Winfix1
asked on
Slow network - How do I spot the problem with Wireshark
Hi
I have a client with an intermittent slow network.
Wireshark appears to be the right product to use to analyse the problem but I dont have any idea where to start.
Whilst Id like to spend time getting fully up to speed with Wireshark I really dont have the time at the moment!
Does someone have some quick, simple instructions (non network guru) for capturing traffic and quickly spotting the culprit?
Many thanks.
I have a client with an intermittent slow network.
Wireshark appears to be the right product to use to analyse the problem but I dont have any idea where to start.
Whilst Id like to spend time getting fully up to speed with Wireshark I really dont have the time at the moment!
Does someone have some quick, simple instructions (non network guru) for capturing traffic and quickly spotting the culprit?
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have managed switches then it's a lot easier to look at the bandwidths using SNMP. It's easy to set up without a lot of learning if you use Paessler's PRTG. The free version will monitor 10 ports at once and you can set up more than that and switch around (from Paused to Active) as you learn where you'd like to be looking.
Wireshark is really the next level of instrumentation so that once you know which ports/computers are in the mix you can capture packets in the right place.
Again, managed switches help a lot because you can "mirror" a switch port to a monitor (mirror) port and just look at the traffic there.
Slowness is likely caused by high traffic and/or high error rates or a jabbering NIC or switch port. So, if you find high traffic first or high error rates first then it's easier to use Wireshark for the details IF you even need them.
Wireshark is really the next level of instrumentation so that once you know which ports/computers are in the mix you can capture packets in the right place.
Again, managed switches help a lot because you can "mirror" a switch port to a monitor (mirror) port and just look at the traffic there.
Slowness is likely caused by high traffic and/or high error rates or a jabbering NIC or switch port. So, if you find high traffic first or high error rates first then it's easier to use Wireshark for the details IF you even need them.
ASKER
This pointed me in the right direction. Thanks
Check the below links it may help you.
http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
http://www.plixer.com/blog/scrutinizer/free-wireshark-training-packet-capture-101/
http://www.youtube.com/watch?v=0bazkLeY6b4
Thanks
Jai