Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy
0
OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Hello,

I am running Debian 9 on Server 2012 R2 Hyper-V. The scnario is that I have 2 physical servers each with a Debian virtual machine.

A) Setup Hyper-v for mirroring

1) The goal is to capture packets so Hyper-v on both is set in monitoring mode.

2) Once the "Destination" settings under the virtual machine network adapter for mirroring is set in the Hyper-v configuration.
I immediately notice that the physical network interface on the server (for the Hyper-v virtual switch) starts increasing rapidly say 70 Mb/s ON BOTH Servers...
 this is good it means that the Hyper-v settings are sane (and of course the Network Configuration on the switch is perfect).

B) Setup Debian for promiscuous mode

1) Here I use:

allow-hotplug eth1
               iface eth1 inet manual
               up ifconfig eth1 promisc up
              down ifconfig eth1 promisc down

Open in new window


and verify with ifconfig as shown below

Debian VM1 on Server1
eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 00:15:5d:15:16:17  txqueuelen 1000  (Ethernet)
        RX packets 5090918  bytes 3090553169 (2.8 GiB)
        RX errors 0  dropped 6  overruns 0  frame 0
        TX packets 89  bytes 7638 (7.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Debian VM2 on Server2
eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 00:15:5d:15:16:17  txqueuelen 1000  (Ethernet)
        RX packets 42094  

Open in new window

0
We are looking for a network monitoring and configuration management tool. More than 90% of our network is HPE (Prourve)/Aruba, and we use Infoblox IPAM.

The options we are looking at currently are HPE IMC, Infoblox NetMRI and SolarWinds.

At the moment cost has priority over nice to have features, so cut down versions of the above would also be one way to go. We have bout 600 switches and growing.


What we absolutely need in terms of features:

device inventory
device state  - basically being able to see if a switch is down
switch configuration backup as a scheduled task

Provided the above is covered, it would be nice to have:

network map with L3/L2 overlays
loop detection
device configuration compliance (to a set of policies and/or predefined baseline configuration)
device configuration comparison (side by side)
device configuration deployment
firmware inventory
firmware installation

Anything else that would be useful that you can recommend?


Thank you!
0
We get calls from people who cannot get to a website, say cnn.com.  The cursor will just spin and the request will time out.  This happens intermittently.  We called level 2 support, and they claim that the requests are not hitting their gateway, but I am not sure this is the case.  I'd like to provide some hard data to level 2 support with a tool like wireshark, but I don't know how to interpret wireshark.

Is there a tool that is a bit simpler than wireshark that can tell me where exactly where the hold up is?  I have looked at a tool called DNSQuerySniffer, but it looks like it stops at my internal DNS server.  I have also tried a simple tracert, but tracert hops timeout on sites that are working, so they are not reliable.  

We do have company internet filters in place (fortinet), but they are managed at level 2 so I don't have access to their logs.  I am also told that there are a few old DNS server records in my forward lookup zones, but they have been there long before this problem began.  

Thank you!!
0
Hi

I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.

We have ordered an internet connection on premise.

We want to keep our Layer 2 connection and make use of it somehow.

We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
0
Hi Guys,
I observed big amount of no buffer drops on my interface facing internet, on my C2911 Router, howerver, I don't see any failed or a lot of missed packets in the buffer counters.
What could be the reason for it?

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 42/255, rxload 122/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 100Mbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/76 (size/max/drops/flushes); Total output drops: 3631582
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 48118000 bits/sec, 6878 packets/sec
  5 minute output rate 16759000 bits/sec, 3252 packets/sec
     4022440271 packets input, 4092734377 bytes, 3631387 no buffer
     Received 6062 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     592 input errors, 0 CRC, 0 frame, 592 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     1319074480 packets output, 2459248571 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     1 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped …
0
I have 3 switches. I have 1 vtp mode server (A) and 2 transparent (B & C). I changed the B & C from transparent to client. I added another vlan on A. But only B updated its vlan database. I am not sure why C did not. A is directly connected to B via copper. B is connected to  C via fiber.
0
how reduce Lsass.exe bandwidth traffic because it is very high and take a lot  of internet connection bandwidth?
0
hello,
how I can log all mikrotik traffic to prtg or any other software so I can know the connections logs.
thanks.
0
Hi,

I’m hoping to get some ideas on this one. I’m having some intermittent latency and sometimes dropouts on the network, which consists of mostly Cisco SX300 switches.

When the latency or dropout happens, the CPU utilisation of the core SG300 Switch would be over 40%. I have been told the issue is caused by spanning tree and turning global spanning tree off on the core switch does help, however, I think it is not the spanning tree or it is more that just the spanning tree.

What other things could I look into in finding the cause?

Any help appreciated!

Jonathan
1
Become a CompTIA Certified Healthcare IT Tech
LVL 13
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
0
Port 5083 : Qpur File Protocol
Can somebody tell me for what purpose is this service used for?
1
I need to do an Enterprise Architecture maturity assessment using TOGAF framework. Can anyone who has done something similar give me guidance on best way to approach this.
Over all approach
Red flag points
Action points

Thank you for your help.

