Allegro Network Multimeter Manual

Investigate Network Load: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.
No edit summary
No edit summary
 
(60 intermediate revisions by 7 users not shown)
Line 1: Line 1:
==''' Problem'''==
== Challenge ==
 
How can you use the Allegro Network Multimeter to quickly and easily examine
 
the load on a network? Let's take a practical example: multiple users
How can you use the *Allegro Network Multimeter* to quickly and easily examine
the load on a network? Let's take a practical example: Several users
complain that their network connection is sometimes very slow.
complain that their network connection is sometimes very slow.
This occurred again this morning between 9 and 10 o'clock, for example.
For example; an event between 11am and 12pm.
 
== ''' Dashboard''' ==
 


First we start with an overview in the dashboard.
== Dashboard ==
Open the web interface with your browser.
First we start with an overview in the Dashboard.
Open the web interface via a browser.


.. image:: pics/ap-mm-dashboard.png
[[File:Investigate_network_load_dash.png|1000px|Allegro Network Multimeter Dashboard]]
  :scale: 60%
  :align: center


==''' Time Selection'''==
== Time Selection ==
 
Next select a time view in the upper right corner, which is a longer timeframe than the
Now select a time view in the upper right corner, which is larger than your
interval to be examined:
interval to be examined:


.. only:: html
{|
 
| [[File:Investigate_network_load_time_select.png|300px|thumb|right]]
  .. image:: pics/ap-mm-time-select-1-day.png
|}
    :scale: 100%
    :align: center


.. only:: latex
In this case, we are looking for events from this morning. Now select the time period in which the users have reported
problems by selecting (click 'n drag) such section with the mouse:


  .. image:: pics/ap-mm-time-select-1-day.png
{| 
    :scale: 30%
| [[File:Investigate_network_load_time_drag.png|600px|thumb|right]]
    :align: center
|}


In our case, we are looking for events from this morning and I choose the last
The Allegro Network Multimeter's internal database now works with the selected time interval
day's view. Now select the time period in which the users have reported
so you can investigate what problems there were. The following points
problems by clicking with the mouse:
are easy to clarify on the Dashboard:


.. image:: pics/ap-mm-select-traffic-mouse.png
* '''TOP protocols:''' Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
  :scale: 100%
* '''TOP IP addresses:''' For example, there may be several backups running at the same time which burden the link and internal servers.
  :align: center
* '''TOP MAC addresses:''' If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
* Is there '''extremely low or no network traffic''' during this period? This may indicate link problems such as no connection to the Internet or to another network node.


The Allegro's internal database now works with the selected time interval
{|
and you can investigate what problems there were here. The following points
| [[File:Investigate_network_load_top_statistics.png|1000px|thumb|right]]
are easy to clarify on the dashboard:
|}


* Do you know the TOP protocols?
Let’s check by clicking on ‘Top protocols during selected interval’ for the cause of the slow connection.<br>
  Endpoints in the network often cause further traffic, such as large updates
In our example, the ‘SSL’ protocol showed up with a large amount of packets transferred in the selected timeframe.  
  for Windows. By clicking on the protocol you can see which IPs caused this
  traffic.
* Do you know the TOP IP addresses? For example, there may be several backups
  running at the moment, which burden your link and the internal servers.
* Do you know the TOP-MAC addresses? If, for example, a lot of multicast or
  broadcast traffic appears here, this can indicate loops or similar things, and
  a packet storm can place a heavy burden on the network.
* Is there a high TCP retransmission rate of more than 3% compared to other
  periods? This indicates an overload of a network segment such as the WLAN or
  an end device.
* Is there extremely little or no network traffic during this period? This
  may indicate link problems, such as no connection to the Internet or to another
  network node.


