Network Analysis Help

I need to design a topology of our network for a meeting that shows all the network servers and communication appliances. What software can I use that is simple or free to do so?

Thanks

9 Comments

Introduction to R

LVL 13

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy

5 Comments

I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.

Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 11.11.11.11. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.

The issue is that traffic never hits 11.11.11.11. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 11.11.11.11 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.

I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead…

9 Comments

Hi guys

There are moments when people in a particular area of the office have connectivity issues from their local PC's to the actual servers. They will say that connecting from their local machines to the server is taking a while.

I know it may not be necessary, but I would like to know if tomorrow I wanted to show people how you can measure network traffic or even connectivity problems at different points on the network, I wanted to be able to showcase it.

I was wondering whether there are ways of testing each segment of our network to see whether there are any red flags that come up. For example, how would I measure if there is a physical connectivity issue between the floor port their PC's are plugged into and the port on the switch? How about from the switch they are plugged in to, to the server? If so, then can you explain, literally, how would you go about doing this?

Thank you for helping
Yash

7 Comments

LVL 17

Question by

Tiras25

2019-01-29SolvedPrivate

Thousand Eyes network troubleshooting tool

Thousand Eyes seems like a really good software. Helped me to figure out routing issues. Love to deploy it our Data centers. Worth to have paid account?
Wonder what other forks are using?

1 Comment

I have a Dell Server running W 2008 R2.
It's on a LAN with 8 pcs running W7Pro and W10Pro.

If I go on ANY of the PCs and try to Map a Network Drive, I see only THREE (of the Eight PCs) but NOT the Server.

I can Ping the Server from any of the PCs and the Server responds (but wont connect).

It's obviously a setting on the Server but I don't know where to look.

Can anyone give me some pointers?

Thanks,

Biggles

8 Comments

LVL 14

Question by

frankhelk

2019-01-24Solved

How to get tcpdump to capture continuous ?

I have some SLES 12.2 server where I need to monitor certain network traffic for diagnosing a problem that occurs every now an then. I'll try to record the traffic with tcpdump, and when that problem arises, I could dissect the correcponding network traffic with Wireshark.

I've set up a main script which contains

#!/bin/bash
tcpdump -iany -G $((30*60)) -n -w tcpdump.io.%F_%H%M%S.pcap -z ./tcpdump_postproc.sh net 192.168.1.0/24 or net 192.168.2.0/24 > tcpdump.statistics
./tcpdump_postproc.sh

Open in new window

and a helper script tcpdump_postproc.sh for some postprocessing:

#!/bin/bash
gzip *.pcap
find . -maxdepth 0 -mmin +$((12*60)) -name '*.pcap.gz' -delete

Open in new window

I'd expect that script to run indefinitely, creating capture files containing 30 minutes of data each, until I stop tcpdump with i.e. [CTRL-C] or kill. The postprocessing called after stopping (and whenever a new capture file is created) will zip the created capture files and limit the backlog of capture files to 12 hours.

So far, so good. Now to the problem:

tcpdump stops capturing data in the middle of the second file and exits (without error, as far as I could see).

What have I missed ?

8 Comments

what is the difference between state full inspection and deep packet inspection ?

thanks !!!

3 Comments

I have a user who when tries to restore a Quickbooks database that is 100M stored on the server over the network takes hours. When he copies the db from the server to his desktop which takes a few seconds then tries to restore it the process takes less then a min. I would like to use wireshark to possibly identify the issue.

Questions
1. Do i need to run Wireshark on his computer or on any computer to see if there are any issues?
2. What should i be looking for?
3. Should i attach a capture file or is that not secure?

12 Comments

hosting a Fortnite competition on ipads - what can i do to remove lagging/ latency issues

everyone will be on ipads and my bandwidth is 200 MB dedicated, its a small competition in our company, is there a QOS setting i can apply or any other suggestions

maybe there is a gaming port i need to open on the firewall

2 Comments

Announcing the Winners!

LVL 13

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

I had this question after viewing Stuck in INIT/DROTHER.

I have the same problem? OSPF INIT/Drother between Cisco Switch L3 and Cisco Firewall ASA?
I checked everything all the configuration.It looks good however it doesn’t work? I don’t really understand why?

13 Comments

Meaning of TTL in PING Reply

I have pingged 2 devices that have the same number of Hops away.
One shows TTL:124
the other shows TTL:250

I wonder how is the TTL calculated in this case .

Thank you

10 Comments

Hi guys,

When I am at my parents house,, streaming stuff is so slow. When running a speedtest it shows speeds of 25MBs download, 5mbs upload. It is 'fibre' internet that they have.

However, I am wondering how one can determine if the slowness is our side or the sender who we are viewing from. How does one determine whether it is our side? What tools can I run? Wireshark?

Thanks for helping
Yashy

6 Comments

Hi

I'm moving layer 3 routing from an old core switch to a new core stack we've just purchased.

The stack has been configured with trunks and has access to the network.

The old core will not be removed just the routing will be removed from it.

At the moment the old core has links to different sites

My question is when the routing has been moved over, will I need to move cables over from the old core to the new?

