Slow down of internet service

Slow down of internet service
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.lans.ethernet  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Slow down of internet service lelo 11-27-2005
Posted by lelo on November 27, 2005, 10:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


We have a network that consists of 300+ workstations, mostly win xp, 10
servers (file, email, antivirus, and sus) and about 20 network
printers. Linking these w/s are a combination of switches and hubs (90%
10/100 switches although there are still a few 10/100 hubs present).
All of these workstations, switches, and servers are interspersed
throughout two 7 story buildings. We are connected to the internet by a
full T1 line. Lately, at certain times of the day (never at a fixed
time and never on a predetermined day), our internet access slows to a
point where everyone on the network is crawling. Our internet access
has never behaved like this. The number of machines has not increased
significantly on our network in one year. I was advised to use a
protocol sniffer which I did and found nothing out of the ordinary
other than high ARPage from our servers. I've checked for machines with
viruses and found none. Does someone know of something else to look for
on the protocol sniffer or for that matter anything else that might
help me out?


Posted by Hansang Bae on November 27, 2005, 10:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


lelo wrote:

> We have a network that consists of 300+ workstations, mostly win xp,
> 10 servers (file, email, antivirus, and sus) and about 20 network
> printers. Linking these w/s are a combination of switches and hubs
> (90% 10/100 switches although there are still a few 10/100 hubs
> present). All of these workstations, switches, and servers are
> interspersed throughout two 7 story buildings. We are connected to
> the internet by a full T1 line. Lately, at certain times of the day
> (never at a fixed time and never on a predetermined day), our
> internet access slows to a point where everyone on the network is
> crawling. Our internet access has never behaved like this. The number
> of machines has not increased significantly on our network in one
> year. I was advised to use a protocol sniffer which I did and found
> nothing out of the ordinary other than high ARPage from our servers.
> I've checked for machines with viruses and found none. Does someone
> know of something else to look for on the protocol sniffer or for
> that matter anything else that might help me out?


What was the utilization on the router interface facing your Internet
connection? Not sure what protocol analyzer you used, but I'm not sure
what you mean by "nothing out of the ordinary" The way you phrased
this post (no offense meant) tells me you may not know - fully - what
to look for in the traces. But if you use Ethereal (for example) and
watch the router interface with the T1 connection, you will see traffic
patterns. Perhaps there is someone is clogging it up with P2P
programs, for example.

--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

Posted by lelo on November 28, 2005, 5:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


You are correct in the assumption that I'm not experienced in using a
protocol analyzer and I take no offense to the statement. It was the
free ethereal protocol analyzer that I used but other than hints from
other inexperienced people I know very little of it's correct usage.
Any ideas will be greatly appreciated.
Hansang Bae wrote:
> lelo wrote:
>
> > We have a network that consists of 300+ workstations, mostly win xp,
> > 10 servers (file, email, antivirus, and sus) and about 20 network
> > printers. Linking these w/s are a combination of switches and hubs
> > (90% 10/100 switches although there are still a few 10/100 hubs
> > present). All of these workstations, switches, and servers are
> > interspersed throughout two 7 story buildings. We are connected to
> > the internet by a full T1 line. Lately, at certain times of the day
> > (never at a fixed time and never on a predetermined day), our
> > internet access slows to a point where everyone on the network is
> > crawling. Our internet access has never behaved like this. The number
> > of machines has not increased significantly on our network in one
> > year. I was advised to use a protocol sniffer which I did and found
> > nothing out of the ordinary other than high ARPage from our servers.
> > I've checked for machines with viruses and found none. Does someone
> > know of something else to look for on the protocol sniffer or for
> > that matter anything else that might help me out?
>
>
> What was the utilization on the router interface facing your Internet
> connection? Not sure what protocol analyzer you used, but I'm not sure
> what you mean by "nothing out of the ordinary" The way you phrased
> this post (no offense meant) tells me you may not know - fully - what
> to look for in the traces. But if you use Ethereal (for example) and
> watch the router interface with the T1 connection, you will see traffic
> patterns. Perhaps there is someone is clogging it up with P2P
> programs, for example.
>
> --
>
> hsb
>
>
> "Somehow I imagined this experience would be more rewarding" Calvin
> **************************ROT13 MY ADDRESS*************************
> Due to the volume of email that I receive, I may not not be able to
> reply to emails sent to my account. Please post a followup instead.
> ********************************************************************


Posted by Hansang Bae on November 28, 2005, 8:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


lelo wrote:
> You are correct in the assumption that I'm not experienced in using a
> protocol analyzer and I take no offense to the statement. It was the
> free ethereal protocol analyzer that I used but other than hints from
> other inexperienced people I know very little of it's correct usage.
> Any ideas will be greatly appreciated.

If in fact, you're T1's are being swamped, you need to find out if it's
legitimate traffic or some bogus traffic. So here's what I would do.

1) Track the T1 interface's utilization using MRTG. *VERY* easy to
setup as there are step by step instructions on setting it up.
2) span the router's Ethernet port to a PC running Ethereal. Capture
using bytes size of 128 bytes. You don't need the full packet for
stuff like this.

Capture for a bit (say 15 minutes) and use the following filters in
Ethereal:

tcp.analysis.retransmissions

You can also use Statistics, Endpoints, and look at the TCP stats. Are
they legitimate?

You can also enable netflow (or cflow if it's not a Cisco router) and
export it to many free netflow collectors. This will give you a
running total of IP/pairs/port numbers/packet sizes. Basically, a
who's who listing of your network.


--

hsb


"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

Posted by Patrick Schaaf on November 28, 2005, 1:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options



>Does someone know of something else to look for on the protocol sniffer

Look at the T1. A T1 is only 1.5% the bandwith of each of your 300 hosts.
So it is absolutely trivial for any single host to clog the available
outside bandwidth. So this is what you'll need to look for.

If this is the first time you notice such problems, this is the ideal
time to create some semblance of a network management. Apart from
sniffing-when-things-are-gone-bad, this involves round-the-clock
measurement of at least the bandwidth usage on the T1, and packet
drops on the T1's router interface. The most common open source
software used for such basic monitoring, can be found at

        http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

BTW, if you have further questions, this newsgroup is probably not
the best one to ask. comp.dcom.net-management may be more appropriate.
Or, depending on the importance of the internet connection for your
operation, and a possible total lack of inhouse competence in these
matters, maybe a good network consultant would be even more appropriate.

best regards
Patrick

Similar ThreadsPosted
slow TCP connections due to very different speed of segments? March 10, 2005, 2:08 am
Class of Service (CoS) Question January 29, 2006, 9:38 pm
slow smtp issue/packet capture December 18, 2006, 10:24 am
A tricky problem concerned with fragmentation and Logical link Layer service. August 5, 2007, 2:51 am
Internet Slowness December 19, 2005, 12:50 am
internet jobs July 3, 2006, 2:46 am
internet switch recommendation May 17, 2006, 10:51 am
share a fiber internet July 16, 2006, 11:19 pm
Wanting to share internet between two networks February 24, 2005, 5:19 am
Sharing Hotel Room Internet October 10, 2005, 10:52 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map