In our example, Dropbox showed up with a total of 900 MB data transfer.
{|
By clicking on "Dropbox" I can easily get an overview of who triggered this
| [[File:Investigate_network_load_top_protocol.png|1000px|thumb|right]]
traffic:
|}


.. image:: pics/ap-mm-dropbox.png
By clicking on ‘SSL’ under ‘Protocol’ you can easily see an overview of who triggered this traffic:
  :scale: 70%
  :align: center


Here the computer "nb-nina.allegro" has caused both upload and download
{|
to dropbox with up to 40 Mbps. This can lead to user disruption caused by
| [[File:Investigate_network_load_protocol_statistics.png|1000px|thumb|right]]
the upload and download, allowing you to take further action.
|}


By clicking on the IP and then on the tab "Connections" you can sort the
Here, in our example, on machine did a large download of 6 GB, which can lead to user disruption.
connections by TCP retransmission:
By clicking on an IP address or clicking on ‘Connection details’ under ‘Go to’, you can further investigate the causes and even look into the IP’s connections:


.. image:: pics/ap-mm-connection-retransmissions.png
{|
  :scale: 70%
| [[File:Investigate_network_load_ip_statistics.png|1000px|thumb|right]]
  :align: center
|}


You can use the quantity of retransmission to estimate if there is a bottleneck
Under the ‘Connections’ tab you will find all connections the selected IP has made in the selected timeframe and you can even see the amount of TCP retransmissions that have been made<br>
between the Allegro and the recipient and if more packets had to be sent again.
(to see the TCP retransmissions you might have to enable this option in your filter).  
Here in our example there were 1.4% retransmissions at approx. 12 MBit/s
upload to dropbox. Probably the uplink was busy here and dropped several TCP
packets.


If you need a more detailed analysis, you can use the PCAP button to extract
{|
the packets of a connection.
| [[File:Investigate_network_load_connections.png|1000px|thumb|right]]
|}


.. raw:: latex
You can use the number of retransmission to estimate if there was a bottleneck between the sender and the receiver and if more packets had to be retransmitted. <br>
Is there a high TCP retransmission? This could indicate an overload of the network segment or an WiFi device.<br>
If you need a even more detailed analysis, you can use the pcap button to extract the connection packets.<br>


    \clearpage
{|
| [[File:Investigate_network_load_download.png|1000px|thumb|right]]
|}

Latest revision as of 09:11, 23 May 2025

Challenge

How can you use the Allegro Network Multimeter to quickly and easily examine the load on a network? Let's take a practical example: multiple users complain that their network connection is sometimes very slow. For example; an event between 11am and 12pm.

Dashboard

First we start with an overview in the Dashboard. Open the web interface via a browser.

 

Time Selection

Next select a time view in the upper right corner, which is a longer timeframe than the interval to be examined:

 

In this case, we are looking for events from this morning. Now select the time period in which the users have reported problems by selecting (click 'n drag) such section with the mouse:

 

The Allegro Network Multimeter's internal database now works with the selected time interval so you can investigate what problems there were. The following points are easy to clarify on the Dashboard:

  • TOP protocols: Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
  • TOP IP addresses: For example, there may be several backups running at the same time which burden the link and internal servers.
  • TOP MAC addresses: If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
  • Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.
 

Let’s check by clicking on ‘Top protocols during selected interval’ for the cause of the slow connection.
In our example, the ‘SSL’ protocol showed up with a large amount of packets transferred in the selected timeframe.

 

By clicking on ‘SSL’ under ‘Protocol’ you can easily see an overview of who triggered this traffic:

 

Here, in our example, on machine did a large download of 6 GB, which can lead to user disruption. By clicking on an IP address or clicking on ‘Connection details’ under ‘Go to’, you can further investigate the causes and even look into the IP’s connections:

 

Under the ‘Connections’ tab you will find all connections the selected IP has made in the selected timeframe and you can even see the amount of TCP retransmissions that have been made
(to see the TCP retransmissions you might have to enable this option in your filter).

 

You can use the number of retransmission to estimate if there was a bottleneck between the sender and the receiver and if more packets had to be retransmitted.
Is there a high TCP retransmission? This could indicate an overload of the network segment or an WiFi device.
If you need a even more detailed analysis, you can use the pcap button to extract the connection packets.

 
Retrieved from "https://allegro-packets.com/wiki/index.php?title=Investigate_Network_Load&oldid=5112"