Thanks

1 Comment

LVL 28

Question by

Fred Marshall

2018-11-20Solved

Reports and experience of "slow internet" but can't find the cause.

I have a network that has been getting user reports that "the internet is slow". Plenty of users....
I can see slowness in web browsing but:
- speed tests look fine
- DNS response times look fine
- internal and internet traffic levels look fine
- I've rebooted the main firewall and don't see any issues there - no recent changes.

I'm using PRTG for network monitoring and network traffic levels appear to be reasonable.

I rather suspect DNS issues but can't pinpoint any.

I'd really like to have a nice tool that would help with this.
And, suggestions about how to approach this would help.

9 Comments

LVL 1

Question by

leblanc

2018-11-18Solved

router on a stick

I have router on a stick fa0/0.10 10.10.10.1/30 on R1 and an IP address assigned to R2 f0/0 10.10.10.2/30. I am trying to understand why I cannot ping R2 from R1?

R1 config:

interface FastEthernet0/0
 no ip address
 duplex full
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.255.252
!

Open in new window

R2 config:

interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.252

Open in new window

4 Comments

LVL 1

Question by

Justin

2018-10-30Solved

Collect data on PC utilisation

I have 14 windows 7 PCs that are used as internet cafe access points. I'm looking for a way to collect data as to how much they are utilised. I am trying to ascertain if amount of PCs available meets the demand we have. For example: PC 7 is used for 4 hours per day, where as PC 6 is only used for 30 minutes a day or maybe a graph that shows usage for all PCs throughout the day, where I can see how many computers where in use at any one time. The internet connection for these machines goes via a Win Server 2016 gateway running hotspot software. The hotspot software doesn't have this kind of data collection. The network switches are only "web managed". Of course, i'm looking for a free, or cheap solution.

9 Comments

Hi guys

As we have multiple offices at our work place, we constantly have users leaving and new ones beginning. We want to keep a floor map of PC names, their locations along with the users.

This is so that when we want to do things like apply updates and they fail to a PC, we can allocate where they physically are and access that machine or even request the user to do the necessary from their end.

Does anybody use any applications to manage this?

Thank you
Yash

2 Comments

Dear Experts,

I am a new starter to a job, and have been given an initial project to work on that I'm hoping that you can help with.

The customer has an ageing archiving solution with SAN storage that archives email from their MS Exchange platform. There is a separate project that is almost complete that will replace the solution.

I have been given the task of overseeing the decommissioning of the SAN storage.

The customer believes that the only solution using the SAN storage was the legacy email archiver, but cannot be 100% sure that other applications haven't developed dependencies on the SAN storage during it's lifespan, and I've been asked to perform some due dilligence on the SAN to try an identify any unexpected connectivity.

My initial thoughts are to run something like WireShark on that network segement to identify any traffic with the SAN IP as a destination.

Is that the right approach?

If not, what do you recommend?

If it is, could you give me some guidance on how what config I should put into Wireshark to help me see the right results?

Many thanks in advance.

5 Comments

Expert Spotlight: Joe Anderson (DatabaseMX)

LVL 13

We’ve posted a new Expert Spotlight! Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.

27 Comments

Consider the below scenario

userPC---- firewall --- Destination-server
10.1.1.1

I have installed some software on the server, the service of that software is using port # 301.

1) Scenario...
      Firewall defined
      server# service UP
userPC# telnet 10.1.1.1 301 --> user get reply

2)Scenario...
      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

==
This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.

6 Comments

What does this mean?

Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \clients\client2
Trans2 Response QUERY_PATH_INFO, Error: STATUS_OBJECT_PATH_NOT _FOUND
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \clients\client1
Trans2 Response QUERY_PATH_INFO, Error: STATUS_OBJECT_PATH_NOT _FOUND
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \clients
Trans2 Response QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT _FOUND
NT Create AndX Request, FID: 0x4014, Path: \clients
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \clients
445 > 2161 [ACK] Seq=171 Ack=576 Win=17138 Len=0

Network Analysis

2 Comments

Question by

jskfan

2018-08-18Solved

Access List Inbound

in the topology above , I have 2 routers with 2 loopbacks.
on R2 I configured an access list to permit only 192.168.12.0 which is the link between R1 and R2, for some reason I cannot ping loopback 1.1.1.1 of R1 which makes sense, but I can ping from R1 to loopback of R2. I thought both loopbacks cannot be ping because of the access list:

configuration below:

R1:

R1#sh run 
Building configuration...

Current configuration : 1792 bytes
!
! Last configuration change at 16:05:15 CET Sat Aug 18 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address

Open in new window

…

8 Comments

Hi.. This is regarding networking port no. 2829, 2832, 2831 and 2830. According to IANA website, this is something silkp1, silkp2, silkp3 and silkp4. Can anyone tell me what is this silkp ?

2 Comments

Don't have much documentation at my new place and I wanted to know where to begin to understand our DR/BDR information. I specifically wanted to know what it costs the company to be down for an hour or a day and so forth. Since we don't have much documentation, it is really hard to understand or where to begin.

8 Comments

Network Analysis

Related Topics

Network Analysis

Related Topics