Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

hi folks

i am wondering if anyone ever used Cisco WRVS4400N's port mirroring feature to monitor traffic of a given port?

i have tried any individual port or even all ports together as the source, but i still cannot see any mirrored traffic from listening to the specific port (Port 4), as shown below.

Screen-Shot-2017-09-13-at-13.29.04.png
i have no idea why the device doesn't work as expected. do you have any suggestion please?

regards,
bbao
0
Free Tool: Site Down Detector
LVL 10
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have a single workstation on the domain that everyday brings the network to a halt by utilizing the entire bandwidth for the office.  The report from solarwinds shows:  Se0/0/0       216.58.193.174  Gi0/1         -internal ip-     06 01BB C453  7771K.  Any ideas on how to troubleshoot this issue?  I did not find any malware on the workstation, and during most of the traffic burst time the user is not at the keyboard.
0
How set equally load balancing for 3 different ISPs

Please find the exsting config, after this configuration i am unable to get load balancing in order, always traffice goes automaticly from interface FastEthernet0/0/0 every time i dont know why its happing.

Maximum time uses:-
interface FastEthernet0/1 - 20% (4Mbps Link)
interface FastEthernet0/0/0 - 30% (2Mbps LInk)
interface FastEthernet0/0/1  - 50% (2Mbps LInk)

why every time traffice use primery interface as a interface FastEthernet0/0/1, please suggest what need to be changes for traffice move in order, example:-
interface FastEthernet0/1 - 60% (4Mbps Link)
interface FastEthernet0/0/0 - 20% (2Mbps LInk)
interface FastEthernet0/0/1  - 20% (2Mbps LInk)

Router 1 Config:-

interface FastEthernet0/0
 description office_64/5/10_Lan
 ip address 192.168.90.1 255.255.255.0
 ip flow ingress
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description 4Mbps
 ip address 1.1.1.1 255.255.255.0
 delay 1
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description 2Mbps
 ip address 2.2.2.1 255.255.255.0
 delay 2
 duplex auto
 speed auto
!
interface FastEthernet0/0/1
 description 2Mbps
 ip address 3.3.3.1 255.255.255.0
 delay 3
 duplex auto
 speed auto
!
!
router eigrp 100
 variance 2
 network 1.1.1.0 0.0.0.3
 network 2.2.2.0 0.0.0.3
 network 3.3.3.0 0.0.0.3
 network 192.168.90.0

Router 2 Config:-

interface FastEthernet0/0
 description Rack_Lan
 ip address …
0
We are having slowness issues at one of our sites (Site A) which seem to be caused by one particular user (this ends up bottlenecking the entire site).  We are connected by MPLS (At&t).  We have about 40 users at Site A.  Users at Site A connect to 2 things at our Headquarters site.  

1)  File Server (Win2k8r2 Standard)
2)  Exchange server 2007  (Win2k8r2 Standard)

This bottleneck usually happens when someone is transferring big files to our file server or they recreate a new Outlook profile and redownload all their email.  What is the best way to isolate which of these 40 users is causing this?  We have Sonicwalls at all of our sites but I called support and they told me that this is a Layer 2 issue and that the Sonicwall wouldn't show that.
0
Greetings,
I've fumbled around doing research on this issue, but am no closer to figuring it out.  In short, I am trying to access www.bcid.org from inside their office network and cannot. They are on a domain by the name of bcid.org and connected to a single Windows 2008 R2 server (that I did not set up).  The site can be accessed from outside the network and is hosted externally.

When I browse to the website in a browser, I get the error:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

When I ping www.bcid.org, I get the IP address (64.224.215.186) but the requests time out.  As a test, I've tried changing a workstation's DNS to 8.8.8.8 / 8.8.4.4 but still get the same issue.  I also flushed the DNS with no change.  I tried changing  the local hosts file on this workstation but also didn't see a change after adding a line for 64.224.215.186 www.bcid.org.  I just did an NSlookup from this workstation and got the server as the Google DNS server  and the Non-authoritative answer as:
www.bcid.org.bcid.org
64.224.215.186

I'm at a loss as to where to go from here or what the issue even is.  Thanks!
0
Let me start off by saying I'm in no way shape or form a network engineer. I am an IT Generalist and I'm in the process of trying to figure out why some remote IP phones have stopped working for a client. I don't want to get too into the weeds, but I've looked at and compared traffic from working equipment to this non working system. What I've seemed to have boiled it down to is:

Working: Phone tries to communicate on Port 6801 with server, server sends RST, ACK - phone then tries Port 6802 - same. Finally phone tries port 6800 and everything works fine.

