Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post


We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice
Hello, I am aware that classful network addressing is a thing of the past and there are 5 classes.
Class A       0
Class B       10
Class C       110
Class D       1110
Class E       1111

If we wanted 9 Classes I’m trying to find the leading bits. Is this possible?

I would like to know what caused this to happen? WMI usage was very high in task manager which resulted in extreme slowness in over all performance in my PC. When I rebooted the computer it went to 0% as it's supposed to be. What was the culprit and and how can I prevent that from happening in the future?
WMI Usage Very High.JPG
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
I need to analyze PCAP files and APIs for an MVNE I am working with.  I can definitely see some things in the PCAP files they sent, but I would like to be able to do a lot more and more deeply analyze it.  I have been using wireshark to break it down but what is the best way to attack analyzing these files.  Is there a resource out there, program, best practice, etc.
Plugged in two network switches to my LAN. They were being used for Comcast Voice previous to today. Now, I have workstations that are having their DNS server address changed to the firewall IP address. The DHCP scope tells them to go to, but they are changing to
I can't find any rogue DHCP servers on the network.
Any ideas on areas I could check to see what is telling the computers to change their IP on the DNS server through DHCP?

When we connect via Wireless, those computers aren't impacted.
Only happening on the LAN (ethernet) segment from what I can tell.

Have a Fortigate Firewall
Have Fortiswitches
Have a Cisco SG300-24P
Have a TP Link T1600-52P switch

I checked both switches and both have DHCP server disabled
Both are set to DHCP to pick up a IP
I did have to login to change the IP on the TP-Link
It was defaulted to
I had to alter that to

Verified firmware is up to date.

The only thing I did yesterday was to plug the phone switches into the Ethernet LAN as the phones would now be using our LAN for IP Addressing and such.
Is there a way to see what's handing out or distributing the for "DNS Server" setting to workstations?

The DHCP server has been
But now, on the clients (anything not statically assigned) its showing up as

I don't see any other DHCP servers on the network. I am trying to use Wireshark to examine the LAN to see if this is the …
How can I setup a remote  wireshark capture?  I want to capture traffic on a particular switchport, but I can't be onsite.

I have a cisco 2960g and a fortigate 60d
I have an Extreme Switch that is capable of port monitoring.
I'll be using a laptop to connect to port 11 on this switch.  I'll be monitoring port 13 that has a VOIP switch plugged in to it.  The purpose is to capture the traffic of the VOIP switch because that VOIP switch is losing connectivity to our network at random.
On the Extreme switch, all I have to do is select port 11 as the "monitoring" port and select port 13 as the port I want to monitor.  This part is easy enough.
I'd like to use Wireshark as the utility to capture the traffic.  Installing Wireshark on the laptop I'll be plugging in to port 11 is no problem.  However, tutorials I've seen so far are not specific enough to tell me "how to" set up Wireshark to capture/store the traffic that's traveling across port 13.
Please advise.
I am trying to trace TCP traffic between two applications that I have written using Borland C++ builder XE10.1 Berlin Update 2.
The TCP client application connects to the TCP server client on TCP port 4545 without any problem
I am running both applications on the same PC whose IP address is
The server receives the data periodically sent by the client and displays it which tells me that it is working.
If I try to look at the data using Wireshark version 3.0.2 (v3.0.2-0-g621ed351d5c9)  however, the traffic is not shown.

I am using the display filter : tcp.port == 4545

If I remove the filter then all traffic is shown in real time as you would expect.

I am assuming that Wireshark won't display traffic with the same source and destination IP addresses ?
How do I configure Wireshark to show TCP traffic with the same source and destination IP addresess ?
CompTIA Security+
LVL 13
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

How do you become certified/qualified to do SOC 2 audits? When I try to search this
on google the borg assumes I'm looking to pay someone to audit my company.
I'm looking for - if you wanted to be an auditor of companies to assure their
SOC 2 compliance, what process would you need to go through?
OSPF LSA  Updates and Hellos

on the Screenshot below , we have DR and BDR

I want to know if other routers will have to send an update(LSA type 1) to DR and BDR, or they will send an update (LSA type 1) just to the DR, and the DR will send (LSA type2) to all the routers including the BDR


Other Routers  will  send an update(LSA type 1) to then DR and BDR will get the Update but only the DR that will send (LSA type 2) to (where all other routers are listening to)

in case of the second case , I wonder how does BDR get LSA type 2 from DR

Thank you

I am looking for  software solutions  that will allow me to Visualize Network Traffic .
The aim is to quickly pick up on network isssues .

What do you guys recommend?

There seems to be a lot of discards happening on an interface of my Catalyst 9300. Here are some images to validate what is happening.
This port on the switch goes to a Fortigate 300E. Would I be able to identify these discarded packets with Wireshark and spanning the port like so:
monitor session 1 source interface TwoGigabitEthernet1/0/8
monitor session 1 destination interface tenGigabitEthernet 1/0/45 encapsulation replicate

 I ended up trying it with Wireshark and got this, but not sure if it's my problem.
I need to design a topology of our network for a meeting that shows all the network servers and communication appliances.  What software can I use that is simple or free to do so?

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy
We are looking for a network monitoring and configuration management tool. More than 90% of our network is HPE (Prourve)/Aruba, and we use Infoblox IPAM.

The options we are looking at currently are HPE IMC, Infoblox NetMRI and SolarWinds.

At the moment cost has priority over nice to have features, so cut down versions of the above would also be one way to go. We have bout 600 switches and growing.

What we absolutely need in terms of features:

device inventory
device state  - basically being able to see if a switch is down
switch configuration backup as a scheduled task

Provided the above is covered, it would be nice to have:

network map with L3/L2 overlays
loop detection
device configuration compliance (to a set of policies and/or predefined baseline configuration)
device configuration comparison (side by side)
device configuration deployment
firmware inventory
firmware installation

Anything else that would be useful that you can recommend?

Thank you!
I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.

Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.

The issue is that traffic never hits I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.

I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead…
Hi guys

There are moments when people in a particular area of the office have connectivity issues from their local PC's to the actual servers. They will say that connecting from their local machines to the server is taking a while.

I know it may not be necessary, but I would like to know if tomorrow I wanted to show people how you can measure network traffic or even connectivity problems at different points on the network, I wanted to be able to showcase it.

I was wondering whether there are ways of testing each segment of our network to see whether there are any red flags that come up. For example, how would I measure if there is a physical connectivity issue between the floor port their PC's are plugged into and the port on the switch? How about from the switch they are plugged in to, to the server? If so, then can you explain, literally, how would you go about doing this?

Thank you for helping
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Thousand Eyes seems like a really good software.  Helped me to figure out routing issues.  Love to deploy it our Data centers. Worth to have paid account?
Wonder what other forks are using?
I have a Dell Server running W 2008 R2.
It's on a LAN with 8 pcs running W7Pro and W10Pro.

If I go on ANY of the PCs and try to Map a Network Drive, I  see only THREE (of the Eight PCs) but NOT the Server.

I can Ping the Server from any of the PCs and the Server responds (but wont connect).

It's obviously a setting on the Server but I don't know where to look.

Can anyone give me some pointers?


I have some SLES 12.2 server where I need to monitor certain network traffic for diagnosing a problem that occurs every now an then. I'll try to record the traffic with tcpdump, and when that problem arises, I could dissect the correcponding network traffic with Wireshark.

I've set up a main script which contains
tcpdump -iany -G $((30*60)) -n -w -z ./ net or net > tcpdump.statistics

Open in new window

and a helper script for some postprocessing:
gzip *.pcap
find . -maxdepth 0 -mmin +$((12*60)) -name '*.pcap.gz' -delete

Open in new window

I'd expect that script to run indefinitely, creating capture files containing 30 minutes of data each, until I stop tcpdump with i.e. [CTRL-C] or kill. The postprocessing called after stopping (and whenever a new capture file is created) will zip the created capture files and limit the backlog of capture files to 12 hours.

So far, so good. Now to the problem:

tcpdump stops capturing data in the middle of the second file and exits (without error, as far as I could see).

What have I missed ?
what is the difference between state full inspection and deep packet inspection ?

thanks !!!
I have a user who when tries to restore a Quickbooks database that is 100M stored on the server over the network takes hours.  When he copies the db from the server to his desktop which takes a few seconds then tries to restore it the process takes less then a min.  I would like to use wireshark to possibly identify the issue.

  1. Do i need to run Wireshark on his computer or on any computer to see if there are any issues?
  2. What should i be looking for?
  3. Should i attach a capture file or is that not secure?
hosting a Fortnite competition on ipads - what can i do to remove lagging/ latency issues

everyone will be on ipads and my bandwidth is 200 MB dedicated, its a small competition in our company, is there a QOS setting i can apply or any other suggestions

maybe there is a gaming port i need to open on the firewall

Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).