PC World Ethernet networks can run remarkably well for long periods of time, lulling IT admins into a false sense of security. Unfortunately, disaster can strike at anytime, and to the under-equipped, network issues can be downright debilitating.
Some of the most serious network problems can include broadcast storms, in which a defective or misconfigured network device floods the network with traffic. Broadcast storms tend to amplify themselves until they completely shut down your network, which is bad. Another common threat is a malware-infected computer, which can send a barrage of e-mail or attempt to replicate to computers on your LAN or across the internet. An infected computer can slow down internet traffic and put you on bad terms with your ISP.
And sometimes a single user can use so much bandwidth that it affects other users on the network. Perhaps they’re using peer-to-peer file sharing software, consuming excessive streaming audio or video, or just downloading lots of large files.
Fully understanding everything thats happening on your Ethernet network is truly a herculean task, but with a couple basic tools and some common sense, it’s possible for a jack-of-all-trades IT person to track down these basic problems.
One network tool that every IT person should know about is Wireshark previously Ethereal. Wireshark is a freeware network packet analyzer that captures network packets and displays detailed packet data. It’s a very cool tool, and it will give you a new found respect for just how much and how varied the data that traverses your Cat 5e cable is.
When first launching Wireshark, it’s easy to become intimidated. It’s extremely powerful and offers a myriad of options. However, there are only a few basics that you need to know before you begin.
First, you need to know what traffic you’re actually monitoring. Back in the day when hubs were common, all traffic was transmitted to all ports. As you can imagine, that didn’t scale very well. Switches are a refinement of hubs in that they discover the hardware addresses associated with each port and only transmit relevant traffic between ports. This means if you just plug your computer running into Wireshark into any available switch port, you’ll only be able to see traffic to and from your computer and broadcast/multicast traffic; Interesting, but not always useful.
In order to examine traffic on an Ethernet port other than the one your computer is plugged into, you need to mirror your ports. Port mirroring is a feature on managed switches that allows traffic from one or more ports to be mirrored onto an alternate port for the purpose of monitoring. Depending on the situation, you may want to mirror all ports on a switch or just one relevant one like the port your Internet connection is plugged into. You’ll need to consult the documentation for your particular switch, but on my 24-port Netgear switch, I was able to mirror the necessary ports using a simple browser interface.