Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Share tech news, updates, or what's on your mind.

Sign up to Post

Can I use this chart to calculate as a current bandwidth utilization in the office?    I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.

This is from the palo alto firewall in network monitor option.  The only thing its in bytes.  So if shows 1,200,000M bytes.  Not sure how to translate into Gigabit.
 Network monitor in Palo fw
Please advice.
Free Tool: Site Down Detector
LVL 12
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I can see in a packet X-Forwarded-For info such that I can see the original source
address of the packet sent to the front end of my load balancer. Now if I am using
wireshark and I only wanted to see packets with a specific x-forwarded-for value,
how could I do that?
What's the best way to check the current bandwidth utilization in the office?  We have have Internet-> PAN fw->juniper switches->users.  Is it something built into those devices to check that or install some app on the top of that, or...
I want to look at what bandwidth utilization I have now and estimate it's max growth based on new headcount / office expansion.
Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
Dear experts,

I came across a situation where I wish to create two subnets as in and

The will be my main network which will contains most of the PCs, printers, etc....

The will be my wifi network which all wireless connections such as phones, scanners, etc...

Here is the situation:

1. only have 1 switch with 48 ports (can be configured)
2. one sonicwall firewall  4 ports in back(can be configured)
3. allow the two networks to talk to one another as in if I have a PC in 192.168.1.x and wish to access a wifi device in 192.168.2.x

Here are the things that I wish to get answered and accomplished:
1. I wish to know what will be the "BEST and SIMPLE" configuration to accomplish this task. Thanks!
2. Is it possible to connect all devices into a single switch (the 48 port switch) and have combination of networks like 192.168.1.x and 192.168.2.x together without utilizing the VLAN?
Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Does any one know why might be causing a a lot of TCP DUP ACK and TCP Retransmission for a FTP transfer?  We also get a "426 File transfer failed" error in the packet capture.
I need to have insight functioning of network monitoring tools like nagios, cacti, centreon and solarwainds

how they work , I am exchange admin but I need to dig a little about all these tools

any article will suffice
I have been replacing antiquated equipment with unifi APs and switches.  I have a sonicwall that breaks my feed into 2 subnets.  One of them is content filtered for a school and the other is for church offices.  I would like to install a USG for the latency and throughput info, but can't seem to figure out how to get it to work without it interfering with SW or APs.  

Is there a way to do it?  I can buy another so that each subnet can have its own.  What I can't do is get rid of sonicwall or two distinct subnets as the school has to have the content filter and USG doesn't have enough of that capability.

I have changed IP and tried it on both subnets.  I have tried it before the SW and after.  I have adopted it, and it brings everything down.  I have adopted it and get caught in a provisioning loop.  It know shows managed by another device.

PS not an IT prefessional, doing this to save my school money and getting them the best technology possible!  So small words and simple answers please.  I have putty, but need step by step help
I am having some issues with some phones and was hoping someone could hopefully point me in the right direction. I am not a phone guy by any means, so excuse any mistakes or anything that is unclear. Our past set up was as follows

Site A - Sonicwall NSA 250 M with Avaya IP Office 8.1
Site B - Sonicwall TZ 205 with 20x Avaya 9608 phones

The sites are connected via a Site to Site VPN.

A week or so ago, we swapped out Firewalls. We moved Site A's to Site B, and put a Sonicwall NSA 2600 at Site B. We did a simple export/import of configs. Even though they were different Firewall models, Sonicwall documentation said it was supported, and we haven't had any issues. Except one.

Our phones seem to experience call dropping and quality issues. We get 10x dropped calls a day, and inside IP Office I can see Quality of Service Alarms going off like crazy.

I have set up QoS and BWM on both sides of the Firewalls, I don't believe bandwidth is the issue.  It's ONLY my remote phones at Site B, which are all H.323 phones. But if someone from Site A calls Site B, there is a chance it will drop as well. Site A can call Site A all day, or externally, no issues. I played around with H323 transformations on the Sonicwall, and that actually seemed to fix the issue, but after enabling it my phones would deregister themselves after a few hours, and would not re-register.

