Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

We are troubleshooting  and phantom problem on our WAN, where the network drops off for some of our school districts about 1 time a day for less than a couple minutes. We are using  wireshark/tshark to run packet captures, via  a script that launches if a ping response fails to any of our targets. Support for the network indicates they are seeing warnings by wireshark  of duplicate IP addresses for a few IPs. They feel that issue is part of our problem but the conflicting IPs are on entirely different vlans from point A to point B. Is this simply a limitation of wireshark not recognizing the separate vlans? Is there a way to make wireshark aware with the proper capture flags, or is there really a concern about the conflicting IPs.  According to Fortinet, we have set things up correctly and it makes sense to me that there should not be an issue as long as different vlans are used. (many of our school districts use the same LAN subnet addressing)

I appreciate any insight on this issue.
PMI ACP® Project Management
LVL 19
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

I am visiting a client tomorrow (50 WAPs, 5 Switches) to assist them in their wireless dropout issues.
They have cordless wireless phones which were on 2ghz, they upgraded it 5ghz, it didnt resolve the issue.
They have meraki switches and waps, and cisco asa.
Meraki waps they are using are MR 42; 

I have worked on Meraki SWs and WAPs but never had any issues with them.
Should i start with disabling SSIDs and enable one by one?
Which tools / apps i can install on my computer to diagnose an issue like this?

We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice
Hello, I am aware that classful network addressing is a thing of the past and there are 5 classes.
Class A       0
Class B       10
Class C       110
Class D       1110
Class E       1111

If we wanted 9 Classes I’m trying to find the leading bits. Is this possible?

I would like to know what caused this to happen? WMI usage was very high in task manager which resulted in extreme slowness in over all performance in my PC. When I rebooted the computer it went to 0% as it's supposed to be. What was the culprit and and how can I prevent that from happening in the future?
WMI Usage Very High.JPG
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
I need to analyze PCAP files and APIs for an MVNE I am working with.  I can definitely see some things in the PCAP files they sent, but I would like to be able to do a lot more and more deeply analyze it.  I have been using wireshark to break it down but what is the best way to attack analyzing these files.  Is there a resource out there, program, best practice, etc.
C++ 11 Fundamentals
LVL 19
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Plugged in two network switches to my LAN. They were being used for Comcast Voice previous to today. Now, I have workstations that are having their DNS server address changed to the firewall IP address. The DHCP scope tells them to go to, but they are changing to
I can't find any rogue DHCP servers on the network.
Any ideas on areas I could check to see what is telling the computers to change their IP on the DNS server through DHCP?

When we connect via Wireless, those computers aren't impacted.
Only happening on the LAN (ethernet) segment from what I can tell.

Have a Fortigate Firewall
Have Fortiswitches
Have a Cisco SG300-24P
Have a TP Link T1600-52P switch

I checked both switches and both have DHCP server disabled
Both are set to DHCP to pick up a IP
I did have to login to change the IP on the TP-Link
It was defaulted to
I had to alter that to

Verified firmware is up to date.

The only thing I did yesterday was to plug the phone switches into the Ethernet LAN as the phones would now be using our LAN for IP Addressing and such.
Is there a way to see what's handing out or distributing the for "DNS Server" setting to workstations?

The DHCP server has been
But now, on the clients (anything not statically assigned) its showing up as

I don't see any other DHCP servers on the network. I am trying to use Wireshark to examine the LAN to see if this is the …
How can I setup a remote  wireshark capture?  I want to capture traffic on a particular switchport, but I can't be onsite.

I have a cisco 2960g and a fortigate 60d
I have an Extreme Switch that is capable of port monitoring.
I'll be using a laptop to connect to port 11 on this switch.  I'll be monitoring port 13 that has a VOIP switch plugged in to it.  The purpose is to capture the traffic of the VOIP switch because that VOIP switch is losing connectivity to our network at random.
On the Extreme switch, all I have to do is select port 11 as the "monitoring" port and select port 13 as the port I want to monitor.  This part is easy enough.
I'd like to use Wireshark as the utility to capture the traffic.  Installing Wireshark on the laptop I'll be plugging in to port 11 is no problem.  However, tutorials I've seen so far are not specific enough to tell me "how to" set up Wireshark to capture/store the traffic that's traveling across port 13.
Please advise.
I am trying to trace TCP traffic between two applications that I have written using Borland C++ builder XE10.1 Berlin Update 2.
The TCP client application connects to the TCP server client on TCP port 4545 without any problem
I am running both applications on the same PC whose IP address is
The server receives the data periodically sent by the client and displays it which tells me that it is working.
If I try to look at the data using Wireshark version 3.0.2 (v3.0.2-0-g621ed351d5c9)  however, the traffic is not shown.

