Go Back   Technibble Forums > Technical Discussions > Networking

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-31-2012, 10:13 PM
Quinn06's Avatar
Quinn06 Quinn06 is offline
 
Join Date: Feb 2010
Posts: 164
Quinn06 is an unknown quantity at this point
Default To Much Traffic on the network.

Ok so I have a client that has 4 locations.

3 of the locations have a Direct Pipeline that is 2MB/2MB to the main office where the server resides.

At first we were getting like 1MB transfer rates which was pretty alright.
Now we are getting 15KB transfer rates between the File Server and the Workstations.

One thing to note is that there is a domain, but these computers are not connected to it. They are just using work groups(We came into this mess). There are approximately 5 computers at each location, they are mainly using Quickbooks Pro and POS.

Is 2MB/2MB to little for sharing files from the server and basic internet usage? Are they just bottle necking? Or is there a way to clean up the network traffic so that it goes back to 1mb Transfer Rates instead of 15KB.

Would switching them from work groups to a Domain clean up the network traffic enough to be significant?

Any Ideas? Thanks!
__________________
Computer HQ
Reply With Quote
  #2  
Old 05-31-2012, 10:21 PM
NYJimbo's Avatar
NYJimbo NYJimbo is offline
 
Join Date: Jul 2008
Location: Long Island, you know, like the iced tea.
Posts: 6,654
NYJimbo is a glorious beacon of lightNYJimbo is a glorious beacon of lightNYJimbo is a glorious beacon of lightNYJimbo is a glorious beacon of lightNYJimbo is a glorious beacon of light
Default

You gotta sniff that network and see whats going over it. To go from 1 or 2 mgbit to 15k has to show something if you observe traffic. If 2/2 was ok but now its horrible, something is going on and you won't know until you watch it.

Last month we had some incoming "chargen" (port 19) traffic killing one of our links here, but it was only bots trying to do something on only windows machines that had port 19 open and responding. Once we shut down "chargen" we saw traffic drop and a few days later everything went back to normal. Bots and zombies are always looking for exploits, you could have that on your network and have no clue without checking out what is going in and out.

So in a nutshell, you could have any possible kind of traffic, but without looking at it you won't know how to address it.

Last edited by NYJimbo; 05-31-2012 at 10:52 PM.
Reply With Quote
  #3  
Old 05-31-2012, 10:57 PM
Quinn06's Avatar
Quinn06 Quinn06 is offline
 
Join Date: Feb 2010
Posts: 164
Quinn06 is an unknown quantity at this point
Default

What is the best way to monitor the traffic? They are currently using a Sonic Wall, and 16 Port Unmanaged Gigabit Switch.


Thanks for your Input
__________________
Computer HQ
Reply With Quote
  #4  
Old 05-31-2012, 11:18 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default

Quote:
Originally Posted by Quinn06 View Post
What is the best way to monitor the traffic? They are currently using a Sonic Wall, and 16 Port Unmanaged Gigabit Switch.


Thanks for your Input
The best way to monitor traffic would be to use port mirroring and a program like wireshark. The switch that your customer is currently using doesn't support port mirroring. If you have or can get your hands on a managed switch that supports port mirroring then you'd be golden. You can also use a good ole hub with the right setup.
Reply With Quote
  #5  
Old 05-31-2012, 11:28 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,912
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

What model routers are doing the VPN tunnel?
Cheaper routers have little QoS on the VPN tunnels....so if someone at one of the offices decides to fire up Pandora online radio...BAM....they got the connection and squash it for all others. Better models will have the ability to dedicated a % of the bandwidth to the VPN tunnel (which I know many Sonicwall models have)....so end users cannot abuse the internet pipe and squash the VPN tunnel.

I've done plenty of WANs where the workstations still log into the domains (IP address of the server at the central office). Works fine...and allows you to better control them.

Is netbios allowed to pass through the tunnels? If so..kill it, very chatty and clogs the pipes.

Windows updates controlled?

Antivirus managed?

Look at how DNS is setup..both on the satellite workstations and via the routers and even DHCP relay if being used.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat

Last edited by YeOldeStonecat; 06-01-2012 at 10:34 AM.
Reply With Quote
  #6  
Old 06-01-2012, 01:34 AM
union122 union122 is offline
 
Join Date: Nov 2010
Posts: 36
union122 is an unknown quantity at this point
Default

Use wireshark or ethereal and sniff the traffic, see what ip address is busy,..
Reply With Quote
  #7  
Old 06-01-2012, 01:36 AM
Quinn06's Avatar
Quinn06 Quinn06 is offline
 
Join Date: Feb 2010
Posts: 164
Quinn06 is an unknown quantity at this point
Default

Do I load wireshark on each workstation or on the main server to track the whole network? Thanks.
__________________
Computer HQ
Reply With Quote
  #8  
Old 06-01-2012, 10:23 AM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

If your sonic wall supports it try using netflow and export the data to a collector. Netflow can tell at a minumum the top talkers, source/destination ip's and dns names, protocols etc. PRTG is free for up to 10 sensors.
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net

Reply With Quote
  #9  
Old 06-01-2012, 10:35 AM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,912
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Have you looked into the DNS settings and seeing if the Sonicwall routers have VPN bandwidth management turned on and what it's set at? And netbios hopefully not enabled in the tunnels (they should be using DNS to navigate the other end of the tunnel). These are a couple of things that you can check in literally a matter of minutes...remotely even.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #10  
Old 06-01-2012, 11:45 AM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

Also are these 2MB circuits point to point links (leased lines) or are you using a vpn through the internet? Your initial post didn't say it was a vpn. If its a P2P then you may also want to get with your service provider and also look at your interface statistics for errors and logs (CRC, resets, etc) Dont discount bouncing that interface either.
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:27 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.