?
Solved

Network Monitoring

Posted on 2013-01-15
8
Medium Priority
?
536 Views
Last Modified: 2013-03-02
Hi

I have an industrial network which uses Hirschmann RS20 Ethernet switches in a redundant Fibre ring arrangement. The network unfortunately has evolved and there are unmanaged switches in various places.

The network has a lot of indutrial control gear such as Schneider PLCs, HMI, Rockwell & Siemens PLC's. There are also a few SCADA Systems that regularly poll the PLCs via OPC.

The system also has two safety PLCs that need to communicate with each other. The system has a watchdog time that when it times out will shut the safety system down.

The system regularly shuts down on timeout and also other system seem to have regular timeout issues.

I have been tasked with finding out
a) What is happening on the network.
b) Providing a solution to cure these timeouts.
c) gaining a better understanding of network troubleshooting.

It is a big subject, but I thought the first point of attacks is to see what is happening between the two systems. I have a copy of wireshark but need some guidance in using the product in conjunction with the network switches to enable me to monitor all the traffic.

With the switches on the switches on the network, I can used port mirroring to monitor a specific port using my laptop PC.

Is their any other way or a better way to monitor the network. I am acutely aware that I will need to trawl through an awful lot of data!

The question is fairly vague as I am new to this type of work, although I am reasonably computer literate.
0
Comment
Question by:silchester
8 Comments
 

Expert Comment

by:thickglasses
ID: 38781715
Hi Silchestor.

WireShark uses promiscuous mode on nic's that will allow it but packet capture on a switch using that software doesnt mean that all traffic will go through that port so capturing in promiscuous mode will not be sufficient to see all traffic on the network.
Have you thought of using a network tap instead?
If there is a timeout between 2 watchdogs then the analysis using taps will be a lot easier.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38782182
Well, it's not so bad for you since Wireshark lets you easily put on the glasses that let you focus on what you want to see in the pile of data. With the display filter options you can tell Wireshark to focus on the communication between the two safety PLC first. Then you can find an event when the watchdog hits and take out the filters to see what else is happening on the network when the PLC loose their connection. If it isn't too secret you might post the pcap file.

Furthermore try to change the unmanaged switches to some managed stuff. When your company is willing pay for regular production outages a few switches don't bother them either.
0
 
LVL 3

Expert Comment

by:Mintar
ID: 38785450
Wireshark is too professional to see what happening on your network.

For free solutions, you can try "WFilter Free" or PRTG. Both can work on a mirroring port.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
LVL 10

Expert Comment

by:mat1458
ID: 38786849
Wireshark too professional???? Still one of the most intuitve free tools that are out in the market and when it comes to troubleshooting one of the most important ones. I don't say anything against the other tools but in terms of information completeness and possibilities for the analysis Wireshark is simply great.
0
 

Author Comment

by:silchester
ID: 38823699
I will use the port mirroring function and capture the wireshark information. It may take a week ot two to obtain.

With regard to the unmanaged switches. I will do.

With regard to performance, what does a managed switched give over an unmanaged switch.
Is this just the case the a managed switch provides more visibility and monitoring ability?

Or is there more to it?
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 1500 total points
ID: 38823740
The managed switches don't give you more performance but they allow you to see errors. And that's probably the case in your situation.
0
 

Author Comment

by:silchester
ID: 38946687
I've requested that this question be closed as follows:

Accepted answer: 167 points for mat1458's comment #a38823740
Assisted answer: 166 points for thickglasses's comment #a38781715
Assisted answer: 167 points for Mintar's comment #a38785450
Assisted answer: 0 points for silchester's comment #a38823699

for the following reason:

T
0
 

Author Comment

by:silchester
ID: 38946685
.
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This program is used to assist in finding and resolving common problems with wireless connections.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question