Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a network with a DrayTek router connecting it to the Internet.

My ISP tells me that I am sending up to 600Mb / hour up to the Intenet at times. I do not use cloud backup or storage. I am concerned that one of my PCs may have been compromised, causing this.

I have installed SmartMonitor from DrayTek, and set the router up to do port mirroring as per their instructions, mirroring all LAN ports and the WAN side too.

Looking at the SmartMonitor report, I can only see reports on downloaded data, so this isn't helping me to diagnose the large amount of uploads.

Can anyone suggest a better way to monitor this?


Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Why I can only get a complete traceroute on my PC to the remote server and not from my access switch to the server. I can ping without any problem.

traceroute from my PC at the main site to the remote server via MPLS:

Tracing route to over a maximum of 30 hops

  1     2 ms     2 ms     2 ms
  2    <1 ms    <1 ms    <1 ms
  3    <1 ms    <1 ms    <1 ms
  4    20 ms    15 ms    19 ms
  5    15 ms    15 ms    15 ms
  6    39 ms    36 ms    32 ms

traceroute from my L3 switch at the main site to the remote server via MPLS:

L3-sw# traceroute
traceroute to (, 30 hops max, 40 byte packets
 1 (  0.789 ms  0.793 ms  0.65 ms
 2 (  5.014 ms  5.063 ms  11.98 ms
 3 (  21.506 ms  15.497 ms  15.627 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
I had this question after viewing accessibility for a client.

I am starting off with a headset with two male connections (one for audio, one for mic) that plugs into a windows 10 laptop. I connect wifi to a residential connection. My family member who has hearing issues can not be present to test often. Right now I am not interested in security so firewall is not important.
Hello Everyone,

We are thinking about upgrading our Cisco 801.11n wifi  access point to Ubiquiti Unifi UAP-AC-HD Access point. We bought a test unit and very easy to setup and all in one central management robust unifi controller, we have 100m up/down internet from TWC. During our LAN speed test we are getting about 80 mb/s up and 90 down, which is normal. when we test it on the new Ubiquiti wireless access point , we are getting speed of 32-34 mbps and upload getting to 90mbps on a 5ghz band. on a 2.4ghz band we are getting about 16mbps down and 80-90mbps up. Our current network configurations example is attached. We have contacted Ubiquiti and support doesn't seem to know what went wrong still waiting for their engineer to reply. all switches are in full duplex speed. We are suspecting the firewall is filtering traffics by design, and if so, we would like to know if there is a way to fix this.

Any help in unraveling this issue would be greatly appreciated.
I use FreeBSD ipfw, I want to measure current speed in bytes per second and packets per second for monitoring.
If I have a pipe and two queues in it, ipfw doesn't give current speed when executing 'show'. If I try to measure speed by counters (ipfw rules), I don't get real speed because counters measure queue input, some packets can be dropped in queue or pipe.
Please, help.
We currently have a fairly simple set up, we have ONE public Web Server IP.   Our In/Out path is ISP line to our Cisco ASA/Firewall to our Host Server.    We use Static IPs from the ISP.   Our objective is to achieve highly reliable access to our Web server.  

We are looking at solution such as DNSMadeEasy + DNS Failover.  

Would the following plan work?
1) We'll acquire a new ISP #2 service as backup for our ISP #1 service.
2) We'll acquire a new Switch. On site our location we'll plug the two lines from ISP #1 and ISP #2 into the new Switch.
3) Run a single line from this new switch into our existing CISCO ASA router, and add configuration rules to Cisco for the new source IP addresses to mirror the rules already there for NAT, port forwarding, etc.

Any recommendations would be appreciated!
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      


We are running an intranet in our we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
For the bandwidth utilization, is it valid to say 10% line utilization on a 1Gbps (1000 Mbps) link is the same as 1% on a 100Mbps. Thx
I am working on an application where I need to pick up ARP requests.  

My train of thought was to put the Network Adapter into promiscuous mode and process packets as they come in.  As I've done this previously with syslog and netflow packets, I though it would be straightforward....  NOT!

A quick search finds example code to sniff promiscuously (and there's a few out there).  They all seem to use the IP header to say whether the encapsulated is TCP or UDP.  This lets you filter by IP address, port etc.

An ARP packet doesn't have a destination IP address.  It doesn't even have an IP header, it is just 60 bytes as per this link:

My question is:
I don't know how to listen/filter for an arp packet.  

