Slow LAN


I was at a client site today and was surprised at how slow file transfert was.

I had simply copied a 4.5MB file over to the server, a Windows Server SBS 2008 R2, and had to wait an unusually long span of time for its completion.

I installed 'Lan Speed Test' together with the LST Server module and ran some tests.

The XP PC, on which I had first noticed the sluggishness during the file copy, the test utility never made it to the end of its 10 packet cycle. I tried various packet sizes but the issue was always the same after two or three packet I got an "error writing to the server"

I then ran the same test from a W7 PC, at 1, 10 and 100MB packet sizes. The average writing (upload) throughput hovered close to 1 Mbps, while the reading (download) average was around 70 Mbps.

My opinion is that this situation is the result of bad cabling,

What is your opinion ?

Yann ShukorOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So it is a wired and not wireless network.
Firewall, AV?
Mandeep KhalsaCommented:
Is there a switch connecting the servers with the workstations? That might be your bottleneck.
Brad BouchardInformation Systems Security OfficerCommented:
Bad cabling or a switch.  Try tracing the cabling to see if there is a bad connection, or reboot the switches in the building.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Yann ShukorOwnerAuthor Commented:
It is a wired lan
Yes there is a switch
Hmm, no, I didn't think of rebooting it. Darn.
It's a 16 port D-Link switch
I'll get a user to restart it tomorrow
Brad BouchardInformation Systems Security OfficerCommented:
A good reboot is always one of the best solutions.  Also, if the reboot doesn't fix it, try testing from a different workstation.  Make sure that the workstations NIC is set to the network speed/duplex setting of the switch.
Not nearly enough information.

How many computers are on the network?

Is is a single IP subnet?

Brand, model, and number of switches.

NIC speeds.

If you think it is cabling, then make sure you have CAT5 if everything is 100 Mbps, or CAT5E or better if 1000 Mbps.

If all switches are unmananaged, then all computers should be set to auto speed and auto duplex.

If switches are managed, then the switches and the computers should be configured the same as the port they are connected to.  Either both auto/auto, or both fixed speed and fixed duplex.
Scott ThomsonCommented:
1. Restart the machine
2. Restart the switch
3. go into the nic properties and make sure as above it's set to duplex auto.
3. try testing after each of these settings has been adjusted to see the improvement after each one

because you said the other machine had been ok i would possible assume that the issue was the machine itself has not been restarted.. you can use pstools or check network status to see how long the machine has been up
Probably one bad device is flooding the network with 'crap'.

Two ways to test.

1) Run Wireshark on your laptop, and see what packets you see. There should be loads of packets that seems strange.

2) Disconnect one PC at a time from the switch, and see when the speed increases - to figure out which one is causing the problem.

The actual problem, could be a bad NIC, or a bad cable, or a bad port on the switch.

Of course, the NIC/Cable of the server itself could be the problematic one.
Running Wireshark  as pergr suggested will help identify what, if anything, is flooding the network.

Since the switch 16 port D-Link it is more than likely unmanaged, which means no switch statistics.
Yann ShukorOwnerAuthor Commented:
We restarted the switch this morning

And tonight I'm running Wireshark on the server

I noticed during a file copy between a PC and the server I get pile load of "TCP DUP ACK"
a spattering of "SMB TCP RETRANSMISSON", and "TCP ACKed unseen segment"

I also noticed before the file copy that there were a nimber of TCP KEEP-ALIVE

I swimming in uncharted territory here; I know, you've got to start somewhere

If you can you may want to run a packet capture on both the server and client and then copy a file.

"TCP ACKed unseen segment" can be normal if it appears at the start of a capture and it is on a TCP connection that was already established.

"TCP DUP ACK" means that either that a packet was received out of order, or the receiver waited "x" amount of time for the next packet, it did not come, so it is resending the ACK.

I will to read up o the "TCP KEEP-ALIVE".  I know what it is supposed to be used for, but I'm not sure why it would be used on a file copy.
RETRANSMISSION points at some packet loss being there, forcing the sender to re-transmit.

What does a simple ping show?
Any packet loss?

Can you try with just the client and server connected (unplugg all other ports)?
Yann ShukorOwnerAuthor Commented:
I updated the LAN drivers on both the server and the workstation from which I was testing the filecopy : no difference.

I ran another file copy and the
Dup ACK (...) sddp > microsoft-ds [ACK]
reappeared in similar abundance

PINGs are fine, no visible packet losses

I ran LAN SPEED TEST from another workstation with 1 and 10 MB packets and got more or less the same result as before : 0.5Mbps Writing (Upload) and 80 Mbps Reading (download)

During the speed test Wireshark was full of the following lines :
TCP Previous segment not captured
TCP Fast Retransmission
TCP Out of Order
TCP Keep-ALive
I beginning to believe that the switch could be the source of our problems.
Yann ShukorOwnerAuthor Commented:
Apparently the TCP Dup ACK are the result of brute force attacks on the server's port 3389 (Terminal server)
Yann ShukorOwnerAuthor Commented:
The sluggishness was finally due to Ethernet wiring issues
Yann ShukorOwnerAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for azurtem's comment #a40009798
Assisted answer: 0 points for azurtem's comment #a39907168

for the following reason:

situation is fixed
Scott ThomsonCommented:
What was the fix.?
Several experts, including myself, suggested the issue was due to bad cabling.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.