Solved

Network Monitoring

Posted on 2013-01-15
8
514 Views
Last Modified: 2013-03-02
Hi

I have an industrial network which uses Hirschmann RS20 Ethernet switches in a redundant Fibre ring arrangement. The network unfortunately has evolved and there are unmanaged switches in various places.

The network has a lot of indutrial control gear such as Schneider PLCs, HMI, Rockwell & Siemens PLC's. There are also a few SCADA Systems that regularly poll the PLCs via OPC.

The system also has two safety PLCs that need to communicate with each other. The system has a watchdog time that when it times out will shut the safety system down.

The system regularly shuts down on timeout and also other system seem to have regular timeout issues.

I have been tasked with finding out
a) What is happening on the network.
b) Providing a solution to cure these timeouts.
c) gaining a better understanding of network troubleshooting.

It is a big subject, but I thought the first point of attacks is to see what is happening between the two systems. I have a copy of wireshark but need some guidance in using the product in conjunction with the network switches to enable me to monitor all the traffic.

With the switches on the switches on the network, I can used port mirroring to monitor a specific port using my laptop PC.

Is their any other way or a better way to monitor the network. I am acutely aware that I will need to trawl through an awful lot of data!

The question is fairly vague as I am new to this type of work, although I am reasonably computer literate.
0
Comment
Question by:silchester
8 Comments
 

Expert Comment

by:thickglasses
ID: 38781715
Hi Silchestor.

WireShark uses promiscuous mode on nic's that will allow it but packet capture on a switch using that software doesnt mean that all traffic will go through that port so capturing in promiscuous mode will not be sufficient to see all traffic on the network.
Have you thought of using a network tap instead?
If there is a timeout between 2 watchdogs then the analysis using taps will be a lot easier.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38782182
Well, it's not so bad for you since Wireshark lets you easily put on the glasses that let you focus on what you want to see in the pile of data. With the display filter options you can tell Wireshark to focus on the communication between the two safety PLC first. Then you can find an event when the watchdog hits and take out the filters to see what else is happening on the network when the PLC loose their connection. If it isn't too secret you might post the pcap file.

Furthermore try to change the unmanaged switches to some managed stuff. When your company is willing pay for regular production outages a few switches don't bother them either.
0
 
LVL 3

Expert Comment

by:Mintar
ID: 38785450
Wireshark is too professional to see what happening on your network.

For free solutions, you can try "WFilter Free" or PRTG. Both can work on a mirroring port.
0
 
LVL 10

Expert Comment

by:mat1458
ID: 38786849
Wireshark too professional???? Still one of the most intuitve free tools that are out in the market and when it comes to troubleshooting one of the most important ones. I don't say anything against the other tools but in terms of information completeness and possibilities for the analysis Wireshark is simply great.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:silchester
ID: 38823699
I will use the port mirroring function and capture the wireshark information. It may take a week ot two to obtain.

With regard to the unmanaged switches. I will do.

With regard to performance, what does a managed switched give over an unmanaged switch.
Is this just the case the a managed switch provides more visibility and monitoring ability?

Or is there more to it?
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 38823740
The managed switches don't give you more performance but they allow you to see errors. And that's probably the case in your situation.
0
 

Author Comment

by:silchester
ID: 38946687
I've requested that this question be closed as follows:

Accepted answer: 167 points for mat1458's comment #a38823740
Assisted answer: 166 points for thickglasses's comment #a38781715
Assisted answer: 167 points for Mintar's comment #a38785450
Assisted answer: 0 points for silchester's comment #a38823699

for the following reason:

T
0
 

Author Comment

by:silchester
ID: 38946685
.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now