Non-working: Phone tries to communicate on Port 6801, receives back a RST (without ACK). Phone continually tries to communicate on port 6801 until it reboots and starts over.

I've captured traffic at the server, at the firewall and at the phone. It seems like the packets are leaving the server as RST, ACK, leaving the Firewall as RST, ACK but arriving at the remote location as RST.

I'm looking for ideas on what could cause this?
0
I have a NETGEAR ProSAFE GS748T 48-Port switch (BRAND NEW). I also have a 5 port netgear switch for two workstations. All cabling is Cat 5e. Some workstations are not running at full Gigabit. Some are 100MBPS and I even have one running at 10MBPS. I have updated all NIC drivers, they are all set to auto negotiate, and they are all gigabit nics.
0
hi team
I have couple of question on packet loss
1.  what all steps we need to take for packet loss
2. what are avialbale tools for checking packet loss
3. what are possibilities  of packet loss
4. what are the parameters to check packet loss
0
The Goal is to Setup a SysLog Server so that a message sent to syslog server with specific  word in it will be archived on a weekly basis.

For this I tried Greylog. I do see the messages coming in but I can't figure out how to automatically extract the message into either a Txt or CSV.

I also skimmed over Splunk but does not seems very intuitive.

Looking for basic features for a small environment.
0
On RH 6 systems running rsyslog 5.8.10 we noticed that if we setup a
client system to use TCP to log to a remote server:
*.*       @@192.168.1.2

Open in new window

If the remote log server is not reachable for some reason no logging takes place, not even local logging to the local system log files.
When the log server is available and rsyslog is restarted  both local logging and remote logging work.   I would like to come up with a config that would ensure that local logging still occurs when  the TCP remote server is down?  I think I need to look at action queues, but was hoping someone could provide an example on how to get this to work.
0
Manage your data center from practically anywhere
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Over the past few weeks my laptop has appeared to be non-responsive. Running speedtests shows the download speed is fine, but the upload will start strong, then the test just seems to hang. I've tried multiple browsers, uninstalled the antivirus, turned off the firewall and Bitdefender but nothing seems to help. Thinking it was the router, I ran a speedtest tethered to my phone, but similar results. Another laptop worked fine with the router as well.

I see no issues in event log, and I tried to update the wireless drivers but it was up to date. I'm not sure what my next step should be.

Thanks for any help.
0
Can anyone recommend best way to monitor network? It is hard to pin point out where the issue is when network suddenly get slows down including wireless network.
0
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off

If below mentioned Value is increasing then what we need to do
input errors,
CRC,
frame,
overrun,
ignored,
abort
0
I have a router a with number of sub-interfaces & vlans

I have applied an ACL to stop one  VALN from accessing the other.

How can I determine this is working from the router itself (Eg how can I try a ping from the 172.22.18.0/24 network to 172.22.19.1)?

The ACL I have applied on the 0.18 interface IN BOUND is

    deny ip 172.22.18.0 0.0.0.255 172.22.0.0 0.0.255.255

Which denies any traffic from the 172.22.18.0/24 network to any 172.22.0.0/16 network. This all works. However if  on the router I try R4331#ping 172.22.24.1 source 172.22.18.1 if is Successful (it should be blocked).

When the PING is done from an actual client to 172.22.24.1 it IS blocked.



AJ

interface GigabitEthernet0/0/0.18
 description 18
 encapsulation dot1Q 18
 ip address 172.22.18.1 255.255.255.0
 ip nat inside
 ip flow monitor OFA-Flow-Monitor input
 ip flow monitor OFA-Flow-Monitor output
 ip access-group 120 in
 no cdp enable
 ip virtual-reassembly

interface GigabitEthernet0/0/0.19
 description 19
 encapsulation dot1Q 19
 ip address 172.22.19.1 255.255.255.0
 ip nat inside
 ip flow monitor OFA-Flow-Monitor input
 ip flow monitor OFA-Flow-Monitor output
 ip access-group 120 in
 no cdp enable
 ip virtual-reassembly
!



 deny ip 172.22.18.0 0.0.0.255 172.22.0.0 0.0.255.255 (applied IN on 0/0/0.18)



Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R4331#ping 172.22.24.1 source 172.22.18.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos 

Open in new window

0
Hello,
We have a network system that loadbalances 2 Vsat 15 Meg lines through a Draytek 2920 and uses a Microtic to get DNS from an ADSL line.
The purpose of this topography is to enable 30 or so PCs to operate on the network without overloading the hughes modem TCP connection limits.

