Investigate Network Load

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

Challenge

How can you use the Allegro Network Multimeter to quickly and easily examine the load on a network? Let's take a practical example: multiple users complain that their network connection is sometimes very slow. For example; an event between 9am and 10am.

Dashboard

First we start with an overview in the Dashboard. Open the web interface via a browser.

Allegro Network Multimeter Dashboard

Time Selection

Next select a time view in the upper right corner, which is a longer timeframe than the interval to be examined:

Ap-mm-time-select-1-day.png

In this case, we are looking for events from this morning and I chose the previous day's view. Now select the time period in which the users have reported problems by selecting (click 'n drag) such section with the mouse:

Ap-mm-select-traffic-mouse.png

The Allegro Network Multimeter's internal database now works with the selected time interval so you can investigate what problems there were. The following points are easy to clarify on the Dashboard:

  • Do you know the TOP protocols? Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
  • Do you know the TOP IP addresses? For example, there may be several backups running at the same time which burden the link and internal servers.
  • Do you know the TOP MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
  • Is there a high TCP retransmission rate of more than 3 percent compared with similar periods? This can indicate a network segment overload, such as from the WLAN or an end device.
  • Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.

In our example, Dropbox showed up with a total of 900 MB data transfer. By clicking on "Dropbox" I can easily see an overview of who triggered this traffic:

Ap-mm-dropbox.png

Here, the computer "nb-nina.allegro" generated both uploads and downloads to Dropbox with rates up to 40 MBit/s. This can lead to user disruption caused by the uploads and downloads, allowing you to take further action.

By clicking on the IP address, then on the tab "Connections" you can sort the connections by TCP retransmission:

Ap-mm-connection-retransmissions.png

You can use the number of retransmission to estimate if there was a bottleneck between the Allegro Network Multimeter and the recipient and if more packets had to be retransmitted. Here in our example, there were 1.4 percent (6MB of 448,2MB) retransmissions with an approx. 12 MBit/s (upload) to Dropbox. Possibly the uplink was busy at this point and dropped several TCP packets.

If you need an even more detailed analysis, you can use the pcap button to extract the connection packets.

Retrieved from "https://allegro-packets.com/wiki/index.php?title=Investigate_Network_Load&oldid=3927"