View Full Version : Troubleshoot Slow Network with Network Analyzer

10-19-2010, 07:56 AM
Analyze Reasons for Slow Network

Slow network is a common phenomenon. For the diversity of the reasons causing slow network, to troubleshoot slow network is one of the most common and troublesome work in daily network management.

According to analysis, major reasons for slow network are:

Broadcast/Multicast storm
Virus attack
Server slow response
Too many clients
Application slow response
Error client mask

How can we quickly find out the cause for slow network happens? It's a good idea to capture and analyze packets (http://www.packetech.com/showthread.php?41-Packet) with a network analyzer.

Deep Analysis of Slow Network

Network analyzer works in sniffing mode. It can capture and analyze network communications in real time. After analysis, we can find reasons for slow network.

The following table lists the reasons, phenomenon of slow network in Colasoft Capsa GUI (http://www.colasoft.com/download/products/capsa_free.php), and corresponding solutions:

<table width="100%" bgcolor="CCCCCC" border="0" cellpadding="5" cellspacing="1"><tbody><tr><td width="32%" height="35">Reason</td><td width="35%">Phenomenon</td><td width="33%">Solution</td></tr><tr><td bgcolor="#ffffff">Loopback</td><td bgcolor="F8F8F8">A lot of retransmission packets in the Packet tab, all field values are same, such as: IP identification, TCP sequence number, TCP ack-number. Obvious increase of network utilization.</td><td bgcolor="#ffffff">Check connection of switching device, pull out the line directly connecting two ports</td></tr><tr><td bgcolor="#ffffff">Broadcast/Multicast storm</td><td bgcolor="F8F8F8">Large numbers of broadcast/multicast packets in the Packet tab. Broadcast/Multicast traffic is higher than 20% of total traffic in the Summary tab.</td><td bgcolor="#ffffff">Locate retransmission packets, view source MAC address. Then disconnect the problem host.</td></tr><tr><td bgcolor="#ffffff">Virus Attack</td><td bgcolor="F8F8F8">There are a lot of connections with same source MAC address and same destination port but different destination address, and in short intervals.</td><td bgcolor="#ffffff">View source address of these connections and disconnect the suspect hosts.</td></tr><tr><td bgcolor="#ffffff">Server Slow Response</td><td bgcolor="F8F8F8">In the Packet tab, SYN/ACK response time too long in TCP three handshakes process.</td><td bgcolor="#ffffff">Adjust server configuration and optimize the parameter</td></tr><tr><td bgcolor="#ffffff">Too Many Clients</td><td bgcolor="F8F8F8">Too many nodes in the Node Explorer, the Physical Endpoint tab and the IP Endpoint tab.</td><td bgcolor="#ffffff">Upgrade network settings.</td></tr><tr><td bgcolor="#ffffff">Application Slow Response</td><td bgcolor="F8F8F8">In the Packet tab, packets response time to applications is too long.</td><td bgcolor="#ffffff">Adjust server configuration and optimize the parameter</td></tr><tr><td bgcolor="#ffffff">Error Client Mask</td><td bgcolor="F8F8F8">In the Packet tab, data that should be transmitted through layer 2 are retransmitted through layer 3.</td><td bgcolor="#ffffff">Change IP address and mask of the client.</td></tr></tbody></table>

Reasons causing slow network are diversified, there is no absolute way that can guarantee normal network operation. With a network analyzer you can quickly find out the reason that causes slow network, thus greatly enhanced network management efficiency.