Interpreting Network traffic???
Results 1 to 5 of 5

Thread: Interpreting Network traffic???

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    12

    Question Interpreting Network traffic???

    Hi all,
    I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
    1. How many TCP retransmitts are normal on a network.
    2. How much delay between the packets is acceptable.
    3. Are there any common errors/problems which could be kept in mind?
    4. How much response time in ping is acceptable.

    Any related links/info. will be apreciated!

    Thnaks in advance!

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: Interpreting Network traffic???

    Originally posted here by doiexist
    Hi all,
    I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
    1. How many TCP retransmitts are normal on a network.
    None. A retransmit means the packet got lost 'on route' which can mean routing problems and/or hosts down and/or firewalls.

    2. How much delay between the packets is acceptable.
    This depends on your network layout. The more switches/routers the packet has to travel through the bigger the delay. There's also a difference in latency on ethernet and i.e. ATM.

    3. Are there any common errors/problems which could be kept in mind?
    Badly configured speed/duplex settings on the host and/or switch. Incorrect routing. IP address conflicts, bad subnetmasks etc. Just like Murphy said: "Anything that can go wrong, will go wrong" (at the worst possible moment I might add ).

    4. How much response time in ping is acceptable.
    This is directly related to point 2.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Sep 2003
    Posts
    12

    Question

    Thanks, But I was not looking for the reason's/definations..... BUT the aceeptable/non acceptable limits and how to actually calculate them for some particular network. What metrics to keep in mind..? like response time in miliseconds...how to calculate the normal response time for a network? I understand why a retransmit would occur but I think some retransmitts are normal for any network ...right ?.. so how many retransmits should alarm us...?
    thanks!

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    if your network is working correctly, and isnt having a lot of collisions, retransmits shouldnt happen. how about giving us some details... do you have hubs or switches? how big is the network? etc
    switches should pretty much take care of collisions... but if you are on "dumb" hubs youll prolly see a lot of collisions if the net is busy... then you will get a lot of retransmits.
    routers and switches arent perfect,...
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    There really is no standard way to alarm on network performance. You really have to take a lot of different captures at different times, while also recording the user experience on the network. As every different network performs differently, using a standard profile to alarm will not always work.

    That is really the reason I prefer to use MS Netmon. There are some automatic analyzing tools included in netmon that will help you set baselines, or look for trouble spots on the network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides