1:00 AM
El DiPablo
I have been dealing with an intermittant network issue for the past month and a half at work. Maybe once or twice per week, one of our VLANs will drop out for about 5 minutes, then come back up. I was talking with a Network Engineer friend of mine, and he thought it was probably a spanning-tree issue, however I'm not convinced of that. I explained the issue to another friend of mine who has been doing networking for a really long time, and he doesn't think it's a spanning-tree issue because only the one VLAN goes down, and all traffic on that VLAN doesn't stop. Anything on that VLAN can still talk to each other, it's the inter-VLAN routing that stops working, and that is handled by the firewall.
Great, so look at the firewall right? Not really, because my company thought it would be a good idea to hire a managed firewall solution prior to me being hired. Working with those guys is like sticking needles in your eyes. They are slow to respond, and they are so concerned with covering their asses, and pointing fingers that they can't help you look at some simple firewall logs, or call vendor support for the firewall. I digress about that...
So anytway, we made the executive decision to early terminate with the managed firewall guys, and buy the firewalls from them. While I'm waiting for access to the firewalls, we are still having these intermittant outtages. Every time I get an idea on what it can be, I try something and have to wait to see if that fixed it. Nothing has worked so far, and I can't figure it out. I decided to plug a laptop into my switches, and mirror the port connected to the firewall, and run Wireshark to see if I can pick up what's happening on the network. The problem is that this issue will not happen for days, and by the time it does happen, Wireshark craps out and crashes.
I decided to look for an alternative, and found one from Microsoft called Network Monitor. The latest version at the time of this writing for Microsoft Network Monitor is 3.4, and is absolutely free. On top of that, it's way more intuitive to use than Wireshark, and has an easy to understand user interface. Plus it has simple pre-programmed filters to make using it easy for even the most novice of Network Administrators. The preset I am trying out for my intermittant issue is called Base Network TShoot which looks for the most common network problems including ICMP, ARP and TCP resets as well as TCP retransmit packets.
Plus, as I mentioned above, the GUI is way more user friendly than Wireshark's, check out this screen shot where I can see not only my raw packet info, but what applications it's tied to on my computer (Click for full size):
Now I'm sure a lot of you are die hard Wireshark guys, which is fine. I mean it pretty much is the number one network sniffer out there, but if you're more of a systems guy like me, and only dabble on the network side, then I think you're better off with a more user friendly tool like Network Monitor.
What do you think? Are you a Wireshark guy/gal? Have you ever used Microsoft Network Monitor? Like it? Dislike it? Do you prefer a different tool? Let us know in the comments!
Related articles, courtesy of Zemanta:
