Need better insight & reporting into LAN & WAN traffic

[drjones]

Here's my clients' infrastructure setup:

- Prob. 20-ish people on-site working, but only around 12 PC users.

- 60k sq. ft. facility (warehouse with some office space) blanketed with Ruckus Wifi.

- 10mbps up/down fiber internet

- Sonicwall TZ215 firewall

- 2x Cisco SG-20026 switches

- Cat 5 cable throughout (yes, I know...and yes it is mostly just plain cat5.)

- Dell T620 SBS 2011; not using exchange, but it is a DC / File Server

- Dell T320, Server 2012 with a 2008R2 VM that is their Terminal Server


There are a lot of employees that we know constantly stream pandora & other media while they are working, so that has to be at least part of the problem.

The bigger issue is that fairly frequently; at least once a month or so, they complain of significant problems getting into their terminal via RDC, both on- and off-site.

They pretty frequently complain of general network performance issues.

I know the Cat5 cable is a big issue, but that can't be the sole thing going on, especially since it isn't chronic; for the most part, things work smoothly and they are happy, they just seem to have occasional flare-ups.

What I'm looking for is a product, a way to better monitor not only the WAN, but specifically the LAN traffic & performance so that when they email me like they did yesterday saying they couldn't barely get into their terminal server, I have an answer for them.

I use GFI RMM and am going to call my rep now to ask him if any GFI products will do what I'm asking, but also wanted your guys opinions.

Thanks!!

 

[Mick]

Might wireshark help? https://www.wireshark.org/

 

[drjones]

Might wireshark help? https://www.wireshark.org/

I've heard of it before. Will it do email reporting/alerting, or must I login to the server where it's installed in order to see what's up?

 

[Markverhyden]

wireshark is an excellent tool and has incredible, powerful features. But it does not just spit out answers. It's a data collection and presentation/filtering tool. So the user needs to do the thinking.

Another thing you may need is port mirroring on the switch. Personally I'd work at getting more details otherwise it's a needle in the haystack type search.

 

[Martyn]

Probably not quite what your looking for but even the free version is quite useful. Basically can ping various destinations and email you on a fault situation. Certainly worth a look. http://emcosoftware.com/ping-monitor

 

[pceinc]

The answer is in your post. TZ215. Do they have the security add-on? If not, tell them to buy it. You can then use Appmonitor to see who the offending users are and also set some app rules to restrict specific traffic. For starters I would login to the Sonicwall, navigate to Log, Reports. Start Data Collection. Wait a little while then look at bandwidth usage by IP address. Take the IP addresses and cross reference with your DNS for host names.

Do the employees have their personal cell phones connected? Personal cell phones can be a wifi/bandwidth killer especially if backing up to icloud.

You can learn a lot about what's going on with the Sonicwall.

 

[trevm999]

^^ look into above post first

If you need something else you can try, connect a Linux desktop with port mirroring and setup iftop for live monitoring and bandwidthD for logging/reports

 

[nlinecomputers]

The answer is in your post. TZ215. Do they have the security add-on? If not, tell them to buy it. You can then use Appmonitor to see who the offending users are and also set some app rules to restrict specific traffic. For starters I would login to the Sonicwall, navigate to Log, Reports. Start Data Collection. Wait a little while then look at bandwidth usage by IP address. Take the IP addresses and cross reference with your DNS for host names.

Do the employees have their personal cell phones connected? Personal cell phones can be a wifi/bandwidth killer especially if backing up to icloud.

You can learn a lot about what's going on with the Sonicwall.

That TZ215 has several bandwidth tools in it. For example you should be able to set certain protocols with higher priority.

 

[pctechforhire]

I know this is slightly off topic, but what's wrong with Cat5? It can easily handle 100meg connections. Gig, if it's good cable. And the Internet connection is only 10meg. I highly doubt that the cable is the bottleneck.

I would +1 the comments about checking the firewall logs, and wireshark is a great tool for seeing exactly what is flying around in the network.

 

[nextechinc]

There's a lot more basic steps to try here. If the problem happens on the LAN, then you can rule out the firewall, unless of course you're looping LAN RDP traffic through the firewall. During the outage: Can you ping the machine? Is there increased latency to that machine? Is the latency or packet loss isolated to the single server or other devices as well? A simple GFI ping check may provide some of these answers in case you're not around when the issue occurs.

If you don't seem to be losing network connectivity, then its likely related to the single term server. Are users leaving phantom sessions open, and eating up resources? Are any of the performance monitors in GFI going off? Are any automated tasks running on a monthly basis, like a deep virus scan, or a RAID consistency check? What, if anything, do the event logs turn up during the outage?