One of the first steps in isolating the problem packets is eliminating the ones you are not interested in. This video goes through how to create some simple filters in Wireshark to display only the protocols you want to see.

Here is a quick video we put together on how to get started with Wireshark.

There are three fundamentals that need to be satisfied when getting into the area of network troubleshooting.

1. Know what your network is capable of
2. Know how much traffic is going across your network
3. Be able to capture packets when a problem or slowdown occurs

Luckily for those people in the industry today, the tools necessary to meet these three fundamentals are freely available and much documentation exists on how to set them up. This is much different than when I started troubleshooting networks 13 years ago. Back then we had one Network General Sniffer on a 286 luggable platform. Since the company could only afford one, everyone had to wait their turn to use it. On the good side, there was so little network traffic, we could capture all day and not fill up the 64 meg capture buffer. Enough about the old days.

There are three free products that we recommend to everyone, whether they are a large shop, medium shop, or a very small operation. We believe so strongly in these products that we use them on our consulting jobs and in our training classes. These products are:

1. Iperf - A throughput measurement tool. This satisfies number 1 in the list above. You can use Iperf to measure the end to end throughput on your network from the Transport Layer (TCP) down to the Physical Layer. If you are getting 94 mbps out of a 100 mbps full duplex link, there is nothing wrong with your switches, routers, or cabling.
2. MRTG - Multi-Router Traffic Grapher - This perl script has been around for a very, very long time. It sends SNMP queries to routers, switches and other SNMP devices every 5 minutes and graphs out the change in the counters. With a simple configuration file, you can begin monitoring the link utilization on your switch uplinks and WAN links to the Internet. There are newer versions of this that use RDDTool and have better graphic interfaces. However, the basic MRTG still works great. I had set it up at a client and was not back on site for 9 months. When I arrived I asked them if it was still running, they replied “I don’t know, but we haven’t rebooted the box.” Not only was it still running, but we had 9 months of statistics to look at.
3. Wireshark - Packet capturing protocol analyzer - It used to be that you had to pay $12,000 to get an analyzer like this. Now you can download it for free. One of the things that is nice about the Wireshark analyzer is that it is simple to use, but offers incredibly useful features. Additionally, it was developed and is modified by people that use it to solve problems. Often times we will find that it decodes a protocol not on just what the specification said, but how the protocol is actually used.

We will be covering tips and tricks on each of these tools over time. If you don’t already have these loaded, it would be a good idea to go out to each of the sites, download the products and follow the installation instructions. It can never hurt to know if your network is really able to transport data at the rates you expect.

Happy troubleshoooting.

There are times when some of the good things in life are free. One such example is Iperf. This is a 110 kilobyte executable that can be used to measure throughput from one end of the network to the other. All you have to do is download Iperf, go to the command prompt, enter a couple of commandline parameters and you are off and running.

Click here to go to the Iperf download page

To make life a little easier, I have put together a short video showing how to use Iperf. As you will see in the video, Iperf must be installed on both machines used to do the throughput measurement. You should expect to get around 94 megabits per second out of a 100 mbps full duplex link. If you are using a 1000 mbps connection, you can use the -P parameter to increase the number of concurrent processes. We have found that a -P 7, which runs 7 concurrent data transfers is enough to get a Gigabit link up to 90%+ utilization

Click here to see a short video on the use of Iperf

Happy troubleshooting!