LANs & WANs
Subscribe to this site with RSS
Finding the source of a network problem
I am attempting to analyze some network performance and Internet access issues on our small network. The LAN slows to a crawl and the Internet drops for a short period of time a few times a day. My firewall doesn't see any issues with the exception of every once in a while I get a “Src IP session limit reached” for a particular IP address. I think the traffic is actually on Port 80 but is Data Miner or a Trojan watching the users.
I've been researching software that can help me collect data and analyze what's going on with my network. I have about 125
workstations connected to Cisco 3500 Series switches, going out to the Internet though a T-1. We are protected by a Netscreen
NS25 VPN/Firewall. I don’t have a ton of money to spend, so I need tools that allow me to see the entire network and that
cost less than $500. I have looked at Snoop Analyzer, OpUtils and Ethereal a little. I can’t get Snoop Analyzer to work at
all and their support is non-existent unless you are proficient in Japanese. OpUtils is nice but seems to rely heavily on
SNMP being installed on all workstations. I'm not sure what my options are, or what or where I should go.
- Gary Galindo
There are a couple of things I can suggest and you'll like the price - free. The first thing is an open-source package called MRTG. I have used this for several years to monitor the network I handle. You will need to enable SNMP on your Cisco 3500 switches, which will only take a few keystrokes. You will need to get some type of workstation running either Linux or Windows, and a Web server whether it be IIS or Apache, to serve as the engine on which to run MRTG. With MRTG, you can watch your switches on a port level and using a summary page quickly see what port is generating the traffic.
I would also suggest setting up a Syslog server using Kiwi Software's Kiwi Syslog Daemon. Again, there is a free version here, but the paid version has a nice database feature that is well worth the price. Using Syslog on the Cisco switches and on your Netscreen firewall can give you additional information as to the cause of the problem, which could be caused by more than one device on the network.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers