LoveMyTool - Open Community for Network Management and Monitoring

I really get excited when I am able to reproduce problems in the lab.

With this specific case, the customer was experiencing errors within their web browsers that looked like either a network or server issue. The specific symptom was that certain images would not display. If you waited a while, and ‘refreshed’ the page, more of it loaded or the entire page loaded properly.

I’m sure you can imagine the chaos this type of intermittent problem causes.  The sequence of events unfolds in the following manner; the client reports the webpage issue to the help desk and the help desk tests the webpage with mixed results.  In either event, the problem goes to the server group who tests and finds nothing wrong, and then the problem goes to the network group which, in most cases, does not see the problem. Then the political fist fights, finger pointing and witch hunt commence…..

One thing that consumes a lot of time is comparing performance test results.

This basic task is used during support, implementation and for proof of concepts in design.  The trickiest test is to run 2 tests; one on WiFi and another on the wired side within the same time frame. Many customers are looking for this kind of test to document and compare performance results.

The most daunting problem to troubleshoot is when the application spits out a generic error that could mean anything.  Here’s the analogy; how helpful is the ‘Check Engine’ light on your car dashboard.

The worst part is when the customer tries to take the cryptic, generic application error message and tries to make sense of it in an attempt to assist the analyst.  Don’t get me wrong, any information is helpful while troubleshooting, but you have to be selective in what you pursue.

In this example FTP works one moment and fails the next.  Of course the customer immediately called the help desk, who pings the ftp server and comments that is up and no outages have been recorded by the network management system.  Then the ticket goes to the server dept who ftp’s without  an issue, unfortunately by now so can the customer.  The server department says the connection error must be a ‘network thing’.

It always gives me sense of satisfaction when I have a challenge and can leverage some knowledge to figure out.

Today I was in the lab and was powering on two Cisco switches when I noticed that they weren’t labeled with their IP addresses.  I’m not sure why I did not label them, but now I have to pay for it.

For those of you who have not been in this situation before I will explain.  My switches have a DB9 serial connection and of course good luck finding a computer with a serial port. So now I have to rummage through the box of wires to find the serial to USB adapter.  I have had to buy a second one in 2 years since my original does not have a Windows 7 driver, but I digress. After I find the cable, I have to find the installation disk because last week I migrated to a new laptop….  I’m sure you get the picture.

On to plan B.  I know the switches have IP addresses since I hard code IP addresses on all of my switches. 

A customer called me and wanted some help troubleshooting some wireless problems. Their users have been reporting intermittent wireless performance issues and getting ‘dropped’. To top it all off their WLAN controller has also been reporting ‘containment’ error messages that weren’t to descriptive or helpful.

I showed up on site and did all the basic RF checks with my AirMagnet Spectrum XT to make sure there wasn’t an RF issue like an interferer or channel planning issues. Like I always say, “Start at Layer 1”.

Then I moved up a layer using my Fluke Networks AirCheck and AirMagnet WiFi Analyzer. Everything looked pretty quiet and nothing jumped up at me, so I saved some trace files to review later.

Then I thought I would take the trace file and open it with Wireshark since I have more experience with packet analysis than I do using the AirMagnet/AirCheck tools.

I was working on a wireless interference problem at a client site when they asked if there was a way to get an alert if the interference appeared.

Problems such as this one where the issue is intermittent and random, I’m always looking for tools that will keep an eye out for me and ideally, notify me when a problem occurs. Wireless issues are especially tough since it can be anywhere or transmit anytime.  Short of pitching a tent and waiting for a while, this is where a tool with some kind of notification is a real benefit.

In this specific case I used AirMagnet Spectrum XT to send a SNMP trap to a SNMP trap listener.  If you aren’t familiar with the terminology, a SNMP trap listener is just software that listens for other devices to send a SNMP message, or trap. A more advanced listener will send an email when the trap arrives.

What does trouble shooting, baselining, capacity planning and implementation have in common?

Every one of those tasks involves some sort of bandwidth or throughput validation. Figuring out your true throughput transcends all network disciplines and becomes a common ground in all my engagements.

We have all been asked at some point in our careers to prove that your carrier has delivered what they promised. Or maybe that age old question, “How much bandwidth can we get out of your internal network", to justify an equipment upgrade.

Traditionally, analysts have used simple ftp or other file transfer applications to ‘load up’ or measure throughput.  But as network latency surpassed disk drive delay, these results would be called into question. Simply put, the network is faster than the disk drive. That is when applications like iperf, Chariot, Qcheck and traffic bit generators came into the picture since they can be configured to not access the disk.

NetFort Span Port Configurator

http://www.netfort.com/downloads/free-software

Since I do quite a bit of work in the trenches, I am always looking for utilities to make my life easier.

In this case the NetFort Span Port Configurator meets all my basic tool criteria, seems to work flawlessly and does exactly what it professes to do. It simply allows you to easily configure certain model of Cisco switches SPAN sessions. I like the added touch of showing the port descriptions and the ability to save your changes to the startup file. In case you were wondering it supports SSH as well as telnet and does not require you to have other terminal applications installed like Putty.

My first criterion is that it not be a huge multi Giga Byte application and should be able to run from a laptop. No SQL, WEB or other servers required. There is a time and a place for enterprise style solutions or tools but in my case, I don’t want to drag that much hardware around with me for the majority of my troubleshooting engagements.