Improve company productivity with a Business Account.Sign Up

x

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

General concept of openVPN solution for private network. I'm thinking about layer2 bridging mode but... I have one VPS server with Ubuntu 16.04LTS, one local network and two mobile pcs. Starting from server - there is one Ethernet controller with public static IP address. I want to connect to them from 3 places. Should I create 3 TAP interfaces? What about the bridge - bridging eth with TAP(s) or only TAPs from network for example 192.168.2.0/24. Next computer is PC in local network also with one Ethernet controller with address from network 192.168.2.0/24 and Gateway 192.168.2.1. Additionaly two laptops with two network cards, one used for internet access with local address from network 192.168.2.0/24. Have I config TAP and bridge with network card unused or used to connect to internet (WLAN + home WiFi router). I would like to see every computer like in local network, use configured in local network DHCP, DNS (not obliogatory - can be static), used sharing folders, printers, active directory, connect to domain, use DFS. When I trying TUN IP packet routing i probably had wrong configuration but forcing DNS from VPN was disconnecting me from DFS service.
Any help please - routing or bridging and config of TUN/TAPs interfaces with ethernets and Bridges.

Thank You

Paweł
0
Upgrade your Question Security!
LVL 12
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

I did a speed test from several speed test sites for my 1 gig Internet circuit and my download and upload are so different. The upload seems fine but the download is so off. It never passes 250Mbps. I have another 300 Mbps with another ISP and when I tested it with the speedtest sites, the download and upload are almost the same, around 250Mbps.
The tech was onsite and tested with his test set and he said that he gets around 900Mbps upload and download.
How do I explain this? Can I trust the 1G circuit provider? What is the explanation for the speedtest sites reported big differences between download and upload.

Any thoughts? Thanks
0
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
0
A few years back I had SolarWinds Real-Time NetFlow Analyzer working with my Cisco 3750x switch. Recently we had some suspicious traffic so I installed a new version of the software on a Win 10 machine. I can connect through the software to my switch, I can see all of the interfaces but none of them show NetFlow enabled. When I click on the interface I want to monitor then click "Start Flow Capture" I get a 'NetFlow is not detected on the selected interface'.

How do I get this port configured correctly to capture NetFlow data?

Additional Facts:
IOS version 15.0(2)SE6

Config on switch:
int gig <port to be monitored>
ip flow ingress
ip flow egress

ip flow-export source <port to be monitored>
ip flow-export version 5
ip flow-export destination <IP of my Win 10 machine> 2055

Open in new window


Per this thread- https://thwack.solarwinds.com/thread/20498 
I tried to run the ip nbar protocol-discovery and the ip route-cache flow on the port to be monitored. Neither of those commands were accepted on that port.

Any help is appreciated.

EDIT:
I've had users on other forums attempt to help me by pointing me to towards flexible netflow configurations that use the command ip flow monitor <name of monitor> input applied to the interface they want to monitor. My switch does not allow flexible netflow to be applied to non-service module ports. What I'm trying to monitor are the standard gigabit interfaces.

The netflow commands I can apply to those standard interfaces are those listed above: ip flow ingress and ip flow egress. How do I get netflow analysis that way?
0
Need the networking experts here!

setting up 802.1x this week, going onsite tomorrow for a quick recce. what are the prerequisites to look for? Servers to install NPS  on etc.

thanks in advance
0
Why would wireshark shade certain lines of a packet capture grey instead of light blue which is the majority?
0
Hi - If we have 100 Windows 10 computers in an office, all with network discovery turned on, does this impact the network bandwidth significantly, and slow the LAN down? We have approximately 12 10/100 Cisco switches in place. I would think that these same computers downloading windows updates would impact the network more. Any information would be greatly appreciated.
0
SonicWALL VPN to Cisco ASA
On the Cisco side there are two subnets (172.16.0.16/29 and 10.0.0.0/22)
On the SonicWALL side there are two subnets (192.168.0.0/24 and 10.0.0.0/24)
Three subnets total - 172.168.0.16/29 - 192.168.0.0/24 - 10.0.0.0/22 and /24

Without using NAT in the policy the Cisco side is able to ping 192.168.0.1 (remote gateway).  The SonicWALL side is able to ping 172.16.0.17 (remote gateway of subnet 1) but cannot ping 10.0.0.254 (remote gateway of subnet 2) because the SonicWALL is also managing the same subnet locally.

I know when you try to set up a VPN where the subnets on both sides match (in this case 10.0.0.0) you need to use NAT tables, but how do you set up a VPN where you link multiple networks where only one subnet overlaps?