J
0
Hi... Can anyone tell me what is this Simple Network Audio Protocol running on port 4752 ? Thanks
0
I have 10mbps links between my locations and we have been experiencing network latency, primarily in the afternoons. I contacted my ISP and they were rather tight-lipped about what traffic was causing the problem. It took 8 months, countless tickets, and repeated threats to finally get the small amount of information that I have- that the primary network congestion is being caused by 4 domain controllers communicating with a domain controller in the hub of our network. I have modified the link costing and replication schedules and am pulling utilization reports tomorrow. I am going to run a packet capture with Wireshark. It is going to run from a desktop computer connected to a port that monitors the MPLS pot and filter by IP address for each of the DC’s communicating back to the hub. What should I look for in the capture that might indicate the source of what is flooding the network?
0
Dear Experts, I'm testing the SPAN feature in Switch Cisco 3750. This is the diagram:

SPAN.png
This is configuration on Core SW:

monitor session 1 source vlan 55 both
monitor session 1 destination interface g1/0/13

Open in new window


It seems like working but the whole vlan 18 was hang, so I could NOT access the PC which was installed wireshark. How can I fix it? Can we just mirror traffic from some IP addresses, not all VLAN?

Many thanks as always!
0
Dear experts,

I am new to the DNS and DNS load test. Now i have task to test Load Test on two BIND9 servers [RHEL6]. I had googled it and i found dnspref is good tool to evaluate throughput and latency. However, I need a script to do this task. I will be very helpful for me if any one share the info.

thanks,
Maddy..
0
As you can see from the attached diagram, site2 communicates with site1 via the pt-to-pt link as the primary. The MPLS is the backup link.

To get to the public server 1.1.1.1, site2 10.10.10.3.13 is going through site1. core1 redistribute static via EIGRP. and site2 learns the DG via EIGRP.

What I'd like to do is to reroute the DG  of site2 to FW2 when 10.100.3.13 or 10.100.3.14 fails. How would I go by accomplish this? Thanks

Capture.JPG
0
Hi

i configured OSPF between cisco ASR and Juniper router (service Provider).

OSPF neighbour has formed and exchange routes.

but ASR is logging a message " Cannot see ourself in hello from <juniper router id>, state INIT"

This is not happening all the time. its happening randomly once or twic a week. Mostly happening duing the peak hours of the business (but traffic is not hitting the maxium BW).

Due to this i can see some of the remote sites having high latency connecting to the DC for 2 -3 min and then when OSPF is normal the high latency is goiing away.

Not sure why the OSPF is flapping. Any particular config i need to add between juniper and Cisco ASR to Work.

regards
Logesh
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I need to capture TCP/UDP packets to and from an Azure VM that is in production. I can not put Wireshark on this VM that is in production What can I do?  We do own that Azure VM.  We are trying to analyze why there is loss information between the VM and our hardware device.
0
I have 3 WS-C3550-48-SMI and they are connected to each other via 1000BaseCX Gigastack. But they are only half-duplex. My users are experiencing slow response. Could it be because of those trunks with half-duplex?


sh int status
Port      Name                      Status           Vlan       Duplex      Speed      Type
Gi0/1     Switch A & C       connected    trunk      a-half        a-1000      1000BaseCX Gigastack
0
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
0
Hi Guys,

 I am trying to use hyper-v extended port acl's as a basic form of firewalling for vms on hyper-v server 2016

My goal is simply to limit incoming connections while generally allowing outgoing traffic (and return traffic).

In essence we are allowing incoming http(s) and dns replies. All outgoing tcp traffic is marked as stateful.

We use the following acl's (cleaned up slightly for readability)
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Deny" -Direction "Inbound" -Weight 20
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -Weight 30 -Protocol 1
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 80  -Protocol "TCP" -Weight 60
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 443  -Protocol "TCP" -Weight 70
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -RemoteIPAddress "8.8.8.8/32" -RemotePort "53" -Weight 130
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Outbound" -Protocol "TCP" -Stateful $True -Weight 150

Open in new window

The issue is as soon as the last stateful entry is added significant latency is observed to the point of things becoming useless.

In the cisco switch acl world you would simply look for the established flag for the packet.

Is there a way we can achieve the same here without incurring these severe performance penalties? Am I doing it completely wrong?

thanks for any insight.
0
I have a network with a DrayTek router connecting it to the Internet.

My ISP tells me that I am sending up to 600Mb / hour up to the Intenet at times. I do not use cloud backup or storage. I am concerned that one of my PCs may have been compromised, causing this.

I have installed SmartMonitor from DrayTek, and set the router up to do port mirroring as per their instructions, mirroring all LAN ports and the WAN side too.

Looking at the SmartMonitor report, I can only see reports on downloaded data, so this isn't helping me to diagnose the large amount of uploads.

Can anyone suggest a better way to monitor this?

Thanks,

Richard
0
Why I can only get a complete traceroute on my PC to the remote server and not from my access switch to the server. I can ping 10.210.109.220 without any problem.

traceroute from my PC at the main site to the remote server via MPLS:
C:\Users>tracert 10.210.109.220

Tracing route to 10.210.109.220 over a maximum of 30 hops

  1     2 ms     2 ms     2 ms  10.19.31.253
  2    <1 ms    <1 ms    <1 ms  10.187.250.1
  3    <1 ms    <1 ms    <1 ms  10.187.5.41
  4    20 ms    15 ms    19 ms  10.210.11.86
  5    15 ms    15 ms    15 ms  10.210.10.221
  6    39 ms    36 ms    32 ms  10.210.109.220

traceroute from my L3 switch at the main site to the remote server via MPLS:

L3-sw# traceroute 10.210.109.220
traceroute to 10.210.109.220 (10.210.109.220), 30 hops max, 40 byte packets
 1  10.187.5.41 (10.187.5.41)  0.789 ms  0.793 ms  0.65 ms
 2  10.210.11.82 (10.210.11.82)  5.014 ms  5.063 ms  11.98 ms
 3  10.210.10.221 (10.210.10.221)  21.506 ms  15.497 ms  15.627 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
0

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).