I am using the display filter : tcp.port == 4545

If I remove the filter then all traffic is shown in real time as you would expect.

I am assuming that Wireshark won't display traffic with the same source and destination IP addresses ?
How do I configure Wireshark to show TCP traffic with the same source and destination IP addresess ?
How do you become certified/qualified to do SOC 2 audits? When I try to search this
on google the borg assumes I'm looking to pay someone to audit my company.
I'm looking for - if you wanted to be an auditor of companies to assure their
SOC 2 compliance, what process would you need to go through?
OSPF LSA  Updates and Hellos

on the Screenshot below , we have DR and BDR

I want to know if other routers will have to send an update(LSA type 1) to DR and BDR, or they will send an update (LSA type 1) just to the DR, and the DR will send (LSA type2) to all the routers including the BDR


Other Routers  will  send an update(LSA type 1) to then DR and BDR will get the Update but only the DR that will send (LSA type 2) to (where all other routers are listening to)

in case of the second case , I wonder how does BDR get LSA type 2 from DR

Thank you

I am looking for  software solutions  that will allow me to Visualize Network Traffic .
The aim is to quickly pick up on network isssues .

What do you guys recommend?

There seems to be a lot of discards happening on an interface of my Catalyst 9300. Here are some images to validate what is happening.
This port on the switch goes to a Fortigate 300E. Would I be able to identify these discarded packets with Wireshark and spanning the port like so:
monitor session 1 source interface TwoGigabitEthernet1/0/8
monitor session 1 destination interface tenGigabitEthernet 1/0/45 encapsulation replicate

 I ended up trying it with Wireshark and got this, but not sure if it's my problem.
I need to design a topology of our network for a meeting that shows all the network servers and communication appliances.  What software can I use that is simple or free to do so?

JavaScript Best Practices
LVL 19
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy
We are looking for a network monitoring and configuration management tool. More than 90% of our network is HPE (Prourve)/Aruba, and we use Infoblox IPAM.

The options we are looking at currently are HPE IMC, Infoblox NetMRI and SolarWinds.

At the moment cost has priority over nice to have features, so cut down versions of the above would also be one way to go. We have bout 600 switches and growing.

What we absolutely need in terms of features:

device inventory
device state  - basically being able to see if a switch is down
switch configuration backup as a scheduled task

Provided the above is covered, it would be nice to have:

network map with L3/L2 overlays
loop detection
device configuration compliance (to a set of policies and/or predefined baseline configuration)
device configuration comparison (side by side)
device configuration deployment
firmware inventory
firmware installation

Anything else that would be useful that you can recommend?

Thank you!
I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.

Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.

The issue is that traffic never hits I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.

I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead…
Hi guys

There are moments when people in a particular area of the office have connectivity issues from their local PC's to the actual servers. They will say that connecting from their local machines to the server is taking a while.

I know it may not be necessary, but I would like to know if tomorrow I wanted to show people how you can measure network traffic or even connectivity problems at different points on the network, I wanted to be able to showcase it.

I was wondering whether there are ways of testing each segment of our network to see whether there are any red flags that come up. For example, how would I measure if there is a physical connectivity issue between the floor port their PC's are plugged into and the port on the switch? How about from the switch they are plugged in to, to the server? If so, then can you explain, literally, how would you go about doing this?

Thank you for helping
Thousand Eyes seems like a really good software.  Helped me to figure out routing issues.  Love to deploy it our Data centers. Worth to have paid account?
Wonder what other forks are using?
I have a Dell Server running W 2008 R2.
It's on a LAN with 8 pcs running W7Pro and W10Pro.

If I go on ANY of the PCs and try to Map a Network Drive, I  see only THREE (of the Eight PCs) but NOT the Server.

I can Ping the Server from any of the PCs and the Server responds (but wont connect).

It's obviously a setting on the Server but I don't know where to look.

Can anyone give me some pointers?



Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).