How would you do it?
You have a medium-sized network, say 350 machines spread over 3 locations. You’ve suddenly, in the last week or so, noticed that your Internet connection has gotten a whole lot slower! Where would you start to look for what’s causing the bottleneck? In the last week we’ve found one machine with a trojan, gotten it off the network and cleaned up, with no real improvement in Internet speed. We’ve talked people into cutting down their use of streaming radio, etc. again with no real improvement.
My next suggestion is to start capturing traffic at the firewall, to tell us which computers are using the most bandwidth and then go from there, but I’m not the Network Admin or Network Engineer, so we’ll have to see where my suggestion goes.
I am, however, curious as to what you would do in this situation? Where do you start in order to narrow down what the problem might be? (And yes, I’m totally looking for suggestions to take to my boss at this point from networking folks who know more than me.)
Follow these topics: Uncategorized
The quickest way would be to run wireshark or other sniffer on the network to find out whats going on. If you had a proxy it would be very easy to find out 😉
Also, what sort of firewall rules do you have on the network? Do you allow anything going out (which it sounds like) – if so then you could change this to only allow port 80,25,110 and drop all outbound traffic, but this would not affect traffic on your internal lan though…
AV traffic can sometimes flood the network if you have a bad dat file – I had our mainframe taken down for about 2 days once because sophos was doing a broadcast to update the clients and flooded the 128k line to the mainframe.
Another culprit we once had was a jetdirect card that overheated – it flooded the network with packets until we tracked it down. The only way we did this was to look at the switches on the network to work out which one had the traffic on permanently as opposed to the normal flickering.
hth
Is it just Internet browsing or all network traffic?
I had this very problem and it wasn’t the network that was slow it was just the name resolution. I cleared the DNS cache on the server amd it was instantly fixed. Might work for you, wouldn’t hurt.
It could also be your provider. You can place a call to them and have them check things from there side.
Also double check your phsical wiring at the switches\hub. I’ve also had a problem where we had a loop between ports on an older hub cause network slow down.
Those are the easy ones. Otherwise you have to sniff to find a problem PC or server. I’ve seen PC nic cards with bad drivers flood the network. Also seen some guy flood the network with video streaming setup on his PC with VLC.
Time to put in a sniffer and monitoring setup at the gateway!
There are so many solutions available that can perform this from MS ISA server to 3rd party solutions, I have used(this was 3+ years ago)
http://www.surfcontrol.com/Default.aspx?id=374&mnuid=1.6
But this looks good too:
http://www.websense.com/global/en/ProductsServices/WebsenseEnterprise/
…take a look at the smart gateway appliance, Network Composer by Cymphonix….
http://www.smartestofall.org