Investigate Network Load
Challenge
How can you use the Allegro Network Multimeter to quickly and easily examine the load on a network? Let's take a practical example: multiple users complain that their network connection is sometimes very slow. For example; an event between 9am and 10am.
Dashboard
First we start with an overview in the Dashboard. Open the web interface via a browser.
Time Selection
Next select a time view in the upper right corner, which is a longer timeframe than the interval to be examined:
In this case, we are looking for events from this morning. Now select the time period in which the users have reported problems by selecting (click 'n drag) such section with the mouse:
The Allegro Network Multimeter's internal database now works with the selected time interval so you can investigate what problems there were. The following points are easy to clarify on the Dashboard:
- Do you know the TOP protocols? Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
- Do you know the TOP IP addresses? For example, there may be several backups running at the same time which burden the link and internal servers.
- Do you know the TOP MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
- Is there a high TCP retransmission rate of more than 3 percent compared with similar periods? This can indicate a network segment overload, such as from the WLAN or an end device.
- Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.
Let’s check by clicking on ‘Top protocols during selected interval’ for the cause of the slow connection.
In our example, ‘WindowsUpdate’ showed up as one of the culprits.
By clicking on ‘WindowsUpdate’ under ‘Protocol’ you can easily see an overview of who triggered this traffic:
Here, the machines ‘adguard.intra.allegro-packets.com’ and ‘archlinux‘ generated spikes with both uploads and downloads, which can lead to user disruption.
By clicking on an IP address (in our example ‘10.41.16.110’), you can further investigate the causes and even look into the IP’s connections:
Under the ‘Connections’ tab you will find all connections the selected IP has made in the selected timeframe and you can even see the amount of TCP retransmissions that have been made
(to see the TCP retransmissions you might have to enable this option in your filter).
You can use the number of retransmission to estimate if there was a bottleneck between the Allegro Network Multimeter and the recipient and if more packets had to be retransmitted.
If you need a even more detailed analysis, you can use the pcap button to extract the connection packets.