TCPip Packet Loss and Timeout

We have 8 Pcs in our office along with some other networking devices such as printers and IP cameras. Ping responses across the network are generally quick to respond without any loss. However on a couple of occasions recently users reported their machines to be slow. On investigation I found that across the network that drop outs were occuring randomly on different machines. I have tested all cables, and swapped network switch. The only resolution i've found is to restart all devics and networking equipment. This seems to resolve the issue. There are no stray cables and none plugging back in on themselves in the switch. The switch is unmanaged switch. The network is firewalled. What would possibly cause this? Could a device be broadcasting and flooding the LAN? How would you recommend problem solving to get a resolution?
lagg2007Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LesterClaytonCommented:
It's rare but it is possible for a single network interface to cause networking issues by jabber.

From this web site:

In networks, a jabber is any device that is handling electrical signals improperly, usually affecting the rest of the network. In an Ethernet network, devices compete for use of the line, attempting to send a signal and then retrying in the event that someone else tried at the same time. A jabber can look like a device that is always sending, effectively bringing the network to a halt. A jabber is usually the result of a bad network interface card (NIC). Occasionally, it can be caused by outside electrical interference.

Narrowing down which PC is causing this can be done in one of two ways:

Unplug each PC one at a time, until the problem stops.  If you have a continuous ping form one machine that you can monitor while unplugging each other machine one at a time, then the problem should stop when you unplug the faulty machine.
Run Wireshark on a workstation, and when the problem occurs, you will see a huge flood of network packets being captured.  These packets will then hopefully have the MAC Address of the faulty network card - and then you can use this to find the machine.  "IPCONFIG /ALL" on a machine will show the MAC Address.

The second of the two is a fair bit technical, but the most effective way to find the culprit or cause of the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PaulOffordCommented:
Hi,  The Jabber thing isn't really an issue these days as it harks back to shared media and hubs.

I must admit I'd dive in with Wireshark but that's tough if you've never done it before.  To determine if it is flooding or a broadcast storm I recommend that you start by running Performance Monitor on any machine on the same sub-network as the users.

So the steps are:

1. Hit the Start button in Windows
2. In the input box at the bottom with Search programs and files type in perfmon and perfmon.exe should appear highlighted at the top of the start menu
3.  Hit Enter and perfmon should start
4.  Click on the little black icon with a squiggly red line and you should start to get a plot of CPU utilisation on 1-second interval
5.  Click on the green plus symbol above the graph
6.  Under Available counters choose Network Interface and click on the down arrow to the right of the words Network Interface
7.  Choose Bytes Received/sec
8.  Under Instances of selected object choose the Interface that connects this PC or server to the network
9.  Click on the Add button
10.  Uncheck % Processor Time beneath the graph
11.  Wait for the problem and check the network load at that time

Note this will show bytes per second so multiply by 8 to get bits per second and you need to adjust for the Scale factor you see in the table under the graph.  Also remember this will show broadcast, multicast and flooding load only.

If you do get heavy load at the time of the problem then you may need to break out Wireshark to see what's causing it.

Best regards...Paul
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.