I have set up wireshark on both ends, nothing out of the ordinary, no increase of traffic when issues comes up. …
Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

This is an addendum to an old ticket which can be seen here:

The problem described in the old ticket is still occurring. Random devices will pull a 192.168.0.X address. I put in a new Unifi network (With a new Sonicwall) but the exact same thing is happening. The DNS server changes as well. The DNS server on the firewall is listed as, which is exactly what devices that pick up the CORRECT 192.168.1.X subnet read. However, those that get the wrong 192.168.0.X subnet read the DNS server as, which is the old TW/Spectrum DNS. I have no idea how it's grabbing this.

This "wrong subnet" problem only appears to occur with the wireless devices, as no hardwired device has shown this error so far. That leads me to believe it's either a setting in the Unifi setup (For which I've kept all of the defaults) or the way the Unifi is talking to the Sonicwall. To combat this problem with laptops I've gone in and set static IP addresses from the PC side, which seems to have corrected the problem.  However, with the Nest devices, this isn't an option, as there is no way to manually enter network info.

Instead, I created a  static IP for the Nest devices on the firewall. If I reboot the devices they SOMETIMES pick up on the correct subnet, and when they do, it's the static IP I gave them in the firewall. However, after a few days of working properly they …
What is it and where is it used?
Are other ISPs besides Comcast able to use Comcast's DNS server addresses of &

An organization I am working for has switched over to using Comcast fiber optics as its primary internet service provider (ISP). We also have a second internet service provider (Etheric Networks ( which provides satellite dish based internet services.

Our internet service is set up in a failover configuration using a SonicWALL TZ600 router so that if our primary Comcast fiber optic internet service fails then our internet service will automatically switch over to Etheric until the Comast fiber optic service is restored.

We would like to continue to use the static external DNS server addresses of and in place if our internet service ever switches over to Etheric should the Comcast fiber optic internet service become unavailable.

Our question is if our internet service switches over to using the Etheric internet service will the external IP DNS server addresses of and still be valid and provide timely DNS name resolution?

Or is there a different type of method we should be using to handle our internet service and DNS name resolution switch over?
I have a client with a Sonicwall TZ 215  (SonicROM ) that is using a SonicPointN for wireless access. The SonicPoint is setup on Physical interface X2 with a network and the X2 interface also has two VLAN Sub-Interfaces on it, X2:V18( and X2:V19 ( These VLAN’s are used to create the two wireless zones, one for Guest and one for employee’s. The customer now wants to add a remote lighting “Hub” that is manipulated via an Android or iPhone apps. Even though the “Hub” is accessed via the internet the initial setup has to be done with the phone app being able to see the unit on the same local network segment. Since the hub only has a Ethernet jack and the phone only has wireless, the phone and the hub need to be on the same wireless network. So I what I am trying to accomplish and can’t seem to get working it make the X3 interface on the Sonicwall be on the same VLAN Sub-Interface as the wireless access point. In this case that would be X2:V18. So to sum the whole deal up.  I need to get X3 interface assigned to the same network ( and the VLAN-Sub-Interface as X2:V18. I can’t seem to get it the way I need, no problem getting the X3 on the X2 network ( but not on the X2:V18. Any help would be appreciated. Thanks

Glenn Thibeault
Onsite Information Technologies
I was reading as below

TCP - is a transport layer protocol. It works over an IP network
HTTP - is an application protocol. It works using TCP on an IP network

i was not clear. Does HTTP also uses HTTP
what other protocols there in networking.

nay good link, resources or free video tutorial to understand clearly these things?
please advise
Hi Expert Team,

I need help to automate a SQL database alert generated from SCOM . We used to get an alert  'database backup should be performed' for SQL database servers. But in our project we have Always-on cluster(Mirror) database servers and database backups are performing on Primary  database servers. But SCOM is complaining the same for secondary databases and many such alerts are generating from SCOM.  All these SCOM alerts we receive as incidents in ticketing tool via Orchestrator2012. Our goal is reduction of  such incidents. Therefore i want to automate this kind of  alert to identify which is primary database and trigger alert for only primary database servers and not for secondary database servers. . Is it possible to resolve within SCOM console or can we do anything in Orchestrator2012.

