[clue] Wireshark

Mark G. Harvey markgharvey at yahoo.com
Thu Mar 17 22:38:56 MDT 2016 

Gents,  
Can the customer provide errors and/or symptoms encountered?  Can they quantify the problem?  

Example:  ping results in latency of 1000ms ... way high latency.  I've actually seen negative ping times due to a CPU timing problem.

What about DNS lookup & resolution?  How many network hops to the DNS server?  Is the DNS server local or on the Internet?  

Consider doing a tcpdump from a linux machine connected to the network.  Might need to put the network interface in promiscuous mode first, then run the dump.  
Save the dump file off to a pen drive.  Then attach that drive to a laptop with Wireshark, import the dump file & analyse it.  This way, you can eliminate the connection of Wireshark to the network as a cause.  
Also, make sure the switches are not wired in a loop.  Spanning Tree Protocol can cause a packet storm by forwarding packets in that loop.  I've seen VoIP phones do this on a UDP port.  

Other causes to look for:  

Are machines listening on the correct & expected ports?   Verified from another machine using nc?  Firewall ports open?  

As you can see, there are a ton of questions to ask when investigating a problem like this.  
Anyway, my $0.02
HTH



 

    On Wednesday, March 16, 2016 9:08 AM, Charles Burton <charles.d.burton at gmail.com> wrote:
 

 I agree, Wireshark in and of itself is passive.  A good test would be to plug the laptop in and configure everything like you would be using wireshark but don't actually start Wireshark.

On Wed, Mar 16, 2016 at 1:10 PM, Bruce Ediger <bediger at stratigery.com> wrote:

On Tue, 15 Mar 2016, David L. Anselmi wrote:

> Or, as Charles suggested, adding Wireshark to the network caused the switch
> configuration to change, unscrewing whatever was screwed up in it.

I'm unusually unlucky when it comes to cabling, so maybe that's coloring
my views, but perhaps the act of physically plugging a laptop into the
switch re-seated a jumper, or moved a broken wire in a cable back into
contact or something.
_______________________________________________
clue mailing list: clue at cluedenver.org
For information, account preferences, or to unsubscribe see:
http://cluedenver.org/mailman/listinfo/clue



_______________________________________________
clue mailing list: clue at cluedenver.org
For information, account preferences, or to unsubscribe see:
http://cluedenver.org/mailman/listinfo/clue

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20160318/5774bda1/attachment.html

More information about the clue mailing list