-
March 23rd, 2004, 11:15 AM
#1
Junior Member
Interpreting Network traffic???
Hi all,
I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
1. How many TCP retransmitts are normal on a network.
2. How much delay between the packets is acceptable.
3. Are there any common errors/problems which could be kept in mind?
4. How much response time in ping is acceptable.
Any related links/info. will be apreciated!
Thnaks in advance!
-
March 23rd, 2004, 02:25 PM
#2
Re: Interpreting Network traffic???
Originally posted here by doiexist
Hi all,
I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
1. How many TCP retransmitts are normal on a network.
None. A retransmit means the packet got lost 'on route' which can mean routing problems and/or hosts down and/or firewalls.
2. How much delay between the packets is acceptable.
This depends on your network layout. The more switches/routers the packet has to travel through the bigger the delay. There's also a difference in latency on ethernet and i.e. ATM.
3. Are there any common errors/problems which could be kept in mind?
Badly configured speed/duplex settings on the host and/or switch. Incorrect routing. IP address conflicts, bad subnetmasks etc. Just like Murphy said: "Anything that can go wrong, will go wrong" (at the worst possible moment I might add ).
4. How much response time in ping is acceptable.
This is directly related to point 2.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 23rd, 2004, 02:50 PM
#3
Junior Member
Thanks, But I was not looking for the reason's/definations..... BUT the aceeptable/non acceptable limits and how to actually calculate them for some particular network. What metrics to keep in mind..? like response time in miliseconds...how to calculate the normal response time for a network? I understand why a retransmit would occur but I think some retransmitts are normal for any network ...right ?.. so how many retransmits should alarm us...?
thanks!
-
March 23rd, 2004, 04:13 PM
#4
if your network is working correctly, and isnt having a lot of collisions, retransmits shouldnt happen. how about giving us some details... do you have hubs or switches? how big is the network? etc
switches should pretty much take care of collisions... but if you are on "dumb" hubs youll prolly see a lot of collisions if the net is busy... then you will get a lot of retransmits.
routers and switches arent perfect,...
Remember -
The ark was built by amatures...
The Titanic was built by professionals.
-
March 23rd, 2004, 05:02 PM
#5
There really is no standard way to alarm on network performance. You really have to take a lot of different captures at different times, while also recording the user experience on the network. As every different network performs differently, using a standard profile to alarm will not always work.
That is really the reason I prefer to use MS Netmon. There are some automatic analyzing tools included in netmon that will help you set baselines, or look for trouble spots on the network.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|