What "Network discovery .... software" do you recommend that will do something like https://www.solarwinds.com/engineers-toolset ?

Details
 1. Users =50
 2. VLAN = 1
 3. OS = Windows 10 Pro
 4. Switches = HP, willing to purchase NEWER models since mine are OLD
 5. Cost = under $500 if possible, but OK if more

A client of ours has two windows web application servers (virtual on VMware) and a DB server (physical) with MSSQL 13.0.5366.0, all three located at a hosting provider. Few weeks back the app servers started periodically having trouble to login to the DB server (They use OLEDB "SQL Server native Client 11.0"). That happens not always but periodically, 3-4 times a day.
Running "ping -t db" does not show any interruptions.

I wrote a simple script which tries to execute a simple SQL query every 10 seconds, and if it fails record the error the OLEDB produces to a log file plus it runs the command "ping db" redirecting the output to the same log file. The script is  running on all three servers (2 apps and 1 db). Only the app servers have records of lost connectivity, not the db server!

Here is a record stored recently:

1/2/2020 9:47:44 AM Error: Login timeout expired (80004005) Microsoft SQL Server Native Client 11.0

Pinging db [172.16.30.80] with 32 bytes of data:
Reply from 172.16.30.80: bytes=32 time<1ms TTL=128
Reply from 172.16.30.80: bytes=32 time<1ms TTL=128
Reply from 172.16.30.80: bytes=32 time<1ms TTL=128
Reply from 172.16.30.80: bytes=32 time<1ms TTL=128

Ping statistics for 172.16.30.80:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Select all Open in new window

So, it shows that ping is just fine right after the login error occurs. Also, I tried manually do the command "telnet db 1433", a connection was established just fine.

Again, no errors from the same script running on the db server.

Connection string:

Provider=SQLNCLI11.1;Password=<password>;Persist Security Info=True;User ID=<user id>;Data Source=db;Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=STG-WEB;Use Encryption for Data=False;Tag with column collation when possible=False;MARS Connection=False;DataTypeCompatibility=0;Trust Server Certificate=False;Application Intent=READWRITE

Select all Open in new window

Please help!

One of our staff users  is having an issue with any website on any of our 3 dedicated Pair networks servers being unusable slow, almost to non-functionality.... none of the rest of us are seeing any issue whatsoever. She says all other websites load fine... its just websites on our 3 web servers that are very very slow, almost unusable. Have you ever heard of something like that? She uses a Mac, has emptied all cache, rebooted, speed tests, the works, everything is fine for her except the sites she visits on our 3 web servers. We are not all at the same IP... she works from home, like a few of us do, and shes the only one with an issue. Pair says they see nothing wrong.

We are troubleshooting  and phantom problem on our WAN, where the network drops off for some of our school districts about 1 time a day for less than a couple minutes. We are using  wireshark/tshark to run packet captures, via  a script that launches if a ping response fails to any of our targets. Support for the network indicates they are seeing warnings by wireshark  of duplicate IP addresses for a few IPs. They feel that issue is part of our problem but the conflicting IPs are on entirely different vlans from point A to point B. Is this simply a limitation of wireshark not recognizing the separate vlans? Is there a way to make wireshark aware with the proper capture flags, or is there really a concern about the conflicting IPs.  According to Fortinet, we have set things up correctly and it makes sense to me that there should not be an issue as long as different vlans are used. (many of our school districts use the same LAN subnet addressing)

I appreciate any insight on this issue.

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks

Hi,

We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

Thanks

Hello, I am aware that classful network addressing is a thing of the past and there are 5 classes.
            Prefix
Class A       0
Class B       10
Class C       110
Class D       1110
Class E       1111

If we wanted 9 Classes I’m trying to find the leading bits. Is this possible?

Thanks.

Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
packet-dissection.csv
packets---Copy.txt

Plugged in two network switches to my LAN. They were being used for Comcast Voice previous to today. Now, I have workstations that are having their DNS server address changed to the firewall IP address. The DHCP scope tells them to go to 192.168.1.210, but they are changing to 192.168.1.1.
I can't find any rogue DHCP servers on the network.
Any ideas on areas I could check to see what is telling the computers to change their IP on the DNS server through DHCP?

When we connect via Wireless, those computers aren't impacted.
Only happening on the LAN (ethernet) segment from what I can tell.

Have a Fortigate Firewall
Have Fortiswitches
Have a Cisco SG300-24P
Have a TP Link T1600-52P switch

I checked both switches and both have DHCP server disabled
Both are set to DHCP to pick up a IP
I did have to login to change the IP on the TP-Link
It was defaulted to 192.168.0.1
I had to alter that to 192.168.1.1

Verified firmware is up to date.

The only thing I did yesterday was to plug the phone switches into the Ethernet LAN as the phones would now be using our LAN for IP Addressing and such.
Is there a way to see what's handing out or distributing the 192.168.1.1 for "DNS Server" setting to workstations?

The DHCP server has been 192.168.1.210
But now, on the clients (anything not statically assigned) its showing up as 192.168.1.1

I don't see any other DHCP servers on the network. I am trying to use Wireshark to examine the LAN to see if this is the …

I have an Extreme Switch that is capable of port monitoring.
I'll be using a laptop to connect to port 11 on this switch.  I'll be monitoring port 13 that has a VOIP switch plugged in to it.  The purpose is to capture the traffic of the VOIP switch because that VOIP switch is losing connectivity to our network at random.
On the Extreme switch, all I have to do is select port 11 as the "monitoring" port and select port 13 as the port I want to monitor.  This part is easy enough.
I'd like to use Wireshark as the utility to capture the traffic.  Installing Wireshark on the laptop I'll be plugging in to port 11 is no problem.  However, tutorials I've seen so far are not specific enough to tell me "how to" set up Wireshark to capture/store the traffic that's traveling across port 13.
Please advise.

How do you become certified/qualified to do SOC 2 audits? When I try to search this
on google the borg assumes I'm looking to pay someone to audit my company.
I'm looking for - if you wanted to be an auditor of companies to assure their
SOC 2 compliance, what process would you need to go through?