Local 192.168.0.0/24
Local 10.0.0.0/24   --> NAT 10.100.0.0/24

Remote 172.16.0.16/29
Remote 10.0.0.0/22 --> NAT 10.200.0.0/22

The problem is (at least on my SonicWALL side) the NAT is either on or off for the policy, and the subnets are grouped and cannot be specified individually in a single policy.  I specify the X0 Subnet (192.168.0.0/24) as my local network, and an address group object that includes both encrypted domains (172.16.0.16/29 & 10.200.0.0/22).  Only the 10.200.0.0/22 subnet is NAT though.

I theorized that I could specify 172.18.0.16/29  on the SonicWALL and have the Cisco ASA side 172.18.0.29 --> NAT 172.16.0.16/29.  

In reverse I would suspect that the Cisco ASA must also do the same …
0
We have a remote site connected to the main office via a site to site VPN.  Main office has a very beefy terminal server with a separate Dell DAS device and a fast coax internet connection.  The remote site has very few internet options.  We're running a 40mb down, 10mb up connection for them now.  The issue we're having is that the users at the remote site have dual 4k resolution monitors and when they are viewing large PDF's of building plans, the scrolling is very slow.  Also, switching between programs on the TS is slow.  We can't lower the screen quality because they need to be able to see the plans at max resolution.  They also access 2 or 3 applications that access a database at the main location.  So once the software opens on the TS, it's much faster than using it over the VPN.  

Would a Sonicwall WAN accelerator help?  What else could I look at doing to increase response times on the terminal server but not reduce image quality?
0
Going through the daily logs on 12 servers is becoming too cumbersome. I working with a small domain including remote offices of about 50 users and less than 100 devices, mostly Windows clients. I looking for a way to aggregate the logs and filter for items that I need to monitor, not the entries that I know I can ignore. Small business = small budget, so my options are somewhat limited and I really don't have the time or energy to implement an enterprise class solution that requires 6 months of training just to understand. So with that said, what are your suggestions?
1
Free Tool: Port Scanner
LVL 12
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

We have 3 wan connections going into a bonder - Bell (200mbps) Rogers (200mbps) and Shaw (150mbps) and then from the bonder into X1 interface of the sonicwal (NSA 3500). From the bonder direct out we are getting about 320mbps (which is not great and we are working with Rogers & Shaw to improve their connections) but from the clients we are only getting a max of 95mbps up and down no matter how many tests we run. I have tried this on the X1 and X2 interface as well as change to the secondary HA unit and I get the same results.

I also plugged in my laptop directly to the Bell connection and was getting about 180 up and down. Plugged into the sonicwall X2 interface and changed my client to use that route and again I was getting a best of 95mbps.

Seems like this problem points to the sonicwall

I have a case open with them but wanted to try and resolve this sooner than later so any help/insight you have would be appreciated!
0
home network devices not finding new SonicWall SOHO Wireless.  It also is not being detected on my phone.
0
I ran the network tool 'IPerf" on 2 PC's that are connected by several GB Switches.  The results are pretty close every time I ran the test, please see below

G:\Downloads\Iperf\From_France\files>iperf.exe -c XXX.XXX.XXX.151
------------------------------------------------------------
Client connecting to XXX.XXX.XXX.151, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  3] local XXX.XXX.XXX.151 port 64114 connected with XXX.XXX.XXX.151 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   719 MBytes   603 Mbits/sec

--------------------------------------------------------

My question is this acceptable for a GB switch network?  I suppose if you take 603 and divide into 719 that is 83%; but, I have no frame of reference.  I would think that the power of the computers make a difference as well; but, can someone explain to me:

Question1: What is considered good bandwidth results for a GB LAN connection?

Question2:  What is considered bad babdwidth results for a GB LAN connection?

Question3:  How can I make a definitive test using Iperf?  or any other utility?
0
I am trying to understand why I don't see the actual configuration when I access the AP via the GUI. in CLI, I can see Radius, TACACS, and other good stuffs. But on the GUI, all I see is the IP address of bvi1. Thanks
0
Windows UNC (SMB) fails across public network. SMB works inside VM, i.e. 192.168.1.104 from/to 192.168.1.108, however, when trying same mount from inside our office to vCloud environment the mount fails. Wireshark shows the 445 packets never arrive and Windows moves on to port 80 which does not work nor is it expected to. vCloud firewall has an any/any permit rule and Wireshark shows the traffic leaving the office network.
0
I have a network with a DrayTek router connecting it to the Internet.

