[OT] Network load analysis

Bob Sneidar bobsneidar at iotecdigital.com
Wed Nov 25 16:25:22 EST 2015

First, if he has managed switches, he can find out which ports are generating the traffic. If he is getting traffic spikes all at once on all ports, he likely is suffering from a broadcast storm. Those are difficult to troubleshoot, but the short answer is monitor switch LED's and start unplugging network cables until the problem subsides. It will be a dramatic change in the flickering of the activity LED's on his switch (if they work that way). 

If it's not a broadcast storm, then (assuming a managed switch situation) configure one port as a monitor port (also known as promiscuous mode) which will render ALL traffic on ALL ports on the monitor port. Then connect a device running a packet sniffer on that port and start capturing packets during one of these spikes. 

If this is traffic going through your router, your router should be able to show you graphs on who is generating the traffic. If not, as suggested, there is software that can do this for you, but it needs to run on a port that is promiscuous, or else on a hub with the uplink of your switch and your upstream switch or router connected to other ports. Some software can configure some switch ports automatically, but it's not a slam dunk. 

The causes of traffic spikes can be multitudinous. People in the company may have a favorite radio program or video feed and everyone is using streaming software to hear it. That may sound rediculous, but I worked for a Church and every day 35 women (and a few men) would go to the Churches web page and listen to the stream of the Pastor's Bible study every day. We had to deploy content management and block streaming traffic to stop it because telling them not to do it didn't work. We had the radio feed on their desk phones anyway but they didn't like the quality <slaps head>. 

Other causes can be compromised computers on the LAN running a denial of service on someone else, a certain program or OS that attempts to do updates all at once or within a close proximity of time, a bad NIC that is arp storming, etc. 

I have troubleshot issues like this one on a number of occasions. He can learn a lot by doing it himself, but if he is under the gun or feels like he would be overwhelmed, he should probably hire a specialist. 

Bob S

> On Nov 24, 2015, at 13:22 , Paul Foraker <paul at whitefeather.com> wrote:
> One of my clients needs someone to dig around in his network and find out
> why he's getting load spikes. Does anyone here know how to do that stuff,
> or
> can recommend someone who does?
> Thanks
> -- Paul
> -- 
> White Feather Software
> www.whitefeather.com
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list