Network Analysis

8K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

I have an HP EliteBook 8730w HP machine with XP SP3.  The NIC is a 82567LM Gigabit.  Wireshark Version 1.6.1 is seeing a flood (packet ea/.001068 seconds +/-) of protocol 0x8899 Ethernet II packets (All outgoing; no responses).  Packet length ranges from 64 to about 1499 or 1518 packets long. The problem I have is that I cannot find the Source MAC on my (small home) network (I have tried several MAC scanners), nor do I know anything about the destination address.

Source:  f8:c0:01:7c:65:cc
Destination: Dell_79:08:f2 (00:19:b9:79:08:f2)
Type: Unknown (0x8899), Ethernet II
Data (1504 bytes)
5 lines of data:
0010   88 64 11 00 14 ef 05 d6 00 21 45 40 05 d4 ac 25  .d.......!E@...%
0020   20 00 36 11 54 58 47 13 fb f9 61 73 b9 db a0 e1   .6.TXG...as....
0030   c9 be 05 cd 4b 14 32 bb 81 3a 22 b9 5d 95 21 4e  ....K.2..:".].!N
0040   6d 27 cb 53 59 65 0b 8d 75 33 cb ab f9 de 7e 52  m'.SYe..u3....~R
0050   32 57 86 24 53 27 ee 64 20 41 72 31 20 11 2a 43  2W.$S'.d Ar1 .*C
.
.

So, I have no such source or destination MAC on my network (that I can tell) , am seeing  an ongoing flood  of data anytime day/night.  To my knowledge, I have no Dell equipment on my network (two printers, 4-5 computers, a couple of Smart phones, and several Security DVRs).  Most computers behind one or more switches.  I am certain that I have no Realtek routers/switches or anything that might be using a managed protocol i.e. Realtek Remote Control Protocol (RRCP) Type 0x8899.
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

We are having some "unspecified network issues" between a Windows Vista and Windows 10 computer.  

As we are trying to eliminate causes one by one.  The ping times between these two wired computers will go from less than 1ms up to 15ms with 90%+ of the them being single digits or below 1ms.  

Is this normal?
0
How can I test the speed between two computers on the network?
0
Can someone please recommend a good SNMP monitoring software - preferably free
0
Looking for a application I caN check out my network to see if there is a issue in loss of connects delays slow connection and if, which point and what application. Any recommendations but not something that should break my pocket.
0
Hello,

We are pinging a network device from a Lunix computer and see there is an indication of packet drops - see screenshot.  

I disconnect the network cable of the ping target device and I do not any ping response to that IP.  

What can I do to troubleshoot?

Thanks.
packetlost.png
0
We currently have a Dell Sonic Firewall that is our firewall as well as our company router.  This is our main router for all of our sites in the company.  We have 16.  We implemented through our EMR (Electronic Medical Records) software an upload to a billing company.  They in turn configure and print bills and send them out to our customers.  This has worked fine for over two years.  When this was implemented, we were not required to make any firewall changes at all.

A week ago, the user doing this procedure received an error that the file could not be uploaded.  She called the EMR company, who in their effort to troubleshoot the problem, changed the upload method from ftp to sftp.  She then tried to upload and she got an additional error that port 22 was unable to send.  Seeing that error, the EMR said that the problem has to do with our firewall.  I spoke with the billing company who tried to do a trace route to our external IP.  They were unsuccessful, but I was able to do a trace route to them.  The only caveat is that the user can do this procedure from home with no problem.

I am willing to make firewall changes if necessary, I just don't know what they would be or why it is necessary now, if no one has made any changes other than the upload method from ftp to sftp.

Please help.  I am desperate.
0
what is the difference between nagios and centreon, are they technically both the same
0
How to monitor services on your network and why?
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized in this video is NetCrunch network monitor, available at adremsoft.com.
0
Network monitoring: how to automate fixing common network or server issues?
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network. This brief tutorial shows where to find this feature in NetCrunch network monitor and gives you real-case scenarios where Automatic Corrective Actions can be utilized to automate fixing common network or server problems.
0
Watch the Recording: Learning MySQL 5.7
LVL 2
 Watch the Recording: Learning MySQL 5.7

MySQL 5.7 has a lot of new features. If you've dabbled with an older version of MySQL, it is definitely worth learning.

NetCrunch network monitor live walk-through
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philosophy behind our unique policy-based approach, as well as to see the user interface of NetCrunch 9.3.
0
I'm sure I have done something wrong here. This is such a basic config. Can you tell me why my router can communicate outside, but my PCs cannot?

!
! Last configuration change at 17:48:41 UTC Sat Jun 10 2017
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MYROUTER
!
boot-start-marker
boot-end-marker
!
enable secret 5 <obscured>
enable password <obscured>
!
no aaa new-model
!
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 20
dot11 syslog
ip source-route
no ip routing
!
!
!
!
no ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
license udi pid CISCO1841 sn FTX1104Z0BG
!
redundancy
!
!
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description OUTSIDE
 ip address dhcp
 ip nat outside
 no ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description INSIDE
 ip address 172.16.254.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 speed auto
 half-duplex
 no cdp enable
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip route-cache
 shutdown
 no atm ilmi-keepalive
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 101 permit ip any any
no cdp run

!
!
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
 

Open in new window

0
How to see a live map of your network in NetCrunch network monitor
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to find this feature.
0
What makes NetCrunch network monitoring system unique?
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special.

  • It's completely agentless, but does let you create an agent, if you desire.
  • It offers powerful scalability on a single machine and requires only 4GB of RAM and 4 cores, which can be on a VM.
  • It's rule-based: it has monitoring packs, which are sets of rules for alerts. These can be applied by policy to any number grouping of nodes. This makes monitoring larger networks a breeze.
  • It has a pending alerts view, which shows you all the current problems that you have in your network instead of making you dig through the event log.
  • It's great at presenting live data. Your data can be shown on dashboards, live widgets or on custom views. On top of that, it's optimised for a multi-screen NOC room setting.
  • It supports all major operating systems and SNMP. There's also an extension protocol, that lets you write your own scripts and fit data in.
  • It comes with an embedded database so there's no requirement for additional administration or licensing.
  • There's no limit on a size or length of time to keep your performance data.
  • It runs on Windows and is very stable. Some of our clients are running version 5, which is over 7 years old!
  • It has simple, node-based licensing - just count the number of nodes you have. There's no limit on the number of elements, counters or sensors.
0
Hi All Expert,

Good Day.

I have a client from my company which it having network laggy issue, the lag is from the warehouse office and the HQ office is not having issue. My boss blame the ISP for the lag, software at the warehouse office is very laggy and the software team blames the network on the warehouse. But when I do a speed test it's actually getting the correct speed, I use one of the user pc to ping my server(HQ) and it's getting high ping around 170-180, from my server pinging the user at warehouse also getting this ping result. I have restarted the server before also same, pinging the firewall is low ping. Appreciate if any expert can advise me on.

Many Thanks!
0
Greetings,
I've fumbled around doing research on this issue, but am no closer to figuring it out.  In short, I am trying to access www.bcid.org from inside their office network and cannot. They are on a domain by the name of bcid.org and connected to a single Windows 2008 R2 server (that I did not set up).  The site can be accessed from outside the network and is hosted externally.

When I browse to the website in a browser, I get the error:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

When I ping www.bcid.org, I get the IP address (64.224.215.186) but the requests time out.  As a test, I've tried changing a workstation's DNS to 8.8.8.8 / 8.8.4.4 but still get the same issue.  I also flushed the DNS with no change.  I tried changing  the local hosts file on this workstation but also didn't see a change after adding a line for 64.224.215.186 www.bcid.org.  I just did an NSlookup from this workstation and got the server as the Google DNS server  and the Non-authoritative answer as:
www.bcid.org.bcid.org
64.224.215.186

I'm at a loss as to where to go from here or what the issue even is.  Thanks!
0
I'd like to test network bandwidth between 2 offices.   Can someone suggest a good tool I could use between the 2 computers?

Thanks,
0
Let me start off by saying I'm in no way shape or form a network engineer. I am an IT Generalist and I'm in the process of trying to figure out why some remote IP phones have stopped working for a client. I don't want to get too into the weeds, but I've looked at and compared traffic from working equipment to this non working system. What I've seemed to have boiled it down to is:

Working: Phone tries to communicate on Port 6801 with server, server sends RST, ACK - phone then tries Port 6802 - same. Finally phone tries port 6800 and everything works fine.

Non-working: Phone tries to communicate on Port 6801, receives back a RST (without ACK). Phone continually tries to communicate on port 6801 until it reboots and starts over.

I've captured traffic at the server, at the firewall and at the phone. It seems like the packets are leaving the server as RST, ACK, leaving the Firewall as RST, ACK but arriving at the remote location as RST.

I'm looking for ideas on what could cause this?
0
Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in
0
Get MongoDB database support online, now!
LVL 2
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Hi guys

Those of you who have used network monitoring tools to get an idea of everything going on your network, what do you use? Have you got an idea of what Datadog is like?

Cheers
Yashy
0
I have a NETGEAR ProSAFE GS748T 48-Port switch (BRAND NEW). I also have a 5 port netgear switch for two workstations. All cabling is Cat 5e. Some workstations are not running at full Gigabit. Some are 100MBPS and I even have one running at 10MBPS. I have updated all NIC drivers, they are all set to auto negotiate, and they are all gigabit nics.
0
I have 2 routers connected to the same MPLS provider. I have the statement maximum-paths 2 under my BGP config. I'd like to know what will happen if I remove it.

router BGP 65001
...
address-family nsap
 maximum-paths 2
exit-address family

Open in new window

0
In a question placed previously regarding slow internet, an EE recommended the use of Acrylic Wi-Fi.  When we placed an image of the display of the apps (see pix below), the EE could recommended to change Channel to CH11, the Band Width to Only 20 MHz and disable WPS.

acrylic
Questions,

  • When running this apps from time to time, what should we look for to improve the connections? (Or be aware of possible "red flags" in our Wi-Fi)
  • We noticed that the "Max Speed" is 300 Mbps and now it went to 144.4 Mbps,
- what can it ba causing this decrease in Mbps?
(we also ran tha apps in another notebook and also 144.4 Mbps)

note, we run under Windows 10
0
Hi

Is there a  open sources tool for CMDB that comply to ITIL

Thanks
0
My router is configured with subinterfaces, s0/0.10 and s0/0.20. I am trying to get the utilization of the physical port g0/0. my gig0/0.10 has 20%. My gig0/0.20 has 20%. Does it mean that my utilization is 40%? Thx
0

Network Analysis

8K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).