Investigate Network Load

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

Challenge

How can you use the Allegro Network Multimeter to quickly and easily examine the load on a network? Let's take a practical example: multiple users complain that their network connection is sometimes very slow. For example; an event between 9am and 10am.

Dashboard

First we start with an overview in the Dashboard. Open the web interface via a browser.

Allegro Network Multimeter Dashboard

Time Selection

Next select a time view in the upper right corner, which is a longer timeframe than the interval to be examined:

Investigate network load time select.png

In this case, we are looking for events from this morning. Now select the time period in which the users have reported problems by selecting (click 'n drag) such section with the mouse:

Investigate network load spike select.png

The Allegro Network Multimeter's internal database now works with the selected time interval so you can investigate what problems there were. The following points are easy to clarify on the Dashboard:

  • Do you know the TOP protocols? Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
  • Do you know the TOP IP addresses? For example, there may be several backups running at the same time which burden the link and internal servers.
  • Do you know the TOP MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
  • Is there a high TCP retransmission rate of more than 3 percent compared with similar periods? This can indicate a network segment overload, such as from the WLAN or an end device.
  • Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.
Investigate network load top statistics.png

Let’s check by clicking on ‘Top protocols during selected interval’ for the cause of the slow connection.
In our example, ‘WindowsUpdate’ showed up as one of the culprits.

Investigate network load L7.png

By clicking on ‘WindowsUpdate’ under ‘Protocol’ you can easily see an overview of who triggered this traffic:

Investigate network load protocol winupdate.png

Here, the machines ‘adguard.intra.allegro-packets.com’ and ‘archlinux‘ generated spikes with both uploads and downloads, which can lead to user disruption.
By clicking on an IP address (in our example ‘10.41.16.110’), you can further investigate the causes and even look into the IP’s connections:

Investigate network load ip statistics.png

Under the ‘Connections’ tab you will find all connections the selected IP has made in the selected timeframe and you can even see the amount of TCP retransmissions that have been made
(to see the TCP retransmissions you might have to enable this option in your filter).

Investigate network load ip connections.png

You can use the number of retransmission to estimate if there was a bottleneck between the Allegro Network Multimeter and the recipient and if more packets had to be retransmitted.
If you need a even more detailed analysis, you can use the pcap button to extract the connection packets.

Investigate network load pcap download.png
Retrieved from "https://allegro-packets.com/wiki/index.php?title=Investigate_Network_Load&oldid=5061"