8 Comments
 

Expert Comment

by:thickglasses
ID: 38781715
Hi Silchestor.

WireShark uses promiscuous mode on nic's that will allow it but packet capture on a switch using that software doesnt mean that all traffic will go through that port so capturing in promiscuous mode will not be sufficient to see all traffic on the network.
Have you thought of using a network tap instead?
If there is a timeout between 2 watchdogs then the analysis using taps will be a lot easier.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38782182
Well, it's not so bad for you since Wireshark lets you easily put on the glasses that let you focus on what you want to see in the pile of data. With the display filter options you can tell Wireshark to focus on the communication between the two safety PLC first. Then you can find an event when the watchdog hits and take out the filters to see what else is happening on the network when the PLC loose their connection. If it isn't too secret you might post the pcap file.

Furthermore try to change the unmanaged switches to some managed stuff. When your company is willing pay for regular production outages a few switches don't bother them either.
0
 
LVL 3

Expert Comment

by:Mintar
ID: 38785450
Wireshark is too professional to see what happening on your network.

For free solutions, you can try "WFilter Free" or PRTG. Both can work on a mirroring port.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38786849
Wireshark too professional???? Still one of the most intuitve free tools that are out in the market and when it comes to troubleshooting one of the most important ones. I don't say anything against the other tools but in terms of information completeness and possibilities for the analysis Wireshark is simply great.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:silchester
ID: 38823699
I will use the port mirroring function and capture the wireshark information. It may take a week ot two to obtain.

With regard to the unmanaged switches. I will do.

With regard to performance, what does a managed switched give over an unmanaged switch.
Is this just the case the a managed switch provides more visibility and monitoring ability?

Or is there more to it?
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 38823740
The managed switches don't give you more performance but they allow you to see errors. And that's probably the case in your situation.
0
 

Author Comment

by:silchester
ID: 38946687
I've requested that this question be closed as follows:

Accepted answer: 167 points for mat1458's comment #a38823740
Assisted answer: 166 points for thickglasses's comment #a38781715
Assisted answer: 167 points for Mintar's comment #a38785450
Assisted answer: 0 points for silchester's comment #a38823699

for the following reason:

T
0
 

Author Comment

by:silchester
ID: 38946685
.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now