So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)
Troubleshooting Slow Broadband (by Paul Offord)

Hey Network Engineers - What To Do While Everyone Is Away (by Chris Greer)

Empty office Wireshark

You drew the short straw.

Over the next couple of weeks, while everyone else is skiing in some amazing place or finally taking that year-end time with their kids, you are left behind at the office to “monitor” the system.

Unless you work for UPS or Amazon, it will most likely be a relaxed couple of weeks! It will be tempting to kick back and watch YouTube, or act busy while doing some other mundane chore.

However, the last two weeks of the year is also a great time to be a network engineer. Here is a list of things you can work on while everyone else is away.

  1. Throughput Testing

Why now?

Measuring throughput across an important link should be done when there is very little competing traffic on the network. If you have a 100Mbps WAN connection and real users are making up for 40% of it, running a throughput test will not only be inaccurate, but it could also dramatically affect the performance for real production traffic.

Use this low time to see if you are really getting 100Mpbs out of your links like you expect to. If not, troubleshoot the network that you control and look for things like discards and FCS errors on switch, router, and firewall connections.

With what tool?

One of my favorite tools for throughput testing is iPerf. It is a simple open source tool that works in a master/slave relationship. You install it on two machines, one on each end of the connection. Open up one side to be the slave and bam, you have a throughput tester. Great stuff.

Just keep in mind that most machines cannot achieve full line-rate throughput, so don’t be surprised to see 900Mbps on a 1Gbps line. If you want to measure the full meal deal, you’ll have to get into some hardware testers that are born-and-bred to fill the link.

  1. Baseline, Baseline, Baseline

Why now?

Again, the link usage is low and the kiddies are out playing. So it is a great time to measure and analyze the “normal” level of protocol activity on your network.

What protocols are in use on your network? How much spanning-tree, LLDP, ARP, broadcast, and other background protocols to do you see on your network? Anything look surprising or abnormal?

How about your internet connection? How much traffic do you see? Anything funny? Any strange traffic being sent to countries that you wouldn’t expect to communicate to?

With what tool?

What else?? Wireshark! Download, install, capture. That’s it. Well… unless you want to see unicast traffic between two machines, then you need to SPAN/Mirror/TAP the connection.

To learn more about how to analyze outbound traffic on your link to strange places in the world, check out this video here: Mapping IP Address Locations with Wireshark.

  1. Document the Network

When was the last time that dusty old thing was updated? How many changes have taken place since?

The next couple weeks are a great time to check out your documentation and make any needed adjustments.

  1. Analyze Application Dependencies

This is a huge thing to do while people are away. As an independent application analyst, one of the things I ask my clients for is a reliable application dependency map before we really get started (not that I always trust what I am given because of #3 above, but at least it is a place to start.)

You’d be surprised at how few have one. In many cases, it comes down to guesswork. “I think that server talks to that database only.”

So, we get to work on the truth, which takes time. It is also a hard task to do during high-traffic periods because of the load on the system. Since there will still be some users in your office utilizing their applications, you can measure protocols, conversations, and common application behaviors while the system has a lower level of load.

Sorry you were left behind. But hey, it’s a great time of year to be a network engineer. I mean, would you rather come in at 2am on a Sunday to do all this? Probably not!

Got network problems? Get in touch!

Author Profile - Chris Greer is a Packet Head for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. 

Chris Greer Packet Pioneer Logo