Please guide me how to automate.

Thanks for support!!!
Have internet from two ISP one is faster but has packet loses, the other is reliable but slower, have two lan one for the phones and one for the office equipment the office equipment runs on the faster and the phones run on the more reliable. Looking have this settings one router, plus a failover option and email notification. And recommendation?
We have an ATT Arris 5268AC gateway that had dynamic IP internet service and was passing traffic flawlessly to a Sonicwall TZ400.  Last night traffic stopped being passed.  When connected directly to the gateway with an independent client (desktop) we can get WAN access and see our public IP no issues.  ATT convinced us to buy a block of static IPs to fix the problem but no luck.  I need to 5267AC to pass all WAN traffic to the TZ400 as no user behind the firewall have any WAN access at the moment.  We are on our failover comcast circuit at the moment but need to resolve this.  The Sonciwall provides DHCP and inherits DNS from the WAN.
I recently took over support for an office that is running an old set of Cisco Aironet routers. This office has a good amount of wireless devices - at least 15-20 laptops and computers, along with Nest thermostats, carbon dioxide sensors, and more. What seems to happen is randomly a connected computer will suddenly lose it's connection. Where normally the connection will be 192.168.1.X (Their standard subnet) a computer will randomly drop and suddenly show a 192.168.0.X address, complete with 192.168.0 gateway and no internet access. After sometime the connection will re-establish.

Now I'm 99% sure this is simply the old Wi-Fi network unable to keep up with the number of wireless devices and it's dropping and re-acquiring leases. I just wanted to confirm that anyone else has seen this before. I was planning on replacing the Wi-Fi anyway, but it seems odd. In my experience, when a computer only has limited connectivity it would show something like a 169 address, or no address at all. The fact that it's suddenly coming up with a 192.168.0 address seems oddly specific.

Thanks for any input you might have.
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I need to monitor what websites specific end user are visiting. Looking for suggestions on what programs have worked for others.
Hello Team,

I want to track the missed call notification on Cslogger skype for business 2015 tool.

Please suggest how to trace it

we have skype onpremises 2015


I had created a SITE to SITE VPN between a PFSENSE anda Sonic Wall TZ400.The VPN is up no problem. The only thing is that I cannot open ressources like folders, rdp or ping from one side to another. Anybody knows where I should look to fix this issu?

One of the Experts here on EE suggested GFI Languard.  So, we bought it and have  had it running for a few months.  As I get further into it and want to take advantage of its capabilities, I naturally have questions.

Being a "good customer" I figured to start on the community forum.  But I can't log in and I can't set up a new account.  I have LOTS of email addresses available and can set up new ones.  Yet, no matter which one I enter for a new Registration, it says "already used".  Can't be true of course.

Telephone customer support takes one to a menu that has nothing to do with customer support and, if you politely wait after not responding, it says "Goodbye".

I may be in the market for 3rd party Q&A at least.  Or, what might you suggest?
Hi Guys,

We have an IP block from the ISP
Thus a couple of public IP's assigned, example:

Our NAT policies on over X1 interface is working well.

I've been trying to setup additional NAT policies on, but experiencing a connection issue.
Which brings me to the following questions:

1.  Is it necessary to setup a Virtual Interface for on X1?
Or could the NAT rules simply refer to X1?

2.  I tried setting up a Virtual Interface on X1 for, but it complains about the same subnet used,
What should the subnet for the Virtual Interface be?
Hello everyone,
A client of mine is having an issue with their wireless.  They have been reporting that the passwords were getting rejected so I updated the passwords and then the same thing.  I have tried rebooting it, which normally used to fix these issues but now does not.  They have two ssids, one for employees and one for guest and they are configured in a virtual access point.  There are no more firmware upgrades for this model, my next step would normally be to upgrade the firmware.  We have recommended upgrading this Sonicwall as it is no longer supported as well as having a separate access point in the past.  I honestly think that this would be the only solution at this point, but out of good customer service I am reaching out to you guys to see if there is anything else that I can try.

Network Analysis





Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).