[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

Port 5083 : Qpur File Protocol
Can somebody tell me for what purpose is this service used for?
Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.
Consider the below scenario

userPC---- firewall --- Destination-server

I have installed some software on the server, the service  of that software is using port # 301.

1) Scenario...
      Firewall defined
      server#  service UP
        userPC# telnet 301  --> user get reply

      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.
Hi... Can anyone tell me what is this Simple Network Audio Protocol running on port 4752 ? Thanks
I have 10mbps links between my locations and we have been experiencing network latency, primarily in the afternoons. I contacted my ISP and they were rather tight-lipped about what traffic was causing the problem. It took 8 months, countless tickets, and repeated threats to finally get the small amount of information that I have- that the primary network congestion is being caused by 4 domain controllers communicating with a domain controller in the hub of our network. I have modified the link costing and replication schedules and am pulling utilization reports tomorrow. I am going to run a packet capture with Wireshark. It is going to run from a desktop computer connected to a port that monitors the MPLS pot and filter by IP address for each of the DC’s communicating back to the hub. What should I look for in the capture that might indicate the source of what is flooding the network?
Dear Experts, I'm testing the SPAN feature in Switch Cisco 3750. This is the diagram:

This is configuration on Core SW:

monitor session 1 source vlan 55 both
monitor session 1 destination interface g1/0/13

Open in new window

It seems like working but the whole vlan 18 was hang, so I could NOT access the PC which was installed wireshark. How can I fix it? Can we just mirror traffic from some IP addresses, not all VLAN?

Many thanks as always!
Dear experts,

I am new to the DNS and DNS load test. Now i have task to test Load Test on two BIND9 servers [RHEL6]. I had googled it and i found dnspref is good tool to evaluate throughput and latency. However, I need a script to do this task. I will be very helpful for me if any one share the info.

As you can see from the attached diagram, site2 communicates with site1 via the pt-to-pt link as the primary. The MPLS is the backup link.

To get to the public server, site2 is going through site1. core1 redistribute static via EIGRP. and site2 learns the DG via EIGRP.

What I'd like to do is to reroute the DG  of site2 to FW2 when or fails. How would I go by accomplish this? Thanks


i configured OSPF between cisco ASR and Juniper router (service Provider).

OSPF neighbour has formed and exchange routes.

but ASR is logging a message " Cannot see ourself in hello from <juniper router id>, state INIT"

This is not happening all the time. its happening randomly once or twic a week. Mostly happening duing the peak hours of the business (but traffic is not hitting the maxium BW).

Due to this i can see some of the remote sites having high latency connecting to the DC for 2 -3 min and then when OSPF is normal the high latency is goiing away.

Not sure why the OSPF is flapping. Any particular config i need to add between juniper and Cisco ASR to Work.

I need to capture TCP/UDP packets to and from an Azure VM that is in production. I can not put Wireshark on this VM that is in production What can I do?  We do own that Azure VM.  We are trying to analyze why there is loss information between the VM and our hardware device.
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I have 3 WS-C3550-48-SMI and they are connected to each other via 1000BaseCX Gigastack. But they are only half-duplex. My users are experiencing slow response. Could it be because of those trunks with half-duplex?

sh int status
Port      Name                      Status           Vlan       Duplex      Speed      Type
Gi0/1     Switch A & C       connected    trunk      a-half        a-1000      1000BaseCX Gigastack
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
Hi Guys,

 I am trying to use hyper-v extended port acl's as a basic form of firewalling for vms on hyper-v server 2016

My goal is simply to limit incoming connections while generally allowing outgoing traffic (and return traffic).

In essence we are allowing incoming http(s) and dns replies. All outgoing tcp traffic is marked as stateful.

We use the following acl's (cleaned up slightly for readability)
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Deny" -Direction "Inbound" -Weight 20
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -Weight 30 -Protocol 1
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 80  -Protocol "TCP" -Weight 60
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 443  -Protocol "TCP" -Weight 70
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -RemoteIPAddress "" -RemotePort "53" -Weight 130
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Outbound" -Protocol "TCP" -Stateful $True -Weight 150

Open in new window

The issue is as soon as the last stateful entry is added significant latency is observed to the point of things becoming useless.

In the cisco switch acl world you would simply look for the established flag for the packet.

Is there a way we can achieve the same here without incurring these severe performance penalties? Am I doing it completely wrong?

thanks for any insight.
I have a network with a DrayTek router connecting it to the Internet.

My ISP tells me that I am sending up to 600Mb / hour up to the Intenet at times. I do not use cloud backup or storage. I am concerned that one of my PCs may have been compromised, causing this.

I have installed SmartMonitor from DrayTek, and set the router up to do port mirroring as per their instructions, mirroring all LAN ports and the WAN side too.

Looking at the SmartMonitor report, I can only see reports on downloaded data, so this isn't helping me to diagnose the large amount of uploads.

Can anyone suggest a better way to monitor this?


