strange packet loss

Experts,

I'm using a software called pingplotter and when I ping from LAN going to facebook or cisco I'm getting intermittent packet loss, around 30-40%.

When I use command prompt, the ping is fine no PL.

I tried a different computer, my laptop and same results. I'm using a sonicwall NSA 3500


Cheers!
gsmith888Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi gsmith888,

So PingPlotter is the only issue...meaning the results from it are incongruent with the results from all other computers using command prompt? All the computers (LAN/WLAN) are all showing no loss? And this is only occurring with 2 sites (facebook.com & cisco.com)? Am I understanding you correctly?

What version of PingPlotter are you using? There have been some bugs in later versions...I'm wondering if they've resurfaced in related forms. Here was an older bug:
Route discovery logic was too aggressive when high packet loss was on the final destination. Route would lengthen on some occasions and show lower packet loss than it should.
Are you experiencing performance degradation when browsing these sites?
0
gsmith888Author Commented:
diverseit,

I also suspected the same, but when I plug my laptop to our cisco pix, it was graphing normally to cisco and facebook, I was thinking it's something on the sonicwall?
0
Blue Street TechLast KnightCommented:
Gotcha.

What version is the SonicOS?

And is it Standard or Enhanced?

I need to know the answers to these questions to provide troubleshooting.

Also, go to Logs > Categories and enable all Categories by clicking the top of the Log Column check box, then click OK.

Re-test and see if anything pops up when you go there.

After that we can do a Packet Capture to figure what is happening but this depends on your SonicOS version & if its Enhanced.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

gsmith888Author Commented:
SonicOS enhanced 5.8.1.4-430
0
Blue Street TechLast KnightCommented:
OK, thanks for the update.

Did you enable all Categories yet? Anything in the logs yet?

Are the MTU values the same in both the SonicWALL & PIX? If ISP made changes you can resize your MTU by decrementing it by 8 starting at 1500 until you get 0% loss. Open CMD prompt and use 'Ping -f -l www.google.com 1500' to test. Here is a step-by-step: http://www.experts-exchange.com/A_12615.html

Are any of the following checked?
Network > DNS
Enable DNS Rebinding Attack Prevention
      If yes, what is the action?
Firewall Settings > Advanced
Enable IP header checksum enforcement
Enable UDP checksum enforcement
Firewall Settings > Flood Protection
Enforce strict TCP compliance with RFC 793 and RFC 1122
        Enable TCP handshake enforcement
Enable TCP checksum enforcement
Enable TCP handshake timeout
What is the SYN Flood Protection Mode set to?
Security Services > Summary
What is the Security Services Setting to...Performance Optimized or Maximum Security?
0
giltjrCommented:
Ping is just that, ping.  Pingplotter is a combination of ping and traceroute.

When you are dropping packets is the packets that are truly destine to cisco and facebook, or could it be some of the "traceroute" packets to routers along the path?

When you ping a L3 network devices (router, L3 switches, firewalls) will drop packets that are destine to them or have their TTL exipred.  This is to cut down on the overhead of processing the packet.  When a L3 device has to actually process a packet (resond to a ping, or a packet whose ttl has expired) it takes move overhead than when it just passes a packet through.
0
gsmith888Author Commented:
All the settings were unchecked. Except for Enable TCP handshake timeout, handshake 30s, default tcp is 15 & max segment lifetime is 8.



I was watching the logs and notice that  

This alert was low priority and base on the IPS policy low alerts are just detect and do nothing.
 2013/09/20 23:19:10.592 Alert Intrusion Prevention IPS Detection Alert: ICMP Time-To-Live Exceeded in Transit, SID: 352, Priority: Low 8.8.8.8, 8, X1 192.168.118.29, 512, X0
0
Blue Street TechLast KnightCommented:
Ok good. All settings we went over are at defaults then.

IPS: It is just detecting so its fine. If it were preventing it would read as such: Alert Intrusion Prevention IPS Prevention Alert...
TTL was exceed connecting to google DNS (8.8.8.8).

What about your MTU value? See comment http:#a39507342

Are all Categories enabled for the Logs?
0
gsmith888Author Commented:
I'm trying to back up the sonicwall before doing anything. I saw a button "create backup" and "export settings" - would you know the difference?
0
Blue Street TechLast KnightCommented:
Yes, Create Backup - creates a backup of the SonicWALL image along with your current configuration preferences and stores it internally within the OS.
Export Settings takes your current configuration preferences (settings) and exports it externally so you can import it later if their are problems and you wish to restore.

I prefer the Export Settings because it is external and if things go really south like you have to perform a factory reset you can do so and then import the settings backup and configure nothing!

Here is the proper way to backup the settings: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5645
0
gsmith888Author Commented:
logs were all turned on/checked. nothing is being returned for the source and destination. Would it be a good idea to turn off the IPS and then test and see how that goes?
0
Blue Street TechLast KnightCommented:
Disable all Security Services as a test. Then one-by-one enable each and retest until you locate the culprit. Once you have found the source, configure it accordingly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
I'm glad I could help...thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.