The system worked well for a while but now we have periods of 5 - 10 minutes where no webbrosing can take place and we get timeouts.
The sessions in the Draytek rareley exceed 500 per Wan port so the Hughes (have a limit iof 512) should not be the issue here.
Please advise what I should be looking at on my browser and on the network to try and understand why the page loads are stalling.

My assumption is that this may be a DNS issue, I do however need assistance in using the right tools to diagnose the problem.
0
My network infrastructure includes several thousand hardware devices.  Which application will provide me with the best tracking of hardware devices, Solrwinds or SCCM?  I have the both of them on the network.
0
Dear Experts,

Could you please suggest what are Emerging Technologies especially related to IT Networks.
0
Sir ,I am  master Gaurav Khambayat , I am a Diploma student my group has decided Remote Administration as our Project Topic but we decide to use Wi -Fi instead of using Internet therefore we starting gathering data for it , but we got the conceptual part just like the concepts of VNC,VPN etc. but we did not get any idea for the actual working at the back end .We know that it happens through Ports and we need socket Programming for that but still we are lagging due to insufficient and Incomplete Information ,therefore I am asking for help Would anybody of you can tell me something that where we are Lagging  , pl help us.
0
I am moving from layer 2 to layer 3 between my main connection between 2 building (see picture). Please provide input for the before and after the change of the network. Does it make sense?
Will I have a better response time if I have svi for vlan 20 & vlan 10 on sw2? Because with the after scenario, the intervlan traffic  can be done on sw2-after, rather than go to sw1-after.

Thank you in advance.

picCapture.JPG
0
Nothing ever in the clear!
LVL 1
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

I am not able to get logs in sapphire monitoring tool from our fortinet firewall.
0
I am trying to setup a remote probe but it does not connect to the core server. I have a sonicwall router behind my network.

In the core server I set the following
Probe Connection IPs; All IPs available on this computer
Allow IPs; the ip of the remote network
Mini Probes; Allow Mini Probes to connect to the web server
Access Type; Use the PRTG core service account (usually LOCAL SYSTEM)

On the remote probe I set the following
Server; my external IP
Copied the Access Key from the server to the remote.

It does not show up on the server core

Please help
0
I was looking into building an application that goes out and pulls data from multiple databases (SQL Server and Oracle) and operating systems (Linux and Windows).  Unfortunately, pulling this data requires the application's service accounts to have more access than I would like.

I'm hoping to give IT assurance that the application is not sending out any traffic that will change any data in the source systems.

I have heard of firewalls that will monitor and filter traffic to one database.

I was hoping to do the same thing in a way - except I want one firewall that will monitor and filter traffic going out of this application to multiple databases and operating systems.  I obviously don't know anything about networking, so I don't know if this can be done.  Can one firewall monitor/filter traffic going from one place to multiple other places?

Also, do you all happen to know how much a device like this cost?  Cheaper the better.  Haha

Thanks!
0
I have configured the mirror port on Cisco switch and the Average data-flow in that port is 1 Gbps
i want to run wireshark on this data but my pc is having 100Mbps speed
so is their any way to connect to mirror port to another Cisco switch and divide 1Gbps data flow to 100Mbps X10 port which will connect to 10 100Mbps PC to view all data in wireshark?
0
I am looking for a system/software, that can monitor/audit all changes making in windows OS and network devices. That include who logged in to system and what changes they made etc.. Any recommended software can do this job well?.
0
I have a monitoring system that monitors devices responding up\down based on ICMP or ARP entries initially.  Then, if it is down, it also port scans the device for common ports to determine if the device is up.

The system shows that the device is up.  Based on the logs, it is because it is responding on port 80.   There is no response to PING and no entry in the ARP table (the last of which is confusing me the most).

I have two secondary manual scan tools.  Both seem to indicate the same thing.  

So I ran Wireshark.    I clearly see the ARP request broadcasting for the IP of the remote device and it does not get any response.    Yet I see absolutely no indication of the opening of port 80 on the remote device within Wireshark.    Yet all tools indicate that port 80 is open on the remote device.  

I only have one active NIC on the scanning machine.   It is really throwing off my monitoring and confusing the crap outa me.    How can multiple scan tools from multiple machines all indicate that the port on the remote device in question if open, while I can not get to the machine and Wireshark shows no evidence of that port actually being open?   I was thinking Loopback on the local machine or another machine promiscuously responding, but I see no evidence of either.

Any ideas would be appreciated.
~Jon
0

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).