Why I can only get a complete traceroute on my PC to the remote server and not from my access switch to the server. I can ping without any problem.

traceroute from my PC at the main site to the remote server via MPLS:

Tracing route to over a maximum of 30 hops

  1     2 ms     2 ms     2 ms
  2    <1 ms    <1 ms    <1 ms
  3    <1 ms    <1 ms    <1 ms
  4    20 ms    15 ms    19 ms
  5    15 ms    15 ms    15 ms
  6    39 ms    36 ms    32 ms

traceroute from my L3 switch at the main site to the remote server via MPLS:

L3-sw# traceroute
traceroute to (, 30 hops max, 40 byte packets
 1 (  0.789 ms  0.793 ms  0.65 ms
 2 (  5.014 ms  5.063 ms  11.98 ms
 3 (  21.506 ms  15.497 ms  15.627 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
Hello Everyone,

We are thinking about upgrading our Cisco 801.11n wifi  access point to Ubiquiti Unifi UAP-AC-HD Access point. We bought a test unit and very easy to setup and all in one central management robust unifi controller, we have 100m up/down internet from TWC. During our LAN speed test we are getting about 80 mb/s up and 90 down, which is normal. when we test it on the new Ubiquiti wireless access point , we are getting speed of 32-34 mbps and upload getting to 90mbps on a 5ghz band. on a 2.4ghz band we are getting about 16mbps down and 80-90mbps up. Our current network configurations example is attached. We have contacted Ubiquiti and support doesn't seem to know what went wrong still waiting for their engineer to reply. all switches are in full duplex speed. We are suspecting the firewall is filtering traffics by design, and if so, we would like to know if there is a way to fix this.

Any help in unraveling this issue would be greatly appreciated.
I use FreeBSD ipfw, I want to measure current speed in bytes per second and packets per second for monitoring.
If I have a pipe and two queues in it, ipfw doesn't give current speed when executing 'show'. If I try to measure speed by counters (ipfw rules), I don't get real speed because counters measure queue input, some packets can be dropped in queue or pipe.
Please, help.
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      


We are running an intranet in our organization...now we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
Introduction to R
LVL 12
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

For the bandwidth utilization, is it valid to say 10% line utilization on a 1Gbps (1000 Mbps) link is the same as 1% on a 100Mbps. Thx
I am working on an application where I need to pick up ARP requests.  

My train of thought was to put the Network Adapter into promiscuous mode and process packets as they come in.  As I've done this previously with syslog and netflow packets, I though it would be straightforward....  NOT!

A quick search finds example code to sniff promiscuously (and there's a few out there).  They all seem to use the IP header to say whether the encapsulated is TCP or UDP.  This lets you filter by IP address, port etc.


An ARP packet doesn't have a destination IP address.  It doesn't even have an IP header, it is just 60 bytes as per this link:


My question is:
I don't know how to listen/filter for an arp packet.  

If someone could just help me listen for and get the ARP requests, I can work with the packet data to get the information I want.
I have been trying to work with Sonicwall support on this issue and have made no progress.  We have been using the appliance in the past with split tunnel enabled but, due to security requirements, we can no longer allow split tunnel.  If we turn it off,  remote users can access internal resources we have configured, but cannot access anything on the Internet. It seems that we need to create a resource which is "anything" on the Internet but we don't know how to do that. We don't see any kind of wild card options.  We have not given our users access to "Any" resource.  We need to specifically define the resource they have access to.  We need an "Internet" resource and then we can give them access to that.  Is this possible.  Or, is there some other way to approach this?

Sonicwall support had us upgrade the firmware to 11.40-468 with the 708 hotfixes but that did not create an options for resolving this requirement.
i.ve scom 2016 and need to specify some service that i need to show using the visio to make dashboard. so if i need to check health of the DNS service in my 3 domains how can i do that and shall i choose. also if  i need to check the status of my DHCP subnets can i do that?
i'm using visio 2013 and the scom addin installed but it's for system centre 2012 does it make any effect?
also if i need to just click on the service from the visio should it gives me the status of this object only?
Hi Guys,

Last week I tried to upgrade our edge 3750X switch (two switches in a stack), from c3750e-universalk9-mz.152-2.E.bin to c3750e-universalk9-mz.152-4.E5.bin.

Previously I copied the new IOS to both flash: and flash2: from TFTP, ran command 'boot system switch all flash:c3750e-universalk9-mz.152-4.E5.bin, and then 'wr mem'.

Later I consoled into the master switch and reloaded. The master switch booted into the new image successfully, but the member switch got stuck in a booting loop. The new IOS was loading, and went nearly to the end, and the master switch could see the member at some point. Then the process started all over again, and it was endless!

I tried powering the member switch off, and then on again - still the same. Tried removing stacking cables, and restarting - still no joy. Then booted the member into SWITCH: prompt, and then into the previous IOS - still a loop! I didn't know what else I could try, so at the end I powered the offending switch off and left it as it was (as the master switch was providing all the services).

Please could you advise how to resolve this issue? Any advice would be appreciated.


I had this question after viewing UUID for OEM Bios no embedded Ethernet mac address , after vista II OS , is it protecting or abnormal ?.


This topic case can be closed as:

UUID is modifiable feature as many as no limited with motherboard changed .  Vista II DUID with IPv6 can not be changed followed rules of NIC and IANA.

Question recreated as:
Vista II DUID ahead of dhcpv6 valid from my ISP Apr. 2014 , broadcasting to the networks, taken away authentication  and rollback me as its client of "server" .  ISP prolonging for treating this since 2012 with dhcpv4 only to later it having had dhpv6 .  The Modem.ISP only can release an fe80:: layer IPv6 to the gateway and as dns.ipv6 by the ipcfg /all command reported.

Whose DHCPv6 broadcasting DUID embedded OEM motherboard.mac replaced off and lost ?
ipcfg modem dns
Gateway assigned fe80:: local layer IPv6 from the stranger upper device , unauthenticated "Server"  device / platform?
modem gateway IPv6 fe80::

Your writing  back are expected on  how to modify this and calculate the mass caused inside the complexity .  Let have a valid IPv6 directly from ISP.   ISP routering service not relied these years by 1996 , because the poor firewall and account Username duplicated in high/low case. While the local wireless …

Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).