If someone could just help me listen for and get the ARP requests, I can work with the packet data to get the information I want.
Free Tool: Site Down Detector
LVL 12
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have been trying to work with Sonicwall support on this issue and have made no progress.  We have been using the appliance in the past with split tunnel enabled but, due to security requirements, we can no longer allow split tunnel.  If we turn it off,  remote users can access internal resources we have configured, but cannot access anything on the Internet. It seems that we need to create a resource which is "anything" on the Internet but we don't know how to do that. We don't see any kind of wild card options.  We have not given our users access to "Any" resource.  We need to specifically define the resource they have access to.  We need an "Internet" resource and then we can give them access to that.  Is this possible.  Or, is there some other way to approach this?

Sonicwall support had us upgrade the firmware to 11.40-468 with the 708 hotfixes but that did not create an options for resolving this requirement.
hello, scom 2016 and need to specify some service that i need to show using the visio to make dashboard. so if i need to check health of the DNS service in my 3 domains how can i do that and shall i choose. also if  i need to check the status of my DHCP subnets can i do that?
i'm using visio 2013 and the scom addin installed but it's for system centre 2012 does it make any effect?
also if i need to just click on the service from the visio should it gives me the status of this object only?
Hi Guys,

Last week I tried to upgrade our edge 3750X switch (two switches in a stack), from c3750e-universalk9-mz.152-2.E.bin to c3750e-universalk9-mz.152-4.E5.bin.

Previously I copied the new IOS to both flash: and flash2: from TFTP, ran command 'boot system switch all flash:c3750e-universalk9-mz.152-4.E5.bin, and then 'wr mem'.

Later I consoled into the master switch and reloaded. The master switch booted into the new image successfully, but the member switch got stuck in a booting loop. The new IOS was loading, and went nearly to the end, and the master switch could see the member at some point. Then the process started all over again, and it was endless!

I tried powering the member switch off, and then on again - still the same. Tried removing stacking cables, and restarting - still no joy. Then booted the member into SWITCH: prompt, and then into the previous IOS - still a loop! I didn't know what else I could try, so at the end I powered the offending switch off and left it as it was (as the master switch was providing all the services).

Please could you advise how to resolve this issue? Any advice would be appreciated.


I had this question after viewing UUID for OEM Bios no embedded Ethernet mac address , after vista II OS , is it protecting or abnormal ?.


This topic case can be closed as:

UUID is modifiable feature as many as no limited with motherboard changed .  Vista II DUID with IPv6 can not be changed followed rules of NIC and IANA.

Question recreated as:
Vista II DUID ahead of dhcpv6 valid from my ISP Apr. 2014 , broadcasting to the networks, taken away authentication  and rollback me as its client of "server" .  ISP prolonging for treating this since 2012 with dhcpv4 only to later it having had dhpv6 .  The Modem.ISP only can release an fe80:: layer IPv6 to the gateway and as dns.ipv6 by the ipcfg /all command reported.

Whose DHCPv6 broadcasting DUID embedded OEM motherboard.mac replaced off and lost ?
ipcfg modem dns
Gateway assigned fe80:: local layer IPv6 from the stranger upper device , unauthenticated "Server"  device / platform?
modem gateway IPv6 fe80::

Your writing  back are expected on  how to modify this and calculate the mass caused inside the complexity .  Let have a valid IPv6 directly from ISP.   ISP routering service not relied these years by 1996 , because the poor firewall and account Username duplicated in high/low case. While the local wireless …
I have a network of about 30 users with a 100x100 fiber connection with Spectrum.  I am using a Sonicwall firewall.  I did a speedtest and saw 96 down and on 6 up so I called Spectrum and they told me we were over utilized and it was extreme.  My question is; how can I figure out what machine is using my bandwidth and narrow down my issue?
Dear Experts, we have this diagrams:

Internet ------ Router ------- Core Switch -------- Catalyst switch 500 ------- users

We suffered the slow Internet problem from yesterday, and from the Catalyst log, we saw these things:

On the Core switch at that time, the "show processes cpu" show 20% where as normally it is just 8-10%, nothing special in the Router. So can you please suggest? Is it a DoS attack? How can we avoid it on Core switch Cisco 3560?
What lower-layer protocol encapsulates SNMP messages?
Can anyone here help me troubleshoot a local 1-subnet network which is having latency between devices when I ping the SQL server some time I have undeliverable packets, this network has 100 devices and the switch is almost brand new, however, everything is moving super slow, how can detect the cause of the slowness? Thank you.
guys, here is the question. I have one function that optimize images using jimp package and I want to run this function on the command line of one server on digitalocean but i dont want to install lots of things on it. so I install npm and node, but I am very new to node and npm, so I dont know how to execute this javascript that will read the files and optimize images. I want to be able to do something like this on terminal:   execute optimize.js /var/www/html

here is the function I did:

function optimize(path){
    let Jimp     = require("jimp");
    let fs = Npm.require( 'fs' ),
    try { var files = fs.readdirSync(path); }
    catch(e) { console.log(e); }
    if (files.length > 0){
      for (var i = 0; i < files.length; i++) {
          var originalPath = path + '/original/' + files[i];
          var currentPath  = path + '/' + files[i];
          //copy img code here
          console.log('Processing 1. Copying bkp to folder: '+originalPath);
          fs.copyFileSync(currentPath, originalPath);
          //remove current file code here
          console.log('Processing 2. Removing current file from folder: '+currentPath);
          //optimize image.
, function (err, lenna) {
                  console.log('Processing 3. Starting Optimizing from: '+originalPath);
                  console.log('Processing 4. Starting Optimizing to:   …
The 14th Annual Expert Award Winners
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Hey all, we are trying to track down websites visited by PC and how much bandwidth they are using. What software can do this for us?
hi folks

i am wondering if anyone ever used Cisco WRVS4400N's port mirroring feature to monitor traffic of a given port?

i have tried any individual port or even all ports together as the source, but i still cannot see any mirrored traffic from listening to the specific port (Port 4), as shown below.

i have no idea why the device doesn't work as expected. do you have any suggestion please?

Is there anyone out there IT Wise who has gone thru an NBN migration for multiple clients?

Our area is in the midst of deployment, and a number of my clients are reporting getting calls that sound suspect.  
  • One client, a law firm, was called by someone saying they were their PABX provider, and that the firm needs to replace their PABX because it isn't NBN compatible.  The trouble is its only a few months old and I would have thought any PABX sold would be NBN ready
  • Another was called by someone from their telco saying the same "you need a new unit" however the customer luckily has notes from the negotiation of contracts showing the PABX has NBN components already.
  • Another called by their telco, and has 6 month old system, was told by the telco they have no records of how the gear was configured or what's fitted in the PABX box, so the customer has to foot the bill for a new PABX

  • How are you helping clients assess what gear they already possess is NBN capable
  • Are there any resources you can recommend that can be used.
  • What has been your experience with the NBN rollout in your area
How set equally load balancing for 3 different ISPs

Please find the exsting config, after this configuration i am unable to get load balancing in order, always traffice goes automaticly from interface FastEthernet0/0/0 every time i dont know why its happing.

Maximum time uses:-
interface FastEthernet0/1 - 20% (4Mbps Link)
interface FastEthernet0/0/0 - 30% (2Mbps LInk)
interface FastEthernet0/0/1  - 50% (2Mbps LInk)

why every time traffice use primery interface as a interface FastEthernet0/0/1, please suggest what need to be changes for traffice move in order, example:-
interface FastEthernet0/1 - 60% (4Mbps Link)
interface FastEthernet0/0/0 - 20% (2Mbps LInk)
interface FastEthernet0/0/1  - 20% (2Mbps LInk)

Router 1 Config:-

interface FastEthernet0/0
 description office_64/5/10_Lan
 ip address
 ip flow ingress
 duplex auto
 speed auto
interface FastEthernet0/1
 description 4Mbps
 ip address
 delay 1
 duplex auto
 speed auto
interface FastEthernet0/0/0
 description 2Mbps
 ip address
 delay 2
 duplex auto
 speed auto
interface FastEthernet0/0/1
 description 2Mbps
 ip address
 delay 3
 duplex auto
 speed auto
router eigrp 100
 variance 2

Router 2 Config:-

interface FastEthernet0/0
 description Rack_Lan
 ip address …
I've fumbled around doing research on this issue, but am no closer to figuring it out.  In short, I am trying to access from inside their office network and cannot. They are on a domain by the name of and connected to a single Windows 2008 R2 server (that I did not set up).  The site can be accessed from outside the network and is hosted externally.

When I browse to the website in a browser, I get the error:
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

When I ping, I get the IP address ( but the requests time out.  As a test, I've tried changing a workstation's DNS to / but still get the same issue.  I also flushed the DNS with no change.  I tried changing  the local hosts file on this workstation but also didn't see a change after adding a line for  I just did an NSlookup from this workstation and got the server as the Google DNS server  and the Non-authoritative answer as:

I'm at a loss as to where to go from here or what the issue even is.  Thanks!
I have a NETGEAR ProSAFE GS748T 48-Port switch (BRAND NEW). I also have a 5 port netgear switch for two workstations. All cabling is Cat 5e. Some workstations are not running at full Gigabit. Some are 100MBPS and I even have one running at 10MBPS. I have updated all NIC drivers, they are all set to auto negotiate, and they are all gigabit nics.

Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).