My ISP tells me that I am sending up to 600Mb / hour up to the Intenet at times. I do not use cloud backup or storage. I am concerned that one of my PCs may have been compromised, causing this.

I have installed SmartMonitor from DrayTek, and set the router up to do port mirroring as per their instructions, mirroring all LAN ports and the WAN side too.

Looking at the SmartMonitor report, I can only see reports on downloaded data, so this isn't helping me to diagnose the large amount of uploads.

Can anyone suggest a better way to monitor this?

Thanks,

Richard
0
Why I can only get a complete traceroute on my PC to the remote server and not from my access switch to the server. I can ping 10.210.109.220 without any problem.

traceroute from my PC at the main site to the remote server via MPLS:
C:\Users>tracert 10.210.109.220

Tracing route to 10.210.109.220 over a maximum of 30 hops

  1     2 ms     2 ms     2 ms  10.19.31.253
  2    <1 ms    <1 ms    <1 ms  10.187.250.1
  3    <1 ms    <1 ms    <1 ms  10.187.5.41
  4    20 ms    15 ms    19 ms  10.210.11.86
  5    15 ms    15 ms    15 ms  10.210.10.221
  6    39 ms    36 ms    32 ms  10.210.109.220

traceroute from my L3 switch at the main site to the remote server via MPLS:

L3-sw# traceroute 10.210.109.220
traceroute to 10.210.109.220 (10.210.109.220), 30 hops max, 40 byte packets
 1  10.187.5.41 (10.187.5.41)  0.789 ms  0.793 ms  0.65 ms
 2  10.210.11.82 (10.210.11.82)  5.014 ms  5.063 ms  11.98 ms
 3  10.210.10.221 (10.210.10.221)  21.506 ms  15.497 ms  15.627 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
0
Can I use this chart to calculate as a current bandwidth utilization in the office?    I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.

This is from the palo alto firewall in network monitor option.  The only thing its in bytes.  So if shows 1,200,000M bytes.  Not sure how to translate into Gigabit.
 Network monitor in Palo fw
Please advice.
0
I can see in a packet X-Forwarded-For info such that I can see the original source
address of the packet sent to the front end of my load balancer. Now if I am using
wireshark and I only wanted to see packets with a specific x-forwarded-for value,
how could I do that?
0
Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

What's the best way to check the current bandwidth utilization in the office?  We have have Internet-> PAN fw->juniper switches->users.  Is it something built into those devices to check that or install some app on the top of that, or...
 
I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.
0
Last week, Github was hit with the largest DDOS ever recorded:
https://githubengineering.com/ddos-incident-report/

Akamai Prolexic is who they use for DDOS mitigation and they apparently handled it in stride:
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
0
Hello Everyone,

I have a SoniWALL NSA 3500 that I am trying to configure to open port 8000 for a Network Video Recorder (Hikvision). I want to port forward.  I created an object for port 8000 and then for the internal IP address that the recorder is going to use. I then went through the Public Server Wizard and and entered the internal IP and then the wizard went ahead and added our WAN address and then created the inside, outside and loopback parameters.  For all intents and purposes this should have opened port 8000 once I went through the wizard.  

Issue is when I try accessing from outside (or even inside my LAN network) using our WAN IP and then adding the 8000 suffix (x.x.x.x:8000) it's not reachable.  I believe I should receive at least a SonicWALL test page, correct?  Even if the device is not plugged into the switch yet I should still get something from the SonicWALL I believe.

Can anyone tell me if there is anything else I can do to make sure that port is open?  Web tests still say the port is closed.

Any help would be most appreciated!

Thanks!
0
Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
0
Dear experts,

I came across a situation where I wish to create two subnets as in 192.168.1.1 and 192.169.2.1

The 192.168.1.1 will be my main network which will contains most of the PCs, printers, etc....

The 192.168.2.1 will be my wifi network which all wireless connections such as phones, scanners, etc...

Here is the situation:

1. only have 1 switch with 48 ports (can be configured)
2. one sonicwall firewall  4 ports in back(can be configured)
3. allow the two networks to talk to one another as in if I have a PC in 192.168.1.x and wish to access a wifi device in 192.168.2.x

Here are the things that I wish to get answered and accomplished:
1. I wish to know what will be the "BEST and SIMPLE" configuration to accomplish this task. Thanks!
2. Is it possible to connect all devices into a single switch (the 48 port switch) and have combination of networks like 192.168.1.x and 192.168.2.x together without utilizing the VLAN?
1
Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
 
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Yashy
0

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).