[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.

We have ordered an internet connection on premise.

We want to keep our Layer 2 connection and make use of it somehow.

We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
0
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Hi Guys,
I observed big amount of no buffer drops on my interface facing internet, on my C2911 Router, howerver, I don't see any failed or a lot of missed packets in the buffer counters.
What could be the reason for it?

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 42/255, rxload 122/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 100Mbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/76 (size/max/drops/flushes); Total output drops: 3631582
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 48118000 bits/sec, 6878 packets/sec
  5 minute output rate 16759000 bits/sec, 3252 packets/sec
     4022440271 packets input, 4092734377 bytes, 3631387 no buffer
     Received 6062 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     592 input errors, 0 CRC, 0 frame, 592 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     1319074480 packets output, 2459248571 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     1 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped …
0
I have 3 switches. I have 1 vtp mode server (A) and 2 transparent (B & C). I changed the B & C from transparent to client. I added another vlan on A. But only B updated its vlan database. I am not sure why C did not. A is directly connected to B via copper. B is connected to  C via fiber.
0
how reduce Lsass.exe bandwidth traffic because it is very high and take a lot  of internet connection bandwidth?
0
hello,
how I can log all mikrotik traffic to prtg or any other software so I can know the connections logs.
thanks.
0
Hi,

I’m hoping to get some ideas on this one. I’m having some intermittent latency and sometimes dropouts on the network, which consists of mostly Cisco SX300 switches.

When the latency or dropout happens, the CPU utilisation of the core SG300 Switch would be over 40%. I have been told the issue is caused by spanning tree and turning global spanning tree off on the core switch does help, however, I think it is not the spanning tree or it is more that just the spanning tree.

What other things could I look into in finding the cause?

Any help appreciated!

Jonathan
1
Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
0
Port 5083 : Qpur File Protocol
Can somebody tell me for what purpose is this service used for?
1
I need to do an Enterprise Architecture maturity assessment using TOGAF framework. Can anyone who has done something similar give me guidance on best way to approach this.
Over all approach
Red flag points
Action points

Thank you for your help.

J
0
Hi... Can anyone tell me what is this Simple Network Audio Protocol running on port 4752 ? Thanks
0
Exploring SharePoint 2016
LVL 12
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

I have 10mbps links between my locations and we have been experiencing network latency, primarily in the afternoons. I contacted my ISP and they were rather tight-lipped about what traffic was causing the problem. It took 8 months, countless tickets, and repeated threats to finally get the small amount of information that I have- that the primary network congestion is being caused by 4 domain controllers communicating with a domain controller in the hub of our network. I have modified the link costing and replication schedules and am pulling utilization reports tomorrow. I am going to run a packet capture with Wireshark. It is going to run from a desktop computer connected to a port that monitors the MPLS pot and filter by IP address for each of the DC’s communicating back to the hub. What should I look for in the capture that might indicate the source of what is flooding the network?
0
Dear Experts, I'm testing the SPAN feature in Switch Cisco 3750. This is the diagram:

SPAN.png
This is configuration on Core SW:

monitor session 1 source vlan 55 both
monitor session 1 destination interface g1/0/13

Open in new window


It seems like working but the whole vlan 18 was hang, so I could NOT access the PC which was installed wireshark. How can I fix it? Can we just mirror traffic from some IP addresses, not all VLAN?

Many thanks as always!
0
Dear experts,

I am new to the DNS and DNS load test. Now i have task to test Load Test on two BIND9 servers [RHEL6]. I had googled it and i found dnspref is good tool to evaluate throughput and latency. However, I need a script to do this task. I will be very helpful for me if any one share the info.

thanks,
Maddy..
0
As you can see from the attached diagram, site2 communicates with site1 via the pt-to-pt link as the primary. The MPLS is the backup link.

To get to the public server 1.1.1.1, site2 10.10.10.3.13 is going through site1. core1 redistribute static via EIGRP. and site2 learns the DG via EIGRP.

What I'd like to do is to reroute the DG  of site2 to FW2 when 10.100.3.13 or 10.100.3.14 fails. How would I go by accomplish this? Thanks

Capture.JPG
0
Hi

i configured OSPF between cisco ASR and Juniper router (service Provider).

OSPF neighbour has formed and exchange routes.

but ASR is logging a message " Cannot see ourself in hello from <juniper router id>, state INIT"

This is not happening all the time. its happening randomly once or twic a week. Mostly happening duing the peak hours of the business (but traffic is not hitting the maxium BW).

Due to this i can see some of the remote sites having high latency connecting to the DC for 2 -3 min and then when OSPF is normal the high latency is goiing away.

Not sure why the OSPF is flapping. Any particular config i need to add between juniper and Cisco ASR to Work.

regards
Logesh
0
I need to capture TCP/UDP packets to and from an Azure VM that is in production. I can not put Wireshark on this VM that is in production What can I do?  We do own that Azure VM.  We are trying to analyze why there is loss information between the VM and our hardware device.
0
I have 3 WS-C3550-48-SMI and they are connected to each other via 1000BaseCX Gigastack. But they are only half-duplex. My users are experiencing slow response. Could it be because of those trunks with half-duplex?


sh int status
Port      Name                      Status           Vlan       Duplex      Speed      Type
Gi0/1     Switch A & C       connected    trunk      a-half        a-1000      1000BaseCX Gigastack
0
Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
0
Hi Guys,

 I am trying to use hyper-v extended port acl's as a basic form of firewalling for vms on hyper-v server 2016

My goal is simply to limit incoming connections while generally allowing outgoing traffic (and return traffic).

In essence we are allowing incoming http(s) and dns replies. All outgoing tcp traffic is marked as stateful.

We use the following acl's (cleaned up slightly for readability)
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Deny" -Direction "Inbound" -Weight 20
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -Weight 30 -Protocol 1
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 80  -Protocol "TCP" -Weight 60
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -LocalPort 443  -Protocol "TCP" -Weight 70
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Inbound" -RemoteIPAddress "8.8.8.8/32" -RemotePort "53" -Weight 130
Add-VMNetworkAdapterExtendedAcl -VMName "web" -Action "Allow" -Direction "Outbound" -Protocol "TCP" -Stateful $True -Weight 150

Open in new window

The issue is as soon as the last stateful entry is added significant latency is observed to the point of things becoming useless.

In the cisco switch acl world you would simply look for the established flag for the packet.

Is there a way we can achieve the same here without incurring these severe performance penalties? Am I doing it completely wrong?

thanks for any insight.
0
Introduction to Web Design
LVL 12
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I have a network with a DrayTek router connecting it to the Internet.

My ISP tells me that I am sending up to 600Mb / hour up to the Intenet at times. I do not use cloud backup or storage. I am concerned that one of my PCs may have been compromised, causing this.

I have installed SmartMonitor from DrayTek, and set the router up to do port mirroring as per their instructions, mirroring all LAN ports and the WAN side too.

Looking at the SmartMonitor report, I can only see reports on downloaded data, so this isn't helping me to diagnose the large amount of uploads.

Can anyone suggest a better way to monitor this?

Thanks,

Richard
0
Why I can only get a complete traceroute on my PC to the remote server and not from my access switch to the server. I can ping 10.210.109.220 without any problem.

traceroute from my PC at the main site to the remote server via MPLS:
C:\Users>tracert 10.210.109.220

Tracing route to 10.210.109.220 over a maximum of 30 hops

  1     2 ms     2 ms     2 ms  10.19.31.253
  2    <1 ms    <1 ms    <1 ms  10.187.250.1
  3    <1 ms    <1 ms    <1 ms  10.187.5.41
  4    20 ms    15 ms    19 ms  10.210.11.86
  5    15 ms    15 ms    15 ms  10.210.10.221
  6    39 ms    36 ms    32 ms  10.210.109.220

traceroute from my L3 switch at the main site to the remote server via MPLS:

L3-sw# traceroute 10.210.109.220
traceroute to 10.210.109.220 (10.210.109.220), 30 hops max, 40 byte packets
 1  10.187.5.41 (10.187.5.41)  0.789 ms  0.793 ms  0.65 ms
 2  10.210.11.82 (10.210.11.82)  5.014 ms  5.063 ms  11.98 ms
 3  10.210.10.221 (10.210.10.221)  21.506 ms  15.497 ms  15.627 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
0
Hello Everyone,

We are thinking about upgrading our Cisco 801.11n wifi  access point to Ubiquiti Unifi UAP-AC-HD Access point. We bought a test unit and very easy to setup and all in one central management robust unifi controller, we have 100m up/down internet from TWC. During our LAN speed test we are getting about 80 mb/s up and 90 down, which is normal. when we test it on the new Ubiquiti wireless access point , we are getting speed of 32-34 mbps and upload getting to 90mbps on a 5ghz band. on a 2.4ghz band we are getting about 16mbps down and 80-90mbps up. Our current network configurations example is attached. We have contacted Ubiquiti and support doesn't seem to know what went wrong still waiting for their engineer to reply. all switches are in full duplex speed. We are suspecting the firewall is filtering traffics by design, and if so, we would like to know if there is a way to fix this.

Any help in unraveling this issue would be greatly appreciated.
Untitled.jpg
0
Hello,
I use FreeBSD ipfw, I want to measure current speed in bytes per second and packets per second for monitoring.
If I have a pipe and two queues in it, ipfw doesn't give current speed when executing 'show'. If I try to measure speed by counters (ipfw rules), I don't get real speed because counters measure queue input, some packets can be dropped in queue or pipe.
Please, help.
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
Hi,

We are running an intranet in our organization...now we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
0

Network Analysis

9K

Solutions

12K

Contributors

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).